Play interactive tour

Edit tour

Analysis Report http://www.videosoftdev.com/services/download.aspx?ProductID=1

Overview

General Information

Sample URL:	http://www.videosoftdev.com/services/download.aspx?ProductID=1
Analysis ID:	326343
Most interesting Screenshot:

Detection

Score:	19
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Contains capabilities to detect virtual machines

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

Found evaded block containing many API calls

Found evasive API chain checking for process token information

Found potential string decryption / allocating functions

Is looking for software installed on the system

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file contains strange resources

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Tries to load missing DLLs

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook

Sample may be VM or Sandbox-aware, try analysis on a native machine

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Sample searches for specific file, try point organization specific fake files to the analysis machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Startup

System is w10x64

cmd.exe (PID: 6652 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

wget.exe (PID: 6692 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

video_editor_x64.exe (PID: 496 cmdline: 'C:\Users\user\Desktop\download\video_editor_x64.exe' MD5: 10B5CDAB87CF1825DF1134F16DFF7062)

video_editor_x64.tmp (PID: 4276 cmdline: 'C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp' /SL5='$1F0056,89355248,121344,C:\Users\user\Desktop\download\video_editor_x64.exe' MD5: B2EAFA8C7E4EAEB302AA4AB062B17EBA)

vcredist_x64.exe (PID: 6120 cmdline: 'C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' /install /passive /norestart MD5: 1E7BD6790391B5B710C6372AB2042351)

vcredist_x64.exe (PID: 5088 cmdline: 'C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe' -burn.clean.room='C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' -burn.filehandle.attached=580 -burn.filehandle.self=564 /install /passive /norestart MD5: 1D7599C4A31B82E70308C022E9494011)

VC_redist.x64.exe (PID: 4796 cmdline: 'C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe' -q -burn.elevated BurnPipe.{AEC565AB-0FED-47E7-88D9-B941D20CF512} {87809E35-81C0-47B4-86E7-066B690A99EC} 5088 MD5: 1D7599C4A31B82E70308C022E9494011)

VC_redist.x64.exe (PID: 4572 cmdline: 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /burn.runonce MD5: 1D7599C4A31B82E70308C022E9494011)

VC_redist.x64.exe (PID: 3016 cmdline: 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install MD5: 1D7599C4A31B82E70308C022E9494011)

VC_redist.x64.exe (PID: 5636 cmdline: 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install MD5: 1D7599C4A31B82E70308C022E9494011)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C99EB7 DecryptFileW,	27_2_00C99EB7
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CBF961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	27_2_00CBF961
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C99C99 DecryptFileW,DecryptFileW,	27_2_00C99C99
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F39EB7 DecryptFileW,	29_2_00F39EB7
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F5F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	29_2_00F5F961
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F39C99 DecryptFileW,DecryptFileW,	29_2_00F39C99
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018F961 CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,CryptHashData,ReadFile,GetLastError,CryptDestroyHash,CryptReleaseContext,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,	32_2_0018F961
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00169C99 DecryptFileW,DecryptFileW,	32_2_00169C99
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00169EB7 DecryptFileW,	32_2_00169EB7

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00405BEC GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,	20_2_00405BEC
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004AD294 FindFirstFileW,GetLastError,	22_2_004AD294
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00408174 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,	22_2_00408174
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004C0BC0 SetErrorMode,FindFirstFileW,FindNextFileW,FindClose,SetErrorMode,	22_2_004C0BC0
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004C107C SetErrorMode,FindFirstFileW,FindNextFileW,FindClose,SetErrorMode,	22_2_004C107C
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C83BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	27_2_00C83BC3
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CC4315 FindFirstFileW,FindClose,	27_2_00CC4315
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C9993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	27_2_00C9993E
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB7A87 FindFirstFileExW,	27_2_00CB7A87
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F3993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	29_2_00F3993E
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F23BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	29_2_00F23BC3
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F64315 FindFirstFileW,FindClose,	29_2_00F64315
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00194315 FindFirstFileW,FindClose,	32_2_00194315
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0016993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	32_2_0016993E
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00153BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	32_2_00153BC3
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00187A87 FindFirstFileExW,	32_2_00187A87

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL	Jump to behavior

Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)
Source: video_editor_x64.tmp, 00000016.00000002.674987522.0000000005F2E000.00000004.00000001.sdmp	String found in binary or memory: . Por ejemplo: http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)
Source: video_editor_x64.tmp, 00000016.00000002.674313336.0000000005DD5000.00000004.00000001.sdmp	String found in binary or memory: : http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)
Source: is-GK5DP.tmp.22.dr	String found in binary or memory: InformationAhttps://www.youtube.com/watch?v= equals www.youtube.com (Youtube)
Source: video_editor_x64.tmp, 00000016.00000002.673428705.00000000059DF000.00000004.00000001.sdmp	String found in binary or memory: Sfoglia..."Lettori e dispositivi multimedialiKInserisci qui l'URL. Ad esempio: http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)
Source: video_editor_x64.tmp, 00000016.00000002.673989945.0000000005C7B000.00000004.00000001.sdmp	String found in binary or memory: diaMInserir seu URL aqui. Por exemplo: http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)
Source: video_editor_x64.tmp, 00000016.00000002.670684399.0000000005728000.00000004.00000001.sdmp	String found in binary or memory: riquesMCollez votre URL ici. Par exemple: http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)
Source: video_editor_x64.tmp, 00000016.00000002.671162818.0000000005886000.00000004.00000001.sdmp	String found in binary or memory: tenQLegen Sie Ihre URL hier. Zum Beispiel: http://www.youtube.com/watch?v=jaA2361wq50 equals www.youtube.com (Youtube)

Source: vcredist_x64.exe, VC_redist.x64.exe	String found in binary or memory: http://appsyndication.org/2006/appsyn
Source: vcredist_x64.exe, 0000001B.00000000.544275902.0000000000CCB000.00000002.00020000.sdmp, vcredist_x64.exe, 0000001D.00000000.545735742.0000000000F6B000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000020.00000002.589217485.000000000019B000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000025.00000000.583222248.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000026.00000000.584723229.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000027.00000002.610680528.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe.32.dr	String found in binary or memory: http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor
Source: video_editor_x64.tmp, 00000016.00000002.668331619.0000000004E60000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: video_editor_x64.tmp, 00000016.00000002.668331619.0000000004E60000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://crl.trustwave.com/CSCA2_L1.crl0q
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://crl.trustwave.com/STCA.crl0=
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	String found in binary or memory: http://downloads.videosoftdev.com/video_tools/video_editor_x64.exe
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	String found in binary or memory: http://downloads.videosoftdev.com/video_tools/video_editor_x64.exe3
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	String found in binary or memory: http://downloads.videosoftdev.com/video_tools/video_editor_x64.exetates3
Source: video_editor_x64.tmp, 00000016.00000002.668331619.0000000004E60000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://ocsp.sectigo.com0#
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.trustwave.com/09
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.trustwave.com05
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ssl.trustwave.com/issuers/CSCA2_L1.crt0
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ssl.trustwave.com/issuers/STCA.crt0
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: VC_redist.x64.exe, 00000027.00000003.608972858.00000000032BA000.00000004.00000001.sdmp, VC_redist.x64.exe, 00000027.00000003.609712314.0000000001060000.00000004.00000040.sdmp	String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: http://www.codejock.com
Source: video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	String found in binary or memory: http://www.conduit.com/legal/searchprotectdescription
Source: video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	String found in binary or memory: http://www.delta-search.com/eula.html
Source: video_editor_x64.exe, 00000014.00000003.386914432.00000000024B0000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.653698216.000000000250A000.00000004.00000001.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: video_editor_x64.exe, 00000014.00000003.387425971.000000007FD80000.00000004.00000001.sdmp, video_editor_x64.tmp, video_editor_x64.tmp, 00000016.00000000.388602269.0000000000401000.00000020.00020000.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: video_editor_x64.exe	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: video_editor_x64.exe, 00000014.00000000.386663597.0000000000401000.00000020.00020000.sdmp	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-SR4CK.tmp.22.dr	String found in binary or memory: http://www.realnetworks.com
Source: is-64E3N.tmp.22.dr	String found in binary or memory: http://www.realnetworks.com0=1
Source: video_editor_x64.exe, 00000014.00000003.387425971.000000007FD80000.00000004.00000001.sdmp, video_editor_x64.tmp	String found in binary or memory: http://www.remobjects.com/ps
Source: video_editor_x64.tmp, 00000016.00000002.652002104.0000000000835000.00000004.00000020.sdmp	String found in binary or memory: http://www.videosoftdev.co
Source: video_editor_x64.tmp, 00000016.00000002.653698216.000000000250A000.00000004.00000001.sdmp	String found in binary or memory: http://www.videosoftdev.com
Source: wget.exe, 00000002.00000002.340414107.00000000009F0000.00000004.00000020.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/download.aspx?ProductID=1
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/download.aspx?ProductID=1.
Source: wget.exe, 00000002.00000002.340511863.0000000001100000.00000004.00000040.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/download.aspx?ProductID=19
Source: wget.exe, 00000002.00000002.340511863.0000000001100000.00000004.00000040.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/download.aspx?ProductID=1?
Source: video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/download.aspx?ProductID=x32_1
Source: video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/download.aspx?ProductID=xp_1
Source: video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/install.aspx?ProductID=1
Source: video_editor_x64.tmp, 00000016.00000002.658287088.0000000003688000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000003.389180628.0000000003390000.00000004.00000001.sdmp	String found in binary or memory: http://www.videosoftdev.com/services/purchase.aspx?ProductID=1a
Source: video_editor_x64.exe, 00000014.00000003.386914432.00000000024B0000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000003.389180628.0000000003390000.00000004.00000001.sdmp	String found in binary or memory: http://www.videosoftdev.com6http://www.videosoftdev.com6http://www.videosoftdev.com
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.671162818.0000000005886000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.674313336.0000000005DD5000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673428705.00000000059DF000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673989945.0000000005C7B000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.674987522.0000000005F2E000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.670684399.0000000005728000.00000004.00000001.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=jaA2361wq50
Source: is-GK5DP.tmp.22.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/approval
Source: is-GK5DP.tmp.22.dr	String found in binary or memory: https://myaccount.google.com
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: https://sectigo.com/CPS0C
Source: wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0D
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: https://ssl.trustwave.com/CA06
Source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	String found in binary or memory: https://ssl.trustwave.com/CA0l
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	String found in binary or memory: https://www.globalsign.com/repository/06
Source: is-GK5DP.tmp.22.dr	String found in binary or memory: https://www.youtube.com/watch?v=

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_00434448 GetObjectW,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,

22_2_00434448

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_0045C584 GetKeyboardState,

22_2_0045C584

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004808CC: CreateFileW,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

22_2_004808CC

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040E538 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,		20_2_0040E538
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004B00AC GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,		22_2_004B00AC

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

File created: C:\Windows\is-JBMK9.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

File deleted: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe

Jump to behavior

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00402260	20_2_00402260
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040D33C	20_2_0040D33C
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0041259C	20_2_0041259C
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004E2284	22_2_004E2284
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00488C40	22_2_00488C40
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004E2D99	22_2_004E2D99
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004736F8	22_2_004736F8
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004AC17C	22_2_004AC17C
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0049E118	22_2_0049E118
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004EA1FC	22_2_004EA1FC
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00402474	22_2_00402474
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0044A72C	22_2_0044A72C
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004FCA0C	22_2_004FCA0C
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004C6BD4	22_2_004C6BD4
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CAC0FA	27_2_00CAC0FA
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C86184	27_2_00C86184
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB022D	27_2_00CB022D
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CBA3B0	27_2_00CBA3B0
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB0662	27_2_00CB0662
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C8A7EF	27_2_00C8A7EF
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CBA85E	27_2_00CBA85E
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C969CC	27_2_00C969CC
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CAF919	27_2_00CAF919
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB0A97	27_2_00CB0A97
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB2B21	27_2_00CB2B21
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CBED4C	27_2_00CBED4C
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB2D50	27_2_00CB2D50
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CAFE15	27_2_00CAFE15
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F369CC	29_2_00F369CC
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F4C0FA	29_2_00F4C0FA
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F5A85E	29_2_00F5A85E
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F26184	29_2_00F26184
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F4F919	29_2_00F4F919
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F5A3B0	29_2_00F5A3B0
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F52B21	29_2_00F52B21
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F52D50	29_2_00F52D50
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F5ED4C	29_2_00F5ED4C
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F2A7EF	29_2_00F2A7EF
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0017C0FA	32_2_0017C0FA
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00156184	32_2_00156184
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018022D	32_2_0018022D
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018A3B0	32_2_0018A3B0
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00180662	32_2_00180662
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0015A7EF	32_2_0015A7EF
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018A85E	32_2_0018A85E
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0017F919	32_2_0017F919
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_001669CC	32_2_001669CC
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00180A97	32_2_00180A97
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00182B21	32_2_00182B21
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00182D50	32_2_00182D50
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018ED4C	32_2_0018ED4C
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0017FE15	32_2_0017FE15

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: String function: 0019012F appears 678 times
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: String function: 0019061A appears 34 times
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: String function: 00151F20 appears 54 times
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: String function: 001931C7 appears 83 times
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: String function: 001537D3 appears 496 times
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: String function: 00487C88 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: String function: 00409620 appears 139 times
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: String function: 00406914 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: String function: 00406438 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: String function: 0040C24C appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: String function: 004B2BC8 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: String function: 00CC31C7 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: String function: 00CC061A appears 34 times
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: String function: 00CC012F appears 677 times
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: String function: 00C837D3 appears 496 times
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: String function: 00C81F20 appears 54 times
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: String function: 00404C88 appears 36 times
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: String function: 00F631C7 appears 83 times
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: String function: 00F6012F appears 640 times
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: String function: 00F21F20 appears 53 times
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: String function: 00F6061A appears 34 times
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: String function: 00F237D3 appears 474 times

Source: video_editor_x64.tmp.20.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: video_editor_x64.tmp.20.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-9I76T.tmp.22.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-9I76T.tmp.22.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows

Source: video_editor_x64.exe.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: video_editor_x64.exe.2.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: video_editor_x64.tmp.20.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: video_editor_x64.tmp.20.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: video_editor_x64.tmp.20.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-9I76T.tmp.22.dr	Static PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
Source: is-9I76T.tmp.22.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: is-9I76T.tmp.22.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe

Section loaded: tsappcmp.dll

Jump to behavior

Source: classification engine

Classification label: clean19.evad.win@19/873@0/2

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004328A4 GetLastError,FormatMessageW,

22_2_004328A4

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040E538 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	20_2_0040E538
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004B00AC GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	22_2_004B00AC
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C844E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	27_2_00C844E9
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F244E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	29_2_00F244E9
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_001544E9 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle,	32_2_001544E9

Source: C:\Users\user\Desktop\download\video_editor_x64.exe

Code function: 20_2_0040805C GetDiskFreeSpaceW,

20_2_0040805C

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004CC238 GetVersion,CoCreateInstance,

22_2_004CC238

Source: C:\Users\user\Desktop\download\video_editor_x64.exe

Code function: 20_2_0040EE14 FindResourceW,SizeofResource,LoadResource,LockResource,

20_2_0040EE14

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00CA6945 ChangeServiceConfigW,GetLastError,

27_2_00CA6945

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

File created: C:\Program Files\FlashIntegro

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6660:120:WilError_01
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Mutant created: \Sessions\1\BaseNamedObjects\{E1AE6C64-631C-4B2F-853C-45C1BD634C03}

Source: C:\Users\user\Desktop\download\video_editor_x64.exe

File created: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: )L	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: cabinet.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: msi.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: version.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: wininet.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: comres.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: clbcatq.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: msasn1.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: crypt32.dll	27_2_00C81070
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Command line argument: feclient.dll	27_2_00C81070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: cabinet.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: msi.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: version.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: wininet.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: comres.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: clbcatq.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: msasn1.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: crypt32.dll	32_2_00151070
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Command line argument: feclient.dll	32_2_00151070

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

File read: C:\Program Files\FlashIntegro\VideoEditor\Localizations\crashrpt_lang_CS.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: video_editor_x64.exe	String found in binary or memory: rting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked the co
Source: vcredist_x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vcredist_x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: VC_redist.x64.exe	String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1' > cmdline.out 2>&1
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1'
Source: unknown	Process created: C:\Users\user\Desktop\download\video_editor_x64.exe 'C:\Users\user\Desktop\download\video_editor_x64.exe'
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp 'C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp' /SL5='$1F0056,89355248,121344,C:\Users\user\Desktop\download\video_editor_x64.exe'
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe 'C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' /install /passive /norestart
Source: unknown	Process created: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe 'C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe' -burn.clean.room='C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' -burn.filehandle.attached=580 -burn.filehandle.self=564 /install /passive /norestart
Source: unknown	Process created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe 'C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe' -q -burn.elevated BurnPipe.{AEC565AB-0FED-47E7-88D9-B941D20CF512} {87809E35-81C0-47B4-86E7-066B690A99EC} 5088
Source: unknown	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /burn.runonce
Source: unknown	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install
Source: unknown	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1'	Jump to behavior
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Process created: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp 'C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp' /SL5='$1F0056,89355248,121344,C:\Users\user\Desktop\download\video_editor_x64.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe 'C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' /install /passive /norestart	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Process created: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe 'C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe' -burn.clean.room='C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' -burn.filehandle.attached=580 -burn.filehandle.self=564 /install /passive /norestart	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Process created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe 'C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe' -q -burn.elevated BurnPipe.{AEC565AB-0FED-47E7-88D9-B941D20CF512} {87809E35-81C0-47B4-86E7-066B690A99EC} 5088	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Automated click: I accept the agreement

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Window detected: Number of UI elements: 23
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Window detected: Number of UI elements: 23

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\is-9I76T.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-CSG4M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-51BGK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-P6BPJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-VKA8L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-BCRV8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-OOR8C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-RB1FB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-TMPGC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-GBMCS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-VM6FH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-UGT21.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-J2KOS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-2QLEA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-VQJ9Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-6PL4E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-9B4VS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-LFTOB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-S1GUV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-LEDT9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-TSN75.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-638JN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-N2LQP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-M9F7B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-QDAKE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-609T5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-4CTD0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-HSQHC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-5TUHG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-TDM5E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-UA69A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-Q60U2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-PT0C2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-2P8H9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-0SG7I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-EUP48.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-EPPLT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-7P8PE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-H3Q3E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-VQLEK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-ROU4O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-5IHAM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-VSVSM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P1PRU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-CPPIC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PJL5P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-09ON3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-GOHUV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-QSTSG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\is-CL5VE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-GHKQD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-I46UE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-PRH4T.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-5EQ0E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-TBRIB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-BSLL4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-MVRHA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-GHI5G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-F29EL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-FR4HO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-CELBG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-EMVVC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-NTE34.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-OLPN3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-KHL16.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-3LBIS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-39A7G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-JOGRT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-GIT45.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-68POL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-D3DNG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-KAHAS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-UPAA4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-S1HTH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-H1LIS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-TH42R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-2M1CS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-H7428.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-929TD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-OV9MG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-BITA4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-70ERH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-QKRUR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-N2GCJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-CHT3L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-PH5I5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-QC42T.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-US9VT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-1DHV6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-6RM2R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-L8VPB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QP1V5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-4AD6F.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-8OEUB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NEFLU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NJJD4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-V9E7A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QI59E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-FELGD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-JLV0H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-DBGJC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-CMQSS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-M0I4H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-37145.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-6LQ0G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-FE45C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9F3I2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-NL7MN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-R788B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-64E3N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-KH2SN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VE8B0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7EV8O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-SR4CK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VQ2C8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-RJM7O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-MJN3C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1DN8R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-LKBCE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-GSO7L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-DS9U1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9S1L5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7JSD1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1KUPI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-4922F.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P9F2A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DI71O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-67Q05.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-IE7UD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T11L1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T3E2B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-19FI6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DVG3K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-3EO63.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-1K3AJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LCGQE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-BS97R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LTK27.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-405Q8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9KGNK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DDA4R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7AVA5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PIVL1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-ILPSH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-32VOB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-GUIIM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-Q042M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-TI4FS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P4R44.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-UNR4I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-35DF0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-22CCE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-91VDT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-R5R9N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9T70V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-JIFVF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-0HCB9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7DG6H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-2APG5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-EPU6H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\Skins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\Skins\is-B3CLK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\Icons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\Common Files\FlashIntegro\Icons\is-OEFT9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-LLEGR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-RQNKS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\is-LBTK9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I6T9L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I7CDN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VAK07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-05DK1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VVOBD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-C5B5H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-0O32B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-MA3LK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-BKS6A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FMAB2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-RGQOV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-GK5DP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-NLT24.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-18751.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LP55S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LIT59.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-3G6AI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H1IE7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4EEP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-U4VOR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9HOFC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FG6LB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9UITF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H7IP7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-EL74B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4TT6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-TMCVL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-FAIB7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-26N17.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-GC7SG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-0P374.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-FPN7G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-MHS1N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-VJVTV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\is-AEM9J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-PASQS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-18N5J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-EE30E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-D7F0R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-71763.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-QJKGK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-205MJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-MACAJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-JL8TS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-RQ9AI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-HGA76.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-EKH8K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-CI9B0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-3LHV4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-QUMD0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-OPJ0L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-LOAA6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-GQFU2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-4S9MO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-FL6SE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-GJEC6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-9E7R5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-2EJ77.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-GTG9P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-UNULP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-FIVE4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-NG7L4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-76EQB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-2JGVN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-9TRIO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-1UNB8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-F6C3V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-73DMN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-G5U8P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-M548A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-RBA0A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-VVLRI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-IS4JU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-3JNV3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-1HGD7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-SB92V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-TS4RV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-VKPMB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-6ARCB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-CPBLM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-T6CCL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-RE48O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-1793G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-6NCGG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-JITLO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-IVS55.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-TE7SE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-MCB45.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-QDEAV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-AG5E8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-2P44S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-OSTLC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-AA542.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-NJPQP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-PUMEJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-04MSU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-K3NSQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-S3ULH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-7VHFA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-9KC7I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-PI9KV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-VGQT7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-43G0Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-Q4RM0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-TB8G8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-T1D4K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-JO30Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-NFHT1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-9QBMD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-3G1IF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-VVVH3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-1RG5D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-M3HJ7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-CK81H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-03CNC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-MFIBR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-OTTME.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-P9A0I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-SHHTE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-CPL14.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-0NMJO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-820I8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-M34H0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-7QR9V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-GJ430.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-3PADE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-4DM3R.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-T8KV4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-9CCVS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-FG1SQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-7O2BM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-RJ4DC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-EOLA4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-T7IV4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GVT2A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-104LF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-VDS5H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-59H75.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-C005E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SBFC4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-03PPR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-RCDRK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-V7PMR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-PS2Q4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-0TTIP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-75DNA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SJPS8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-4U7S6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-CEC03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-DMV8U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-6N0VE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GIO32.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-O1SLI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-1CGJ9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-M5DE4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-033JI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-L4OAU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-LJ5D3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-IF9Q3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-HAN6B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-AGMRU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-RVD12.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-PTQP2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-I5287.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-5JT8A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-OFOE1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-S0D4Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-IGSPU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-R0RJR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-1SG6M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-HR3R2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-CODG7.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-LNB69.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-C4AHP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-865TJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-5EFJR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SMCBB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-261A3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-MECI4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-CGP1H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-U74IP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SN7UB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-66H2D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GV0A1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-OGSGC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-B81HA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-MPQS8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-0N2I4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-V5TRR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-D3MPN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GFDHA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-M69II.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-4PHGV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-VUC2B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-2EMNE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SVHO2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-OETFG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-GVN9T.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-FKS89.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-V6G3D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-EH2R5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-6QM36.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-LBA1M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-KVO9A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-K3RRM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-123KU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-VF05A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-NM2IH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-KTPSS.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-JAEPR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-5P0OV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-24HRR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-2R3EF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-98G0O.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-LNU6D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-FLPM0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-MPI46.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-8SVCB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-KA8RB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-J845N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-ADGLP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-GTAJC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-B9T9I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-86O3P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-HVOV1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-O9B0K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-TOI6P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-67UST.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-64HVM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-STRIQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-6T6CP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-A0AHR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-KRDRF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-MKESN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-F2EP9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-BQRNC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-P87Q4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-C0552.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-A64E2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-667M8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-1L27E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-EN26K.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-R9IGR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-L6UB6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-JD4J5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-CP3G5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0J4BD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0UG6V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-40PGV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-C3M4B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-JGJBF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-BNKEA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-72CON.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-E2CQ1.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-GAL2Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-67EPV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-OC963.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0CLRT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0P975.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-IJLMN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-HVMOR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-90H8N.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-D97I9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-8DO5A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-5COKO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-2A6J8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-02E1T.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-IJ3QF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-NJB1I.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-58R27.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DVENQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-92AUV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-7D1B0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-707GD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-05TPN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-FLAFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DG40Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-N7ECH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-2FVHD.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-BGFST.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DREMP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-L4HPC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-1MMCJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Directory created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-8MVBT.tmp	Jump to behavior

Source:	Binary string: C:\agent\_work\8\s\build\ship\x86\burn.pdb source: vcredist_x64.exe, 0000001B.00000000.544275902.0000000000CCB000.00000002.00020000.sdmp, vcredist_x64.exe, 0000001D.00000000.545735742.0000000000F6B000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000020.00000002.589217485.000000000019B000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000025.00000000.583222248.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000026.00000000.584723229.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000027.00000002.610680528.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe.32.dr
Source:	Binary string: e:\src\datatype_rn\lsd\codec\ralf.pdb source: is-QI59E.tmp.22.dr
Source:	Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: is-CPPIC.tmp.22.dr
Source:	Binary string: e:\src\producersdk\plugins\transform\audioresampler\audioresampler.pdb source: is-64E3N.tmp.22.dr
Source:	Binary string: w:\Work2\ActiveX5_Edited\VStudia\mslanimationfile5\x64\Release\mslanimationfile5.pdb6 source: is-DDA4R.tmp.22.dr
Source:	Binary string: w:\Tools\Codejock Software\MFC\Xtreme ToolkitPro v19.2.0\Source\Styles\Office2016\Release\vc160\Office2016vc160.pdb source: video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp
Source:	Binary string: e:\src\producersdk\plugins\transform\eventpack\eventpack.pdb source: is-SR4CK.tmp.22.dr
Source:	Binary string: w:\Work2\ActiveX5_Edited\VStudia\mslanimationfile5\x64\Release\mslanimationfile5.pdb source: is-DDA4R.tmp.22.dr
Source:	Binary string: w:\Work2\Projects_VideoSoftDev\video_tools\YouTubeUploader\obj\Release\YouTubeUploader.pdb source: is-GK5DP.tmp.22.dr
Source:	Binary string: w:\Work2\Projects_VideoSoftDev\video_tools\YouTubeUploader\obj\Release\YouTubeUploader.pdbh source: is-GK5DP.tmp.22.dr
Source:	Binary string: W:\Work2\Projects_VideoSoftDev\common\ExecuteHelper\x64\Release\ExecuteHelper.pdb source: video_editor_x64.tmp, 00000016.00000002.668331619.0000000004E60000.00000004.00000001.sdmp

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004A1A3C LoadLibraryExW,LoadLibraryW,GetProcAddress,

22_2_004A1A3C

Source: is-9I76T.tmp.22.dr	Static PE information: real checksum: 0x12d125 should be: 0x12adc8
Source: video_editor_x64.exe.2.dr	Static PE information: real checksum: 0x55c3daa should be:
Source: itdownload.dll.22.dr	Static PE information: real checksum: 0x0 should be: 0x3c807
Source: vcredist_x64.exe.22.dr	Static PE information: real checksum: 0xe56dd3 should be:
Source: vcredist_x64.exe.27.dr	Static PE information: real checksum: 0xe56dd3 should be: 0xa5b19
Source: _iscrypt.dll.22.dr	Static PE information: real checksum: 0x0 should be: 0x89d2

Source: vcredist_x64.exe.22.dr	Static PE information: section name: .wixburn
Source: vcredist_x64.exe.27.dr	Static PE information: section name: .wixburn
Source: VC_redist.x64.exe.32.dr	Static PE information: section name: .wixburn

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040D034 push ecx; mov dword ptr [esp], eax	20_2_0040D039
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040E0D0 push 0040E118h; ret	20_2_0040E110
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_004100D8 push 00410140h; ret	20_2_00410138
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00406944 push 00406986h; ret	20_2_0040697E
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040B104 push 0040B2B0h; ret	20_2_0040B2A8
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00406A50 push 00406A88h; ret	20_2_00406A80
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040E250 push 0040E27Ch; ret	20_2_0040E274
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00406A92 push 00406AC0h; ret	20_2_00406AB8
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00406A94 push 00406AC0h; ret	20_2_00406AB8
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_004064A6 push 0040650Dh; ret	20_2_00406505
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_004064A8 push 0040650Dh; ret	20_2_00406505
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_004034A8 push eax; ret	20_2_004034E4
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0041157C push 004115FAh; ret	20_2_004115F2
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_0040DD38 push 0040DD7Bh; ret	20_2_0040DD73
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00411618 push 00411645h; ret	20_2_0041163D
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004FA044 push ecx; mov dword ptr [esp], ecx	22_2_004FA049
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0046E0B0 push ecx; mov dword ptr [esp], edx	22_2_0046E0B4
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00482158 push 0048219Bh; ret	22_2_00482193
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004AC17C push ecx; mov dword ptr [esp], eax	22_2_004AC181
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0044C1F4 push 0044C220h; ret	22_2_0044C218
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0042E1B4 push 0042E1E0h; ret	22_2_0042E1D8
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0047E234 push 0047E28Eh; ret	22_2_0047E286
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0045C2C4 push ecx; mov dword ptr [esp], ecx	22_2_0045C2C8
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0040A2C4 push 0040A306h; ret	22_2_0040A2FE
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004542FC push 00454367h; ret	22_2_0045435F
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0049C374 push ecx; mov dword ptr [esp], ecx	22_2_0049C378
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0040A3D0 push 0040A408h; ret	22_2_0040A400
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0046E404 push ecx; mov dword ptr [esp], edx	22_2_0046E408
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0040A412 push 0040A440h; ret	22_2_0040A438
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_0040A414 push 0040A440h; ret	22_2_0040A438
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004204B0 push 004204FDh; ret	22_2_004204F5

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P4R44.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-RGQOV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-P6BPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-0HCB9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-19FI6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-GOHUV.tmp	Jump to dropped file
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\Icons\is-OEFT9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-8OEUB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-MA3LK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\is-9I76T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NEFLU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I6T9L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-0QH9Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-RQNKS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-LBTK9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H1IE7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9UITF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-37145.tmp	Jump to dropped file
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9HOFC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-8FNTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-EUP48.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-2APG5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-OHJAD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-VSVSM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-MJN3C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-64E3N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-2P8H9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-UNR4I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-205MJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-QSTSG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1DN8R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H7IP7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LIT59.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9KGNK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-3G6AI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-R788B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-67Q05.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-1K3AJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-GUIIM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-BS97R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7AVA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DI71O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-C5B5H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-JNA69.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NJJD4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-35DF0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-L00SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9T70V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-4922F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-3EO63.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T3E2B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7EV8O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P9F2A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PIVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PJL5P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-09ON3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-ROU4O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VE8B0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VVOBD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-RBT22.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-6LQ0G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7DG6H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-GSO7L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-4AD6F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LCGQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QI59E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-M0I4H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-JIFVF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-22CCE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-GK5DP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-6RM2R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-EPPLT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-R5R9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-CPPIC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-5IHAM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-91VDT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-DBGJC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-IE7UD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-G6P95.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-EL74B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-V9E7A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-QUAMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-AGCOG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-MFS8H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-TI4FS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-SR4CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LP55S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-Q042M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QP1V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-EPU6H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VAK07.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-0SG7I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DVG3K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-NL7MN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-JLV0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-FE45C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VQ2C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-LKBCE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-G038I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-405Q8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-C5KCH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P1PRU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-BKS6A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-U4VOR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-L8VPB.tmp	Jump to dropped file
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-ILPSH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-05DK1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-PL5GF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9F3I2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-0O32B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4TT6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-VKA8L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\Skins\is-B3CLK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-CSG4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-H3Q3E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1KUPI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4EEP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-95VKA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-51BGK.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe	File created: C:\Users\user\Desktop\download\video_editor_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FG6LB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	File created: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-CMQSS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T11L1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7JSD1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-VQLEK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-VHK7U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FMAB2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-1DHV6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-UR5C0.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9S1L5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-7P8PE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LTK27.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	File created: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-32VOB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-RJM7O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-DS9U1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\is-CL5VE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\is-LLEGR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DDA4R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\itdownload.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-CFMS7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-FELGD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I7CDN.tmp	Jump to dropped file

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe

File created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe

Jump to dropped file

Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-G6P95.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-VHK7U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-8FNTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-RBT22.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-OHJAD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-JNA69.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-QUAMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-UR5C0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-AGCOG.tmp	Jump to dropped file
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-PL5GF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-MFS8H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-G038I.tmp	Jump to dropped file
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\wixstdba.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-L00SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-C5KCH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-CFMS7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-95VKA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	File created: C:\Windows\System32\is-0QH9Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	File created: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Jump to dropped file

Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1028\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1029\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1031\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1036\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1040\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1041\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1042\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1045\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1046\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1049\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1055\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\2052\license.rtf	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	File created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\3082\license.rtf	Jump to behavior
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1028\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1029\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1031\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1036\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1040\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1041\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1042\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1045\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1046\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1049\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1055\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\2052\license.rtf
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	File created: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\3082\license.rtf

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00470AAC GetWindowLongW,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,	22_2_00470AAC
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004736F8 IsIconic,SetFocus,GetParent,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,	22_2_004736F8
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004629EC IsIconic,GetCapture,	22_2_004629EC
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00470A2C IsIconic,	22_2_00470A2C

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,

22_2_0047A500

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P4R44.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-RGQOV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-P6BPJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-0HCB9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-19FI6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-GOHUV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\Icons\is-OEFT9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-MA3LK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-8OEUB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\is-9I76T.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I6T9L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NEFLU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-RQNKS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-0QH9Q.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-LBTK9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9UITF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H1IE7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-37145.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9HOFC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-8FNTV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-EUP48.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-2APG5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-OHJAD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-VSVSM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-UNR4I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-MJN3C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-2P8H9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-64E3N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-205MJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-QSTSG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1DN8R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H7IP7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LIT59.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9KGNK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-3G6AI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-R788B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-1K3AJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-GUIIM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-67Q05.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-BS97R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7AVA5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DI71O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-C5B5H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-JNA69.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-35DF0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NJJD4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-L00SG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9T70V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-3EO63.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-4922F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T3E2B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P9F2A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7EV8O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PIVL1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PJL5P.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-09ON3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-ROU4O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VE8B0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VVOBD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-RBT22.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-6LQ0G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7DG6H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-GSO7L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-4AD6F.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LCGQE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QI59E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-M0I4H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-JIFVF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-GK5DP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-22CCE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-6RM2R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-EPPLT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-R5R9N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-CPPIC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-5IHAM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-91VDT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-DBGJC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-IE7UD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-G6P95.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-EL74B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-V9E7A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-QUAMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-AGCOG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-MFS8H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-TI4FS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-SR4CK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LP55S.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-Q042M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-EPU6H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QP1V5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VAK07.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-0SG7I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DVG3K.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-NL7MN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-JLV0H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VQ2C8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-FE45C.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-LKBCE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-G038I.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-405Q8.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-C5KCH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P1PRU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-BKS6A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-U4VOR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-L8VPB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-ILPSH.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-05DK1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-PL5GF.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9F3I2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-0O32B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4TT6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-VKA8L.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\Skins\is-B3CLK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-CSG4M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-H3Q3E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1KUPI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4EEP.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-95VKA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-51BGK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FG6LB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Dropped PE file which has not been started: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T11L1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-CMQSS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7JSD1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-VQLEK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-VHK7U.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FMAB2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-1DHV6.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-UR5C0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9S1L5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LTK27.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-7P8PE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-32VOB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-RJM7O.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-DS9U1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\is-CL5VE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\is-LLEGR.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DDA4R.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\itdownload.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Windows\System32\is-CFMS7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-FELGD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Dropped PE file which has not been started: C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I7CDN.tmp	Jump to dropped file

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Evaded block: after key decision
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Evaded block: after key decision

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Check user administrative privileges: GetTokenInformation,DecisionNodes	graph_22-40531
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Registry key enumerated: More than 152 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Registry key enumerated: More than 151 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04090409

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CBFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00CBFE5Dh	27_2_00CBFDC2
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CBFDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00CBFE56h	27_2_00CBFDC2
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F5FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00F5FE5Dh	29_2_00F5FDC2
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F5FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00F5FE56h	29_2_00F5FDC2
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 0018FE5Dh	32_2_0018FDC2
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0018FDC2 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 0018FE56h	32_2_0018FDC2

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: 20_2_00405BEC GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,	20_2_00405BEC
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004AD294 FindFirstFileW,GetLastError,	22_2_004AD294
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_00408174 GetModuleHandleW,GetProcAddress,lstrcpynW,lstrcpynW,lstrcpynW,FindFirstFileW,FindClose,lstrlenW,lstrcpynW,lstrlenW,lstrcpynW,	22_2_00408174
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004C0BC0 SetErrorMode,FindFirstFileW,FindNextFileW,FindClose,SetErrorMode,	22_2_004C0BC0
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: 22_2_004C107C SetErrorMode,FindFirstFileW,FindNextFileW,FindClose,SetErrorMode,	22_2_004C107C
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C83BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	27_2_00C83BC3
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CC4315 FindFirstFileW,FindClose,	27_2_00CC4315
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00C9993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	27_2_00C9993E
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB7A87 FindFirstFileExW,	27_2_00CB7A87
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F3993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	29_2_00F3993E
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F23BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	29_2_00F23BC3
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F64315 FindFirstFileW,FindClose,	29_2_00F64315
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00194315 FindFirstFileW,FindClose,	32_2_00194315
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0016993E FindFirstFileW,lstrlenW,FindNextFileW,FindClose,	32_2_0016993E
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00153BC3 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,	32_2_00153BC3
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00187A87 FindFirstFileExW,	32_2_00187A87

Source: C:\Users\user\Desktop\download\video_editor_x64.exe

Code function: 20_2_00406458 GetSystemInfo,

20_2_00406458

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\NULL	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\NULL	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	File opened: C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\NULL	Jump to behavior

Source: video_editor_x64.exe, 00000014.00000002.651888982.00000000023C0000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.657074100.00000000029A0000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001B.00000002.599493680.0000000002F00000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001D.00000002.595145867.0000000002E00000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000020.00000002.590824327.0000000003550000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000025.00000002.589434841.0000000003470000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000026.00000002.616679838.00000000033C0000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000027.00000002.611705152.0000000002D70000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: video_editor_x64.exe, 00000014.00000002.651888982.00000000023C0000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.657074100.00000000029A0000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001B.00000002.599493680.0000000002F00000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001D.00000002.595145867.0000000002E00000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000020.00000002.590824327.0000000003550000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000025.00000002.589434841.0000000003470000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000026.00000002.616679838.00000000033C0000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000027.00000002.611705152.0000000002D70000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: video_editor_x64.exe, 00000014.00000002.651888982.00000000023C0000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.657074100.00000000029A0000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001B.00000002.599493680.0000000002F00000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001D.00000002.595145867.0000000002E00000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000020.00000002.590824327.0000000003550000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000025.00000002.589434841.0000000003470000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000026.00000002.616679838.00000000033C0000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000027.00000002.611705152.0000000002D70000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: wget.exe, 00000002.00000002.340434297.00000000009F8000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: video_editor_x64.exe, 00000014.00000002.651888982.00000000023C0000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.657074100.00000000029A0000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001B.00000002.599493680.0000000002F00000.00000002.00000001.sdmp, vcredist_x64.exe, 0000001D.00000002.595145867.0000000002E00000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000020.00000002.590824327.0000000003550000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000025.00000002.589434841.0000000003470000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000026.00000002.616679838.00000000033C0000.00000002.00000001.sdmp, VC_redist.x64.exe, 00000027.00000002.611705152.0000000002D70000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	API call chain: ExitProcess graph end node	graph_20-7645
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00CAE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

27_2_00CAE625

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004A1A3C LoadLibraryExW,LoadLibraryW,GetProcAddress,

22_2_004A1A3C

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB4812 mov eax, dword ptr fs:[00000030h]	27_2_00CB4812
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F54812 mov eax, dword ptr fs:[00000030h]	29_2_00F54812
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00184812 mov eax, dword ptr fs:[00000030h]	32_2_00184812

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00C838D4 GetProcessHeap,RtlAllocateHeap,

27_2_00C838D4

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CAE773 SetUnhandledExceptionFilter,	27_2_00CAE773
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CAE188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	27_2_00CAE188
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CAE625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00CAE625
Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Code function: 27_2_00CB3BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	27_2_00CB3BB0
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F4E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	29_2_00F4E188
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Code function: 29_2_00F53BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_00F53BB0
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0017E773 SetUnhandledExceptionFilter,	32_2_0017E773
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0017E188 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	32_2_0017E188
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_0017E625 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_0017E625
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Code function: 32_2_00183BB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_00183BB0

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004D8F68 ShellExecuteExW,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

22_2_004D8F68

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe	Process created: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe 'C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe' -burn.clean.room='C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' -burn.filehandle.attached=580 -burn.filehandle.self=564 /install /passive /norestart	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Process created: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe 'C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe' -q -burn.elevated BurnPipe.{AEC565AB-0FED-47E7-88D9-B941D20CF512} {87809E35-81C0-47B4-86E7-066B690A99EC} 5088	Jump to behavior
Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	Process created: unknown unknown	Jump to behavior
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install

Source: unknown	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Process created: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe 'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_00480E38 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

22_2_00480E38

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_0047FFEC AllocateAndInitializeSid,GetVersion,GetModuleHandleW,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,

22_2_0047FFEC

Source: video_editor_x64.exe, 00000014.00000002.650376524.0000000000E70000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.652288287.0000000000FE0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: video_editor_x64.exe, 00000014.00000002.650376524.0000000000E70000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.652288287.0000000000FE0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: video_editor_x64.exe, 00000014.00000002.650376524.0000000000E70000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.652288287.0000000000FE0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: video_editor_x64.exe, 00000014.00000002.650376524.0000000000E70000.00000002.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.652288287.0000000000FE0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00CAE9A7 cpuid

27_2_00CAE9A7

Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: GetModuleFileNameW,RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,lstrcpynW,GetThreadLocale,GetLocaleInfoW,lstrlenW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,	20_2_00405DE8
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: GetLocaleInfoW,	20_2_0040E640
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: GetLocaleInfoW,	20_2_00408EB4
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: GetLocaleInfoW,	20_2_00408F00
Source: C:\Users\user\Desktop\download\video_editor_x64.exe	Code function: lstrcpynW,GetThreadLocale,GetLocaleInfoW,lstrlenW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,	20_2_00405F23
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: GetModuleFileNameW,RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,lstrcpynW,GetThreadLocale,GetLocaleInfoW,lstrlenW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,	22_2_00408370
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: lstrcpynW,GetThreadLocale,GetLocaleInfoW,lstrlenW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,lstrcpynW,LoadLibraryExW,	22_2_004084AB
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: GetLocaleInfoW,	22_2_004B0DAC
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: GetLocaleInfoW,	22_2_00410FC0
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: GetLocaleInfoW,	22_2_00410FBE
Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	Code function: GetLocaleInfoW,	22_2_0041100C

Source: C:\Windows\SysWOW64\wget.exe	Queries volume information: C:\Users\user\Desktop\download VolumeInformation	Jump to behavior
Source: C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	Queries volume information: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\logo.png VolumeInformation	Jump to behavior
Source: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	Queries volume information: C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\logo.png VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00C94CE8 ConvertStringSecurityDescriptorToSecurityDescriptorW,GetLastError,CreateNamedPipeW,GetLastError,CreateNamedPipeW,GetLastError,CloseHandle,LocalFree,

27_2_00C94CE8

Source: C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp

Code function: 22_2_004B2868 GetSystemTimeAsFileTime,FileTimeToSystemTime,

22_2_004B2868

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00C860BA GetUserNameW,GetLastError,

27_2_00C860BA

Source: C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe

Code function: 27_2_00CC8733 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,

27_2_00CC8733

Source: C:\Users\user\Desktop\download\video_editor_x64.exe

Code function: 20_2_004110C4 GetModuleHandleW,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy,

20_2_004110C4

Source: C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API3	DLL Side-Loading1	Exploitation for Privilege Escalation1	Deobfuscate/Decode Files or Information1	Input Capture11	System Time Discovery12	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	System Shutdown/Reboot1
Default Accounts	Command and Scripting Interpreter13	Windows Service1	DLL Side-Loading1	Obfuscated Files or Information2	LSASS Memory	Account Discovery1	Remote Desktop Protocol	Screen Capture1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Service Execution1	Logon Script (Windows)	Access Token Manipulation1	DLL Side-Loading1	Security Account Manager	File and Directory Discovery3	SMB/Windows Admin Shares	Input Capture11	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Windows Service1	File Deletion1	NTDS	System Information Discovery56	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Process Injection13	Masquerading23	LSA Secrets	Query Registry1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Virtualization/Sandbox Evasion11	Cached Domain Credentials	Security Software Discovery41	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Access Token Manipulation1	DCSync	Virtualization/Sandbox Evasion11	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection13	Proc Filesystem	Process Discovery12	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Application Window Discovery11	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	System Owner/User Discovery3	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Right-to-Left Override	Input Capture	Remote System Discovery1	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://www.videosoftdev.com/services/download.aspx?ProductID=1	0%	Virustotal		Browse
http://www.videosoftdev.com/services/download.aspx?ProductID=1	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Link
C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	0%	Metadefender	Browse
C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	3%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp	2%	ReversingLabs
C:\Users\user\Desktop\download\video_editor_x64.exe	5%	Metadefender	Browse
C:\Users\user\Desktop\download\video_editor_x64.exe	0%	ReversingLabs
C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\wixstdba.dll	0%	Metadefender	Browse
C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\wixstdba.dll	0%	ReversingLabs
C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe	2%	ReversingLabs
C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\wixstdba.dll	0%	Metadefender	Browse
C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\wixstdba.dll	0%	ReversingLabs
C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	0%	Metadefender	Browse
C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe	0%	ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.innosetup.com/	0%	URL Reputation	safe
http://www.innosetup.com/	0%	URL Reputation	safe
http://www.innosetup.com/	0%	URL Reputation	safe
http://www.innosetup.com/	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://www.videosoftdev.com6http://www.videosoftdev.com6http://www.videosoftdev.com	0%	Avira URL Cloud	safe
http://www.codejock.com	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	0%	URL Reputation	safe
http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	0%	URL Reputation	safe
http://ocsp.sectigo.com0#	0%	URL Reputation	safe
http://ocsp.sectigo.com0#	0%	URL Reputation	safe
http://ocsp.sectigo.com0#	0%	URL Reputation	safe
http://www.dk-soft.org/	0%	URL Reputation	safe
http://www.dk-soft.org/	0%	URL Reputation	safe
http://www.dk-soft.org/	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
http://www.videosoftdev.co	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
https://sectigo.com/CPS0C	0%	URL Reputation	safe
https://sectigo.com/CPS0C	0%	URL Reputation	safe
https://sectigo.com/CPS0C	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
https://sectigo.com/CPS0D	0%	URL Reputation	safe
http://www.remobjects.com/ps	0%	URL Reputation	safe
http://www.remobjects.com/ps	0%	URL Reputation	safe
http://www.remobjects.com/ps	0%	URL Reputation	safe
http://www.realnetworks.com0=1	0%	Avira URL Cloud	safe
http://www.realnetworks.com	0%	Avira URL Cloud	safe
http://appsyndication.org/2006/appsyn	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.innosetup.com/	video_editor_x64.exe, 00000014.00000003.387425971.000000007FD80000.00000004.00000001.sdmp, video_editor_x64.tmp, video_editor_x64.tmp, 00000016.00000000.388602269.0000000000401000.00000020.00020000.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.videosoftdev.com/services/purchase.aspx?ProductID=1a	video_editor_x64.tmp, 00000016.00000002.658287088.0000000003688000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000003.389180628.0000000003390000.00000004.00000001.sdmp	false		high
http://ocsp.sectigo.com0	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.videosoftdev.com/services/download.aspx?ProductID=x32_1	video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	false		high
http://wixtoolset.org/schemas/thmutil/2010	VC_redist.x64.exe, 00000027.00000003.608972858.00000000032BA000.00000004.00000001.sdmp, VC_redist.x64.exe, 00000027.00000003.609712314.0000000001060000.00000004.00000040.sdmp	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	video_editor_x64.exe, 00000014.00000000.386663597.0000000000401000.00000020.00020000.sdmp	false		high
http://ocsp.thawte.com0	video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://downloads.videosoftdev.com/video_tools/video_editor_x64.exe	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	video_editor_x64.exe	false		high
http://www.videosoftdev.com6http://www.videosoftdev.com6http://www.videosoftdev.com	video_editor_x64.exe, 00000014.00000003.386914432.00000000024B0000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000003.389180628.0000000003390000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.codejock.com	video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.videosoftdev.com/services/download.aspx?ProductID=1.	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	false		high
http://appsyndication.org/2006/appsynapplicationapuputil.cppupgradeexclusivetrueenclosuredigestalgor	vcredist_x64.exe, 0000001B.00000000.544275902.0000000000CCB000.00000002.00020000.sdmp, vcredist_x64.exe, 0000001D.00000000.545735742.0000000000F6B000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000020.00000002.589217485.000000000019B000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000025.00000000.583222248.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000026.00000000.584723229.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe, 00000027.00000002.610680528.0000000000ADB000.00000002.00020000.sdmp, VC_redist.x64.exe.32.dr	false	Avira URL Cloud: safe	unknown
http://downloads.videosoftdev.com/video_tools/video_editor_x64.exe3	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	false		high
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.sectigo.com0#	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.videosoftdev.com	video_editor_x64.tmp, 00000016.00000002.653698216.000000000250A000.00000004.00000001.sdmp	false		high
http://www.dk-soft.org/	video_editor_x64.exe, 00000014.00000003.386914432.00000000024B0000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.653698216.000000000250A000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.videosoftdev.com/services/download.aspx?ProductID=19	wget.exe, 00000002.00000002.340511863.0000000001100000.00000004.00000040.sdmp	false		high
http://www.videosoftdev.co	video_editor_x64.tmp, 00000016.00000002.652002104.0000000000835000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://www.videosoftdev.com/services/download.aspx?ProductID=1	wget.exe, 00000002.00000002.340414107.00000000009F0000.00000004.00000020.sdmp	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	false		high
http://www.videosoftdev.com/services/download.aspx?ProductID=1?	wget.exe, 00000002.00000002.340511863.0000000001100000.00000004.00000040.sdmp	false		high
http://www.conduit.com/legal/searchprotectdescription	video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	false		high
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.trustwave.com/CSCA2_L1.crl0q	video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	false		high
https://sectigo.com/CPS0C	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, is-DDA4R.tmp.22.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://sectigo.com/CPS0D	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp, video_editor_x64.exe, 00000014.00000003.387281147.0000000002706000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.videosoftdev.com/services/install.aspx?ProductID=1	video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	false		high
https://www.youtube.com/watch?v=	is-GK5DP.tmp.22.dr	false		high
http://www.remobjects.com/ps	video_editor_x64.exe, 00000014.00000003.387425971.000000007FD80000.00000004.00000001.sdmp, video_editor_x64.tmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://downloads.videosoftdev.com/video_tools/video_editor_x64.exetates3	wget.exe, 00000002.00000002.340520016.0000000001106000.00000004.00000040.sdmp	false		high
http://crl.trustwave.com/STCA.crl0=	video_editor_x64.tmp, 00000016.00000002.675326646.0000000006170000.00000004.00000001.sdmp	false		high
http://www.youtube.com/watch?v=jaA2361wq50	video_editor_x64.tmp, 00000016.00000002.673721113.0000000005B3E000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.671162818.0000000005886000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.674313336.0000000005DD5000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673428705.00000000059DF000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.673989945.0000000005C7B000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.674987522.0000000005F2E000.00000004.00000001.sdmp, video_editor_x64.tmp, 00000016.00000002.670684399.0000000005728000.00000004.00000001.sdmp	false		high
http://www.delta-search.com/eula.html	video_editor_x64.tmp, 00000016.00000002.682043750.0000000006F4B000.00000004.00000001.sdmp	false		high
http://www.realnetworks.com0=1	is-64E3N.tmp.22.dr	false	Avira URL Cloud: safe	low
http://www.realnetworks.com	is-SR4CK.tmp.22.dr	false	Avira URL Cloud: safe	unknown
http://appsyndication.org/2006/appsyn	vcredist_x64.exe, VC_redist.x64.exe	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
8.8.8.8	unknown	United States		15169	GOOGLEUS	false
198.251.66.75	unknown	United States		8560	ONEANDONE-ASBrauerstrasse48DE	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	326343
Start date:	03.12.2020
Start time:	10:19:10
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 14m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	http://www.videosoftdev.com/services/download.aspx?ProductID=1
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean19.evad.win@19/873@0/2
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 62.5% (good quality ratio 57.5%) Quality average: 72% Quality standard deviation: 30.9%
HCA Information:	Successful, ratio: 52% Number of executed functions: 209 Number of non-executed functions: 261
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing disassembly code. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:22:47	Autostart	Run: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {40d3fee2-b257-46c2-bdc0-cb1088d97327} "C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe" /burn.runonce

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-09ON3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	337696
Entropy (8bit):	6.010310833200254
Encrypted:	false
SSDEEP:	3072:uMCZbDoSbwlSCpYQfj+f1D0I/esAjznECGJGSuyuMiQdqyHGxRCcXYJ7q5g03Lbh:uCXSUYQeisA3EJnkgCbDmgpbPSNA
MD5:	9FF7C9FF349B13430FD4575556ED3A15
SHA1:	CED03401B3FFA7BF372B6E7B9CE3D6856D646373
SHA-256:	C04C348CF3CB28A550ADC72D40F7473D03F1EAC63F3B945A6A56C476265295A7
SHA-512:	CB656E556EC12CE5A8979C69C777ABC83B5E8023E90F7A0DC206FEF9DF8C04B96B70CCBCE4F563265392E313AE6E4C4DC2E5A2FDFACA32AB0E167E45C7581374
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.M...#...#...#.....#..."...#...&...#...'...#... ...#......#...".l.#...*...#...#...#......#...!...#.Rich..#.........PE..d...T:.^.........." .........f......P~.......................................0......M.....`A.............................................>..d...,................ ...... A..........`...T...............................0............................................text...V........................... ..`.rdata...v.......x..................@..@.data...(.... ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-0HCB9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	142744
Entropy (8bit):	6.031469250611835
Encrypted:	false
SSDEEP:	3072:41RJVeUv5NFDOYn3nVsiMHl3UNFFlhyHXGbNXx8jsF0I:EDecFDp3Vk3UsiXxuI
MD5:	46F663A8E1F4887A9DEBDCCE330202CD
SHA1:	5F526BA3AC3A892030C1DCDC52B7F85F7BC1FD84
SHA-256:	A674C9D62FAC81468217212CB6974BCE4CF672C45C75FC180F65196F3A8DA25F
SHA-512:	FA2F49E2E6568320D4CC11E760E72E9286BB7889BE0075C9BDDAFDE0335AB5547E4FF8A1B53DCC061BBCE0FE28F5F1CE00CCF7F4165ED62F71FB8C560746741B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........B.S#..S#..S#..Z[&._#...r.Q#...S..[#...S..W#...S..U#...S..w#...K..Q#...K..X#..S#...#...R..R#...R..\#...R..R#...RJ.R#..S#".R#...R..R#..RichS#..........................PE..d....'V_.........." .....:..........d=.......................................P...........`.........................................p.......4...........H&...................@..H...P{..T....................\|..(....{..0............P...............................text....9.......:.................. ..`.rdata..:\|...P...~...>..............@..@.data... ...........................@....pdata..............................@..@.rsrc...H&.......(..................@..@.reloc..H....@......................@..B........................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-19FI6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	393624
Entropy (8bit):	6.429183076567012
Encrypted:	false
SSDEEP:	6144:iDRMKhK+1F9os+C3PwA+vA9JXvZ10Qaz+02wZIfQa4CCuM2ERx3sPy2bGnthi3qJ:MhK+aVA+uJXx10k0rZIfQHvS3bGf7J
MD5:	571375C5A4151AE1B789590506184E7C
SHA1:	C4061E47C19A91603D09A46F50EC8D7DF8FDBFB2
SHA-256:	0A56A159CE424B66FDB5BA5E89B9A1CB05F5A5CD5AAE07F8BE4D5A1E982210C5
SHA-512:	06DC983A1848A64177A3C36EBC011CB7DD214DB4457CA3D0D77BF2520D93E2FC52C6116C57886619596934928064175D40CF318C63B805AE53BC8BF388952223
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........el..el..el......el...i..el.P.h..el.P.o..el..el..el...e..el.P.m..el.P.i..el...h..el...m..el..em..el...h..el...i..el...l..el......el..e...el...n..el.Rich.el.........PE..d...r(V_.........." ................LS..............................................:.....`..........................................D.......E..h....p..H...............................T...................0...(.......0............... ............................text.............................. ..`.rdata..............................@..@.data........`..."...D..............@....pdata........... ...f..............@..@_RDATA...G... ...H..................@..@.rsrc...H....p......................@..@.reloc..............................@..B................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-1K3AJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	127896
Entropy (8bit):	5.989587287420056
Encrypted:	false
SSDEEP:	3072:SLXMntuPc06jtBvH8dtdBjU1fzT0rNKx2dmUq7tdjlByW0x:SL8M002H8dJY1fz4rE8Y7tdjlBYx
MD5:	7501500AC9B33397D97B5599740BA712
SHA1:	0D3B7FBDE65C333247E7D00AB336124380AC924C
SHA-256:	77546AB7DA770E574C66ED86A2CAD9ABB63C8C5153051DEB4FD6815D43BC46E9
SHA-512:	429C4DE88F49EC13BE66855EC1F4F9FBF3D43610023C82088E32D9BF687A04A64BC25FA1FF4C48B3BF244CC0EE4F71B33A4D6E69CFBD4AE366285FEFE83BF03F
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......@....d..d..d...q..d.....d.....d.....d.n....d.R....d.....d._...d._...d..d.d....d....d....d.....d..du..d.....d.Rich.d.........................PE..d...A(V_.........." ......................................................... ............`.........................................@...................X"..........................pM..T....................O..(....M..0............0...............................text............................... ..`.rdata..:o...0...p..................@..@.data...h...........................@....pdata..............................@..@.rsrc...X".......$..................@..@.reloc..............................@..B................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-22CCE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	64416
Entropy (8bit):	5.923907444798146
Encrypted:	false
SSDEEP:	768:aZIpjMNZbG70aS5Z35C7aKHdefchMdPusXvU0XeIDjzFuLp23+zjz:aZ4MNZK7uX35fUMpun0XeIDjME0z
MD5:	03A69FD66637E5FC97437A1551FE64EF
SHA1:	A943DB9CAFAA8422E0CBD18FF99DEB6DEADCFC40
SHA-256:	9CCA00520B8158949759B90306D5A123E8D06CD5D3402571DCAA0A9468A0C6D8
SHA-512:	C6F250698F75977FC8945AE2880724593ABC361EF8C7FF8745E4AA2CF50F49D8F885F85A3F021C4C0F4C05C65CEB1D0AEF8A4F01F7EA4F47E3E56FC26E99140D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.H...&...&...&......&...'...&...#...&..."...&...%...&.U."...&.U.'...&...'.\|.&...#...&.../...&...&...&......&.......&...$...&.Rich..&.........PE..d...z(V_.........." .....v...n.......x....................................... ......")....`.........................................0.......,...................................p...X...p..............................0............................................text...nt.......v.................. ..`.rdata..xI.......J...z..............@..@.data...p...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-2APG5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	129928
Entropy (8bit):	6.075089460502067
Encrypted:	false
SSDEEP:	3072:tEyGvYDfRkqVr6zvtkGIqcgDQEEfXC30K:tEyUikqUrtkImEEfXfK
MD5:	3C4F1AE406E2E7B350BE9EA3B08EEA1C
SHA1:	1DA91199EF7712FB629A98321A6B290D467683AC
SHA-256:	732B6EA199E8387D224BC0E3F96733F509EC0976D12337833BA0F466B4903589
SHA-512:	2838A12314D4D19316921D7FBC54DB05B15966DF57CD9AE3B57C55910BEDAFD31C2374F12C007AE78DB9924F8C7995304CF9372526EAD726E69F62ECE8865296
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9...W...W...W......W.O.V...W.O.S...W.O.T...W.O.R...W..S...W..V...W...V.$.W...S...W...R...W...W...W.......W.......W...U...W.Rich..W.................PE..d....'V_.........." ..... ..........4........................................ ............`.................................................\...,........'......T....................K..T....................L..(...pK..0............0...............................text...\........ .................. ..`.rdata...k...0...l...$..............@..@.data...`...........................@....pdata..T...........................@..@.rsrc....'.......(..................@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-32VOB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	159632
Entropy (8bit):	6.11742852575518
Encrypted:	false
SSDEEP:	3072:fOqGgCY2J5gk4cbiowLQop1rj3alGTgHW7Blh7r67O5sa08:LcbFwLQe3alcN7BDCO5S8
MD5:	8D05D11BDD2E2363C5C2457DF23DF257
SHA1:	0159AD1531547E250AF4BA34BE27C77E4AB55252
SHA-256:	40E3840E1AFFF305BB68ED0BBAACBB3436CAECD65451AE9BD8EBED802A909D5D
SHA-512:	CD8066549BF5E08782A24FA02B40BF7763ADCCB5FE73752295FAAC106CDA9C26A03E67A1FFCA8C0CE33910A1DF069B4981A3D683764CFF4BC51E8435CA34CBB8
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^...0...0...0.....0...1...0.uk....0...4...0...3...0...5...0..4...0..1...0...1...0.\.4...0.\.5...0.\.0...0.\.....0......0.\.2...0.Rich..0.........PE..d....'V_.........." .....\...........[....................................................`.........................................@...........@....@...:...0.......T..................T.......................(...p...0............p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data...@...........................@....pdata.......0......................@..@.rsrc....:...@...<..................@..@.reloc...............N..............@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-3EO63.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	840088
Entropy (8bit):	6.680031671113697
Encrypted:	false
SSDEEP:	12288:qh0Qk74unPbwxRKMyrXXi4koHEM7heYt9OyKuHVWL5JsVVA:TpGKMybPZeYP7Kc0uA
MD5:	59699BD57E1DE91401EAD4A98C51B0B0
SHA1:	88B5A745D3AFD5FFF434F6CEAB6843F73E7B3F66
SHA-256:	71DFF1066E9E98B353A819EAD6AE93F2F35B72E0C014D7569AAEDE88B9DA3428
SHA-512:	52FE50FFFA7229BCF8BF2814C2010378DE41A72D42380255FD75CA31881A24B05F938E457ED813552380D02B20EC92DD545344C307D076E90EB48D647F9BE7D8
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........m....................Q.......Q.......Q.......Q.............................................................................Rich............................PE..d...5(V_.........." .........n......................................................e.....`.....................................................,............p...D.....................T...................`...(...0...0............0...............................text............................... ..`.rdata.......0......."..............@..@.data....3...0...Z..................@....pdata...D...p...F...n..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-405Q8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	247704
Entropy (8bit):	6.162598223810973
Encrypted:	false
SSDEEP:	6144:1hJVhL6ufB1Nu+MwLheDgLHCvMEs2c0MwxkXfTXEYUNxxQs1R5BhP4aiSvhbDAI:NL6ufeNxCs1R5BDV
MD5:	B67380AB28CB607DFFDB45A7244C39B4
SHA1:	EC93BB8633E8A066E4842D6F3E56337C573E790E
SHA-256:	5EFBB2101A0D0EE3180B5A1EB316D9E4F4EB0166A96DEB731350AB88F80425F3
SHA-512:	51ECD3A8F6451ACA024651C6F373EC5B8E66548174EC138A136CEAAA956ED4D87C6CCFB4D85774950B70C38377B647EED6CF82C0C7CB2979F4F1B75A0991E284
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E"(^$L{^$L{^$L{W\.{R$L{.TMzZ$L{.THzV$L{.TOzZ$L{.TIz@$L{.LHzZ$L{.LMzU$L{^$M{.$L{.UHz_$L{.UIzN$L{.ULz_$L{.U.{_$L{^$.{_$L{.UNz_$L{Rich^$L{................PE..d.....X_.........." .....@...p.......>..............................................b.....`..........................................................p...a...P..........................T.......................(...p...0............P...............................text...@>.......@.................. ..`.rdata.......P.......D..............@..@.data....1.......*..................@....pdata.......P... ... ..............@..@.rsrc....a...p...b...@..............@..@.reloc..............................@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-51BGK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	218504
Entropy (8bit):	6.1736138518071355
Encrypted:	false
SSDEEP:	3072:SGYbeaxbDu8toYaO8+Bsfvj9sdkYhv1XVrwl7jm0I:ScOi2oYN8+gRKml7DI
MD5:	D201B13BAE6CA38ECD833FF55B5DB612
SHA1:	52137B4CD3E928006F47C0AA106D506FA7B6D01F
SHA-256:	96EE6583AD1D3A04A2D90CEF4879A2DB3677528C3A24311C9DF71100CDB76381
SHA-512:	1AEE1C14101C587E622B87AFBEADA162AEDAC5D917F65077FC0936DCB92EE3C12C8B157DA66C19D37BD487F73D979E59333220C7D95005CCB220F4F10510BD87
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,z.`h.h3h.h3h.h3ac.3b.h3.ki2l.h3.km2\|.h3.kl2`.h3.kk2k.h33si2m.h3h.i3..h3.jm2a.h3.jh2i.h3.j.3i.h3.jj2i.h3Richh.h3................PE..d.....E_.........." .........&...... .....................................................`......................................... ................`.......@.......:.......p......0...............................P...0............0...............................text...r........................... ..`.rdata..j....0......................@..@.data....4.......0..................@....pdata.......@......................@..@.rsrc........`.......2..............@..@.reloc.......p.......4..............@..B................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-5IHAM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	317224
Entropy (8bit):	6.325476680883488
Encrypted:	false
SSDEEP:	6144:6lTcrTKDDPzfM0xmNcwwY2baM739NhNN40aBqnWzgPPz:6cKHzEc/Yzz
MD5:	165E673B081CF2C90A2E63A6834ACE1E
SHA1:	544014C03FB2E91454D4BAC4934B1C44F2ED8943
SHA-256:	8BF7EFB1FA4F86DB826B79EA1D3DAA6E18019790D7B5FF58B53BFB4CAD967974
SHA-512:	BB02ED42C4AFC2AE1AD5A01D974B41C511E04964962655CF387E07FB364075A1939CB9EEA0B72BBC73F6813BE9107D650543EE1ACC3583A3A59AA8B416AF9565
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e............/.<....\|@....ct............ct.....ct.....ct......ct.....ct,....ct.....Rich....................PE..d...M8.^.........." ................p.....................................................`A........................................0....M..<................p...6......(A......l....4..T...........................p4..0............................................text...<........................... ..`.rdata...2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...N..............@..@.rsrc...............................@..@.reloc..l...........................@..B........................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-67Q05.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3824528
Entropy (8bit):	6.210077276469363
Encrypted:	false
SSDEEP:	49152:QUXb03HeN/6WtDZIUbLmxnPL1kw0c3uKZXbsE83lpKfA5CxoeReW88a4LO3+L9Tf:Jnd1IUbKhL1kw0c3uKZrLXWLlQ
MD5:	E4D307024EE5782D3E0C4B64D32D3474
SHA1:	0BEED949C93A87ED0BDBA0B213670F1972B5AA62
SHA-256:	4756739B346ED772BE88CD8A38C04FAE2AAD24105661D1F43788F829CF54ABFA
SHA-512:	0DACDB0D78EEC412B879BD41675F633A8A9AD48CD5844EF539D9A21F00CF9AF2FC45D0DA35D7A5A401FD2153EEA20C20E4FDEE504554917F9D26ED581EF8D471
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........1.g_..g_..g_.....g_...[..g_...^..g_..g^..a_.F.^..g_. ...g_.F.\..g_.F.[..g_.F.Z..g_...[..g_...Z.vf_..._..g_......g_..g..g_...]..g_.Rich.g_.........................PE..d...'[__.........." .....n...........+........................................:.....Z;;...`......................................... .%.......%.......).. ....'......@:.......9.....H.!.T.....................!.(.....!.0................$...........................text....l.......n.................. ..`.rdata..............r..............@..@.data...8....0&..\....&.............@....pdata........'......x'.............@..@.rsrc.... ....).."...").............@..@.reloc........9......D9.............@..B........................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7AVA5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	348560
Entropy (8bit):	6.323250206104049
Encrypted:	false
SSDEEP:	6144:0gvCyrREQiDDwRa09ihsXfIUVzTI3wb71Pt4zoUcV8n:jvLrREvD7Sz8uUco
MD5:	876AA9D9FC89D89D05531159A7E1ADAE
SHA1:	62A01EF7AFC9153697983F9B5F0C4A7633F5224E
SHA-256:	93ADCE830FE6A58F9BF7B8182042F2F7952A19FEF9F0749DD2D7967671824A83
SHA-512:	F3127DB8B133FBC9F5EFBE5ACB68B28BAA2313658F2BC026D275E7D8C1DD1AE28175B16D28FC6E4F991588B7A6A4B4335FF13DFA4878B597684A13241C56E551
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......6.i.rn..rn..rn..{...`n.....vn......~n.....zn.....vn.....Vn..)...qn..)....n..rn..n.......n......`n......sn......sn..rn..sn......sn..Richrn..................PE..d....'V_.........." .................Z.......................................p............`.........................................P...........h.... ..h;......$-...6.......`..t....&..T...................0(..(....'..0............................................text............................... ..`.rdata..............................@..@.data....6.......(..................@....pdata..$-..........................@..@.rsrc...h;... ...<..................@..@.reloc..t....`......................@..B................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-7DG6H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	209800
Entropy (8bit):	6.301030379282958
Encrypted:	false
SSDEEP:	3072:7EH9rvXopCtbVvDFCfv0nEp/icXt2F73OElpc2P3aJMvuCqSwZmo0E:7M9efv0nEp/S7c2P3aivugw8E
MD5:	6F1E18451064B62F1636A944B8EA76E8
SHA1:	D814D893E8DFC0084F652A14BC990BC48E6BEEA7
SHA-256:	E1BF401D3311D3189CAC65F3F64FE0A3A9558DC9906D0B5C9DB004552DD16279
SHA-512:	89FEFAB321D764E49097652E926FD9EE5DB56F898BEDD8EE18F93FB137F291B14EAB5CB18CFAF0368D993AFACC29F0E136B113F7064A4903FCEA745040A6E3D4
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............B...B...B..kB...Bx..C...B.$?B...Bx..C...Bx..C...Bx..C...B...C...B...C...B...B6..B7..C...B7..C...B7..C...B7..B...B..oB...B7..C...BRich...B........................PE..d....'V_.........." .....Z..........tZ.......................................P............`.........................................P...........@.... .......................@......@...T......................(.......0............p...............................text...PX.......Z.................. ..`.rdata..0m...p...n...^..............@..@.data...............................@....pdata........... ..................@..@.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-91VDT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	150432
Entropy (8bit):	5.953850899956778
Encrypted:	false
SSDEEP:	3072:yU3X6XwzBAV3QWlFtZ3kOuiHXSfOXEDW8rj6G+0m:y2Pz23QWHBuw0W86Qm
MD5:	F26DBF2340866A81C230ABA182C3F2E9
SHA1:	D8E00910F9E4FAB19C31D2811CC4E6CEDF11113B
SHA-256:	B4EC17B4281AA3EA523973039AE64789BC0F5E40D68A55EB3D6D73F125F7C5BD
SHA-512:	B962F425CFF6FC1CD00DC1CA68FDA63E3C460DA8BEAD3AB6A377E335EA8C292BB517594AA9E9CAAF5301E61DE8A2C1D6C6633A8F2C34AD49B6C1AA2F4C6214C8
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0Fk.t'.^t'.^t'.^}_.^\|'.^.W._\|'.^.W._p'.^.W._r'.^.W._j'.^/O._w'.^/O._e'.^t'.^.'.^.V._u'.^.V._}'.^.V._u'.^.V.^u'.^t'.^u'.^.V._u'.^Richt'.^........PE..d...N(V_.........." ...............P+.......................................p............`.........................................`.......$...@.......pM......@....0.......`.......i..T...................Pk..(... j..0............@.. ............................text....)......................... ..`.rdata..n....@......................@..@.data...H...........................@....pdata..@...........................@..@.rsrc...pM.......N..................@..@.reloc.......`.......*..............@..B................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9KGNK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	264592
Entropy (8bit):	6.116869023381677
Encrypted:	false
SSDEEP:	6144:OsNP137nbHnlYU5pzygydSJ0kicLbMj6sheG:OylHlYOpugydSg28
MD5:	9F582C1EAD5AAE1F484BDB1DFDEB890F
SHA1:	8B58B343014A6C45D1C923D25024181E2CCC379C
SHA-256:	C8BAAB1B74E73C032AB97AE20FFA9D0A9D4A736285D28D6CB27AED48480AA910
SHA-512:	D201E891AAD9FAFD3E17FD0971EEA417C969090BBBAA40B7E5232E026349FC98598A5F348ACD239B9F1E676671CA24A1D8153C2BCBF430C673C723894AF9E766
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........S..=..=..=......=...9...=...>...=...<...=...8..=...9...=...<...=..<.W.=.F.9..=.F.8..=.F.=..=.F....=....=.F.?..=.Rich.=.........................PE..d...t'V_.........." .........F.............................................. ............`.........................................pi......,j..T........F......H...............L...`...T.......................(.......0...............8............................text............................... ..`.rdata..............................@..@.data................l..............@....pdata..H...........................@..@.rsrc....F.......H..................@..@.reloc..L...........................@..B................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-9T70V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	23952
Entropy (8bit):	6.0627826013258295
Encrypted:	false
SSDEEP:	384:eF2KnSKkNESTk5MX/QjnPgKoxTmPg1Zdo99dJcKrF5GfZPmp23+r/jLzVD:e7SKwESMjPgKoxTmSTyjJcEFuPmp23+9
MD5:	23E013ED7B20C0BA7152C39AB70FB04D
SHA1:	FCE17600155FFD47B06DE154F1E51BD91CAFB890
SHA-256:	BA37399C1A84EF78B32B5FB26FF309BEA11C5E507F4028D3B943FFA43EFCE45A
SHA-512:	0BCD60C193082DCF80B4278805CCF28C4EE70B11DC1408F7F75F846FA3E5E11C71D4ACB020B13D2F0F4B5E03E86261C5479BA056E91F01E252D5AA6E5B0A702A
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..n...=...=...=..#=...=..<...=..<...=..<...=..<...=G..<...=...=[..=..<...=..<...=..O=...=..'=...=..<...=Rich...=................PE..d...((V_.........." .........*......d"....................................................`..........................................:......p;..x............`..`....B..........(....3..p...........................@4..0............0...............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....pdata..`....`.......4..............@..@.JET.........p.......8..............@....rsrc................:..............@..@.reloc..(............@..............@..B................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-BS97R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	56728
Entropy (8bit):	5.8695812713418825
Encrypted:	false
SSDEEP:	768:gGC/LOx5aS6M/65p3+Bq2jCFeAFmxk3gJV8RidKmqb478wbHllivo6pFuwp23+z1:gGuOxTd65pQjZMmxrDKm378wbFYA5n0J
MD5:	714121339CC11B6039136DB63F2FAAD1
SHA1:	2EE60335D69583B753AA7E4132CBE2AD733D95EF
SHA-256:	3D4951A56BA73C9D2CC72CC59569365D49E9132C75A48B450B018CF45E137173
SHA-512:	A353EA6929727BEAF3121F42F75E7A806EC5D309974BF00E92778238DDBA1937B3F48D2C73B860266CFEA5A40EAB1CACB91A647D8BB7A958BC68EC331705A210
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\|G../G../G../N.1/A../....C../....O../....D../....R../...O../-../F../...D../...J../G../5../....E../....F../..]/F../G.5/F../....F../RichG../........PE..d....(V_.........." .....d...b......,g...............................................;....`.................................................L...................D...............8......p...........................`...0............................................text...,c.......d.................. ..`.rdata.."=.......>...h..............@..@.data...............................@....pdata..D...........................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-CPPIC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193832
Entropy (8bit):	6.592581384064209
Encrypted:	false
SSDEEP:	3072:V7vC/HAiCsJCzwneNPXU7tm1hTt8KBDal8zg/0LwhORfewlMi0JHV:VTGAtweN85m1f8KBI9wfpsJH
MD5:	937D6FF2B308A4594852B1FB3786E37F
SHA1:	5B1236B846E22DA39C7F312499731179D9EE6130
SHA-256:	261FBD00784BB828939B9B09C1931249A5C778FCEAD5B78C4B254D26CF2C201F
SHA-512:	9691509872FDB42A3C02566C10550A856D36EB0569763F309C9C4592CAF573FBB3F0B6DC9F24B32A872E2E4291E06256EAE5F2A0DEB554F9241403FD19246CAC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........94..Wg..Wg..WgVt.g..Wg..g..Wg..Sf..Wg..Tf..Wg..Vg..Wg..Vf..Wg..Rf..Wg..Wf..Wg...g..Wg..Uf..WgRich..Wg........................PE..d...W8.^.........." ................p............................................... .....`A........................................ ..................................(A...........K..T........................... L..0...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DDA4R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7587744
Entropy (8bit):	6.614711906923776
Encrypted:	false
SSDEEP:	98304:ahpuo7UAmTdBax91K8UoHh9eaxObGzB0/62bpT7MGOFUTrGczE3hmJn4:ahpvyT7MGUczEW4
MD5:	A32B3E74500A712E8E50D66898A558A0
SHA1:	417A1603D57F20C3529697B73798EDB27953C5C6
SHA-256:	B2E55C762F11F230BEA1146BE3A77882ECFE6148D91A60DA1F7F47655D7CD7F3
SHA-512:	6FE1BE9E3465E3F83973358DC099827DE423C063E2898E27066CC9DECCCA150FF00257A5A7FC16F644DB4487D8058C86447299C67C81B38AA66E051DFB8D8C10
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........b.u...u...u.......u......u..x....u..x....u......u...u..L}..x....u..x....u.......u.......u...u...t..7...@u..7....u..7....u..7..u...u...u..7....u..Rich.u..........................PE..d...^'V_.........." ......_........../X.......................................t.......t...`...........................................n.. ..\.n......pt..B...Pq.<\|....s.......t.H....j.T...................p.j.(...@.j.0.............`..............................text....6X......8X................. ..`.rodata......PX......<X............. ..`.rotext......`X......>X............. ..`IPPCODE.....pX......@X............. ..`.rdata........`......._.............@..@.data...HW....n..~....n.............@....pdata..<\|...Pq..~...0p.............@..@IPPDATA.W.....s.......r.............@....rsrc....B...pt..D...Ls.............@..@.reloc..H.....t.......s.............@..B........................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DI71O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	192920
Entropy (8bit):	6.119218949929854
Encrypted:	false
SSDEEP:	3072:4jFeS1k+GtXXaZzdpVwW+vS8g/sK0f0SWZ0wlmJmUR1+nl0Y:aZG9awW+vS8g/svf0N0wl8Y
MD5:	F3F04B8B5E1F60C8D37888BD29083BBC
SHA1:	EF8D7366A4A52B2A95D43861F5CF1DF0E65865A1
SHA-256:	106251ECAB152856B5281E6E4F275B4A8ADCC6A33A3BE0057BA6136B182B2E43
SHA-512:	B8D5B7E33FF78B3815E25CC099945DB666C461C74F97809778D88CA1C578EDC7B13D74ED88731D815CD514CC361916C2FB4683325B547D7B1411B47A4B6101B0
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........,..;M..;M..;M..25<.7M...=..?M...=..3M...=..?M...=...M..`%..=M..`%..0M..;M...M...<..:M...<..=M...<..:M...<P.:M..;M8.:M...<..:M..Rich;M..........................PE..d...z'V_.........." ......................................................... ......}.....`.........................................pK......0L...........`......x...............4...0...T.......................(.......0............................................text...0........................... ..`.rdata.. \|.......~..................@..@.data........`.......D..............@....pdata..x............X..............@..@.rsrc....`.......b...n..............@..@.reloc..4...........................@..B................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-DVG3K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	330040
Entropy (8bit):	6.657964399026725
Encrypted:	false
SSDEEP:	6144:Qgpy6Lp49Y/jdpL3KjsY0Cmj4KIza/9AOq8mQc:QH6Lp49Y/jjfYWjlIW1h
MD5:	437FD66D477FBAA501B396F7EC1F9BFA
SHA1:	C5D403D7C7AE60B8314A637AE47B2A292A35DB1D
SHA-256:	B79DA8B2239E6A521351830042EB6735E9994685C3F2DF0816AF18358BAC4E61
SHA-512:	83619771612865EEFFFE634EDD4B2A1A12E08FD51561DEAF45747817448960070F7313A2F3A7475D4E95796970C4C6C4C88D477857E33C70C0EF8C3FAB610F65
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q............................&..........................7...................Rich............................PE..L...v"`B...........!...............................................................................................Px..N....p..<.......................8i.......%...................................R..H...............t............................text.............................. ..`.rdata..............................@..@.data...............................@....reloc.../.......0...p..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-EPU6H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	886160
Entropy (8bit):	5.474561349963375
Encrypted:	false
SSDEEP:	6144:WUnYCf6zT01NjsNYbvc9ramrfKT7GpdaGtwTXn62hd6U8zaYKKkeyOZDC5U:WcbS01NjgYA9FrCHK4Gt2hJ8z0/eyOb
MD5:	8244E7C07CA0F81061F3EDE315A13379
SHA1:	112B6961805DDCD9EFF07195F57006E35E8E3F79
SHA-256:	966DB54339F7B2A3CC74EDD99079C111796E556E7A53241D63660FB839E90100
SHA-512:	E8E0640FA4B2B2B0439AFB6E00DAAFD8793A03501C4633B2FF3D6BAE370A2475C46D0C0872E295CC974EACCAF976A138D4C9D4CFC724E2BFB83F0B39356CB0DF
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9. .}.NS}.NS}.NSt..Sq.NS&.ORm.NS..JRw.NS..MR~.NS..KR].NS}.OSG.NS..ORt.NS.KR~.NS..S\|.NS}..S\|.NS.LR\|.NSRich}.NS........................PE..d.....E_..........#......6...8......\1.........@....................................^..... .................................................0\|..@....................j...............k......................@m..(....l..0............P...............................text...P4.......6.................. ..`.rdata...=...P...>...:..............@..@.data................x..............@....pdata...............\|..............@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-GOHUV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	101672
Entropy (8bit):	6.566355945650465
Encrypted:	false
SSDEEP:	1536:7y6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bIB0TO:7lXfRXqQw+PHLrCZh9xecbSt
MD5:	8697C106593E93C11ADC34FAA483C4A0
SHA1:	CD080C51A97AA288CE6394D6C029C06CCB783790
SHA-256:	FF43E813785EE948A937B642B03050BB4B1C6A5E23049646B891A66F65D4C833
SHA-512:	724BBED7CE6F7506E5D0B43399FB3861DDA6457A2AD2FAFE734F8921C9A4393B480CDD8A435DBDBD188B90236CB98583D5D005E24FA80B5A0622A6322E6F3987
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... .....................................................`A........................................`1..4....9.......p.......P.......L..(A..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-IE7UD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	68096
Entropy (8bit):	5.602336138621584
Encrypted:	false
SSDEEP:	1536:pcl8iVFa2mbqXzr2TOUeQ7t9OiIKxTx8lnSJRu:oVIvbLSRckiIKxTx8eu
MD5:	704F6DEA488B843A194A51BE88F8E277
SHA1:	C2CC4071468941E58459DD5439EEF4105ECFE42D
SHA-256:	C04E9C85FE2E7E2BBDF81ACAFC9EE1BE51E7DB21BB492D854D614E49C825F678
SHA-512:	B742A32A4173B1D7755C9FF1E93036B2CD219364536E8B4E5B441AD59BE7DACA32F54876D76ED000C014ED889F9221610021DD9E18D7CA7CDD448B10AA608B70
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........#&..BH.BH.BH.:..BH.e2I.BH.e2L.BH.e2K.BH.e2M.BH..L.BH..I.BH.BI..BH.3L.BH.3M.BH.3H.BH.3..BH.B..BH.*3J.BH.Rich.BH.........................PE..d....'V_.........." .........\|..............................................@............`.................................................P................................0...... ...T...............................0...............0............................text...<........................... ..`.rdata..BD.......F..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-ILPSH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	208280
Entropy (8bit):	6.1177788632703125
Encrypted:	false
SSDEEP:	3072:dVHTNGEXkqi+BhCeGUFGShnJQtbQNyUwGMY7i0nm+Uz/BBNZjy0h:zTNPi+nCeGCkZYm3+m/Blh
MD5:	C2833403BD976615000CC84D4497985D
SHA1:	88A05955C1454D312BBB5623CCAF861456F8FAD0
SHA-256:	2BD3D2DF348EFEBDB942C3248D0F3EA0F2F8049153C87F2D3AC3C9B984760624
SHA-512:	69EEC85F88257C6BE655D4B591A791E0CF243C4A248E0654FE600DD3FB26C36FEE02B16846C738A1B7F61F2E4AC6416B99EE1A79F4B14B68554FA5B7D403E2CD
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........8..k..k..k..*k..kD.~k..k".j..k".j..k".j..k".j..k..j..k..j..k..kG..km.j..km.j..km.j..km.Fk..k..k..km.j..kRich..k........................PE..d....'V_.........." .........$...............................................P...........`.........................................p.......0............E...................@......p>..T....................@..(....>..0............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc....E.......F..................@..@.reloc.......@......................@..B........................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-JIFVF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21107080
Entropy (8bit):	6.939471862296033
Encrypted:	false
SSDEEP:	196608:Aaej1L9Y05h2AdBrROQ8R9FYfGq7rgX3uW3fXC7nc+ILiAUfUX:oj1L9J5h2+ZUOgmc3LiAU4
MD5:	6114B8A9AC886500DA545DE36F92800F
SHA1:	981D0A666625149435C4BE86ECDA3334F54A8C77
SHA-256:	31024C8C869822E16418AED0A220DFED54F9D6A61824FC3D572C8A2E3017BE0F
SHA-512:	A39DC2655F19F99EAD916C0236DC121D9DE0C64BB767689840D2421BEC6DEA6A6447CB01F8723E781CE82B103E9D2B3E5A40FB22EF2A3908BCBDFD6FA61D1F48
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........E.Pp+.Pp+.Pp+.Y...Dp+....Tp+.../.Xp+...(.Tp+....Xp+.....q+.Pp+..a+.....qp+.../.Rp+....[p+.Pp*..q+.../.]p+.....Dq+...+.Qp+....Qp+.Pp..Qp+...).Qp+.RichPp+.........PE..d....(V_.........." ..........m.....T.........................................L.......B...`.........................................p.8.....,.8.......K.`.....F. .....A.......K..... .+.T.....................+.(.....+.0............................................text............................... ..`IPPCODE..<.......>.................. ..`.rdata....Y.......Y.................@..@.data.........8..T....8.............@....pdata.. .....F.......<.............@..@IPPDATA..9...pK..:....@.............@....rsrc...`.....K.......@.............@..@.reloc........K.......@.............@..B........................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LCGQE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	654232
Entropy (8bit):	6.2330705632037855
Encrypted:	false
SSDEEP:	12288:ca5/AbMMJ6KqpTvADxi+GLS+bmZ05oyKeluLgRy/lxcVJS30OwA:cjCvii+4S+bmZ05fKeluLgRy/vcXS302
MD5:	C6F1078C805CD149B93FDBCAC10E3812
SHA1:	E40E40BE3B9D72C8E31674BA6F71222077EC9BC9
SHA-256:	8FA3AFA409C2C926ABA81AD683CDDF37E2265F9C86CB38F7427814F9AD20DFBA
SHA-512:	50A18354E0157DB290012C735EA736EA089127F735731B2528BE2706367289A94C734D7492BB328E0A31CB1D5D3B89D512CC06F54161F34C91E6AA18476C334E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........Y,..8B..8B..8B..@..8B..HF..8B..HA..8B.'WF..8B..8B..8B..HC..8B..HG..8B..PF..8B..PC..8B..8C. 8B.VIF..8B.VIG..8B.VIB..8B.VI...8B..8..8B.VI@..8B.Rich.8B.................PE..d...M'V_.........." .....z..........l................................................F....`.........................................@...........T.......H....`...1......................T................... ...(......0............................................text...`........................... ..`.rodata..-.......................... ..`.rotext.Y........................... ..`.rdata...g.......h...~..............@..@.data....G..........................@....pdata...1...`...2..................@..@.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-LTK27.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1981336
Entropy (8bit):	6.443356868350275
Encrypted:	false
SSDEEP:	24576:E71BtVxef4zyClu5harL4nzFuMTolNnAOvzrEBJyCgC+FDpJ98:G1TDzTlu51usoLPvgyJq
MD5:	F20AF387BC631232AC7E3230EAABB293
SHA1:	08570EE568E9C63384F954DA22C1A89B698E5C13
SHA-256:	977358BC096C149EC7B59FD90C2CB42C0271529838278324D19201DBB9C0DA65
SHA-512:	3A9E2CF59778D59B29C1550A6F5FD1604764CD955E31713DDFE32029F5B325096B1CF540CAFAD1EBEA4E0C14F3B30D778F2FBAA9BCFB36BB1307DBB54D3729FA
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........1$?.PJl.PJl.PJl.(.l.PJlj Km.PJlj Nm.PJlj Im.PJl..l.PJl.('l.PJl.PJl.RJlT?Om.PJl.(1l.PJlj Om.PJl.8Nm.PJl.8Km.PJl.PKl2PJl%!Nm.PJl%!Om.PJl%!Jm.PJl%!.l.PJl.P.l.PJl%!Hm.PJlRich.PJl........PE..d....(V_.........." ......................................................................`..........................................z.......{..,....P..H.......Pv... .......p.........T...................P...(... ...0............................................text...l........................... ..`.rodata............................. ..`.rotext............................. ..`IPPCODE............................. ..`.rdata..d...........................@..@.data................n..............@....pdata..Pv.......x..................@..@IPPDATA......@......................@....rsrc...H....P......................@..@.reloc.......p......................@..B........................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P1PRU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	31528
Entropy (8bit):	6.472533190412445
Encrypted:	false
SSDEEP:	384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
MD5:	7EE2B93A97485E6222C393BFA653926B
SHA1:	F4779CBFF235D21C386DA7276021F136CA233320
SHA-256:	BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
SHA-512:	4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D\|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P4R44.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	130448
Entropy (8bit):	6.0053552859255666
Encrypted:	false
SSDEEP:	1536:79HgLe4nDaHKGSnATpw/Fqv+Z+vHJXfZDv496nkE4UgjLfaQ0YbrVCB3K0g:hA64eqGnu/Fqv6ypXxQ6nkEk/k60g
MD5:	57C6A4FCF72C08C13B94097AB20FAEAF
SHA1:	42A5F641E4297492A76DEE655E0E961CCC2986F6
SHA-256:	857706037C5DEC4AFF4C1932A41B96D4683E9CBBAE825C0BAE1ABDCAE9AF6DB6
SHA-512:	0736E79E6C7A37EDCE38DE5007B030C0E1E76242A554839C7D95B166FA4DFD6F635967B913F9A512A0ACEA5EA0FE91E6C5B53FA59F63D2BFA59895D0C1DFEF6C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y-...~...~...~..~...~ ......~ ......~ ......~ ......~.......~.......~...~...~o......~o......~o......~o..~...~..~...~o......~Rich...~................PE..d....'V_.........." ......................................................... ......U3....`.........................................0...................@B......................@....G..T....................H..(...`G..0............................................text...L........................... ..`.rdata..............................@..@.data...x............v..............@....pdata..............................@..@.rsrc...@B.......D..................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-P9F2A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	44304272
Entropy (8bit):	6.856413505722362
Encrypted:	false
SSDEEP:	393216:nXxHhTxcSFyhSi1p7OowbvQCf+RmgS1f8TFpYYGjmS:XxbfmOowBKJ6
MD5:	25BF073CA67157C08B582D27B9E53826
SHA1:	186EF5EE7179B3A994FD6BF700A0E1BCC50BA90B
SHA-256:	CCCE53C5BF322E7735B18585E97D4916559E2A498658781050AE1197FF29D49B
SHA-512:	EDE6C50612D0C46F28C09A9485993EB47533D7217DA73F9DFFF88EE5268C00D0DA6F762842D7403F1ED5798EE202C98CD6492569A5A35E28A4C1F26FD8F8EE70
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......... ..gs..gs..gs...s..gs...s..gsab.s..gs..cr..gs..dr..gsH.or..gsI.cr..gs..gsv.gs..fr..gs..br..gs..cr..gs..fr..gs..fse.gsH.cr..gsH.br4.gsH.gr..gsH..s..gs...s..gsH.er..gsRich..gs........PE..d...g'V_.........." ......0..(......8+/......................................P7.....\)....`.................................................l.........4..4....,..\...........5.8b......T...................P...(... ...0.............0..............................text....Q/......R/................. ..`.rodata......p/......X/............. ..`.rotext..$..../..&...Z/............. ..`IPPCODE..=..../..>..../............. ..`.rdata..Z.b...0...b...0.............@..@.data...........$..................@....pdata...\....,..^..................@..@.rodata.P....p4......>..............@..@_RDATA..0.....4......L..............@..@IPPDATA.......4......N..............@....rsrc....4....4..6...R..

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PIVL1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	211856
Entropy (8bit):	6.081276068949082
Encrypted:	false
SSDEEP:	6144:F9HyLHw/Xh9AjRr4hhPmQK0ZlJyhpxYS0wW:FlyLHqXnAjRQM0WE
MD5:	1A7BC39270FB2944FD7B31DA6A449DBA
SHA1:	80E34BE2CE5FB59D698B551ED83D5F31FD5AF985
SHA-256:	CE21D8415E36CE9F15F3D06FF7097999B869B643327232785C00AC30FA782493
SHA-512:	A18C065131982336C711DDFD7115E1663568FD7318805BECB41FBBD82B227EFE550FCFE32CA1B34760CFD0DE0736F2F9A28ED9AD94CA0C6849B48E94D3E32BC2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................."....Y......Y......Y......Y.......................2..........................N.....&...........Rich............PE..d....'V_.........." .........0......4........................................`.......p....`.............................................................H........... .......P......XK..T....................L..(....K..0............................................text............................... ..`.rdata.............................@..@.data...............................@....pdata..............................@..@.rsrc....H.......J..................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-PJL5P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	27936
Entropy (8bit):	6.577459666532623
Encrypted:	false
SSDEEP:	384:nGpHh29k7lAv1WioEWQ53tWi9pBj0HRN7evpPOWixHRN76MauOMlVt:nCHc4MqPAWevp3y6MgI
MD5:	1B8D2F7700EB84B832E9750880CDCBD5
SHA1:	3AE22588F9420414182F78A994E1E2D9153E48E2
SHA-256:	13DC526343225AD933612A6BBCEC4F9A3A9A94B00B2F24B7DA8F851E9DE00992
SHA-512:	6DB667391D842511867EED010055E9E3A09897004F77912E055FE794870EFD59CDE822D9AE819963595EB53A17477B24C981A334EBFB3869D71C3FE6A8274F14
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:N..:N..:N9(.N..:N..N..:N..;N..:Nu.;O..:Nu.>O..:Nu.9O..:Nu.?O..:Nu.:O..:Nu..N..:Nu.8O..:NRich..:N........PE..d...W8.^.........." ................ ........................................p...........`A........................................p'..0....(..P....P..0....@.......,.. A...`.. ....!..T............................!..0............ ...............................text...X........................... ..`.rdata..0.... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc...0....P.......$..............@..@.reloc.. ....`.......*..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-QSTSG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	44328
Entropy (8bit):	6.631745572973897
Encrypted:	false
SSDEEP:	768:uJnUUV7xPg4RdPvv1DHkhhFAWN6srByiYzC:uaY7XN7Ih4CIiYzC
MD5:	21AE0D0CFE9AB13F266AD7CD683296BE
SHA1:	F13878738F2932C56E07AA3C6325E4E19D64AE9F
SHA-256:	7B8F70DD3BDAE110E61823D1CA6FD8955A5617119F5405CDD6B14CAD3656DFC7
SHA-512:	6B2C7CE0FE32FAFFB68510BF8AE1B61AF79B2D8A2D1B633CEBA3A8E6A668A4F5179BB836C550ECAC495B0FC413DF5FE706CD6F42E93EB082A6C68E770339A77C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..j...j...j....l.h....y..h...cq..a...j...[....y..o....y..m....y..p....y..k....y\|.k....y..k...Richj...................PE..d...Q8.^.........." .....:...4......pA....................................................`A........................................Pk.......k..x....................l..(A......8...(b..T............................b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-R5R9N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	250768
Entropy (8bit):	6.1373382300932855
Encrypted:	false
SSDEEP:	3072:7KzvZoDlAz//7Jbl2oUbMwcOVQxQFPkjOg7YMskOB/uMsTnLPJEwSerle9ejdPIk:7/DM7JbooUbMw00EGZuFn+ejdVZwt9sl
MD5:	C6749BFCC78511374306FC6F22D5C23F
SHA1:	6759A3F2A535911C29C3E177E4A1677EA2B3AAA7
SHA-256:	898D50D5464DB102572D455AF693A649CD89208E266A3D6F9252F0A5CF58F230
SHA-512:	0F0CB00E19D001316B9EDD2167BFF9C20DEF5983ECAD34CB6E3A9F1CC8AA542875D02B0BD5C43B77E1852C31A04E3EAFDBBE69593221474007C92B8150F37F0E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QK=n.S=.S=.S=.R.=.S=.ZW<.S=.ZP<.S=.ZR<.S=.ZV<.S=NBW<.S=NBR<.S=.R=.S=.[W<.S=.[V<.S=.[S<.S=.[.=.S=..=.S=.[Q<.S=Rich.S=........PE..d....'V_.........." .....t...H......,`..............................................P.....`......................................... O.......O..h...............d................... ...T.......................(.......0...............(............................text...Hr.......t.................. ..`.rdata...............x..............@..@.data....8...p...0...L..............@....pdata..d............\|..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T11L1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	86944
Entropy (8bit):	5.9624570687102745
Encrypted:	false
SSDEEP:	1536:IBFTSLtywceYf2kv4pP1V7ufwNgF6PV36hGfKCX7kRf9Kr9j+0RE:bLrk94R1V7E+e6N6kfKCXgQ9C02
MD5:	8F33B0B07D5CA3139A45BB6B402B9FB7
SHA1:	9D94C74952A74A36DFE487660B3387F54EB51246
SHA-256:	00BF1A5E5BBB6675F84D336D608780BBDA0999132A9C688A92D3220B58B1B892
SHA-512:	676123E52FA1AE2C26A2DD5AD1A749D2D93D73A0505200E7BDB90BBF9F1334356FF9CAB4A71E21595B51EDB496FD9A000FBEAC8A1267B262D0DD82D1855C369C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......iF..-'..-'..-'..$_b.+'...W..)'...W..%'...W..)'...W..7'..vO...'..vO..&'..-'..N'..V..,'..V..)'..V..,'..V..,'..-'f.,'..V..,'..Rich-'..........PE..d....'V_.........." ........................................................p.......9....`..........................................................0...(... .......8.......`..D.......T...............................0...............0............................text.............................. ..`.rdata...E.......F..................@..@.data...............................@....pdata....... ......................@..@.rsrc....(...0...*..................@..@.reloc..D....`.......4..............@..B................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-T3E2B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4659104
Entropy (8bit):	6.333935702932292
Encrypted:	false
SSDEEP:	49152:chofA+qyml656pmOdUqbW7j9BWl3Sm0TI4c1nT5:wNyml65kdUqYWu4
MD5:	EDDC407A59FFDC57589241B6022CD7A5
SHA1:	9EEF17B610835CCA590C2EB3C51BBDF2895A1CEC
SHA-256:	76551E87993CF9E0F9764B5539047AB7D1B9F9DDCECC42ACA6A5493ED6CE3B58
SHA-512:	CA11F012CE3179C83C2D6CB9FDC40074C19677D4093B7C8E1E00C67D26721CE8FBCED23443E22E31C176A0D6241880EC373F9FD4939DA631FC3B2AE40F255731
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$............t...t...t.......t..9....t..9....t...t...w....Z..t..9....t..9....t.......t.......t...t..Wt..v....t..v....t..v....t..v.h..t...t...t..v....t..Rich.t..................PE..d.....Y_.........." ......%..\!..............................................PG.....<@G...`...........................................E.....d.E.......F.8R....F.`.....F......0G......ED.T...................pGD.(...@FD.0.............%..............................text............................... ..`IPPCODE.....0...................... ..`.rdata..".....%.......%.............@..@.data....E....E..<....E.............@....pdata..`.....F.......E.............@..@IPPDATA.......F.......F.............@....rsrc...8R....F..T....F.............@..@.reloc.......0G.. ....F.............@..B........................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-UNR4I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	137624
Entropy (8bit):	5.909722238073581
Encrypted:	false
SSDEEP:	3072:rOHSL/+jkiG2dRTZQILKrcGbjjW9+D95zi+0M:SLjkiZdRTZQILKrPjjzD95z4M
MD5:	C274F551A84006AF1F7222410EDA8C1E
SHA1:	890DC8153FABEE82015990D2D2E5A6C6EB1E7512
SHA-256:	CCC1BDA842699E94AA1B426EA6D3FA3A4F5866912D1511F61621531F482B8F86
SHA-512:	4D980ECB3BAC8A3D0C95AAB1E4D8436B801C167BB2DCED5CC8768C0DC7E793C7F53B97760587BB89CC7D14E42C7F60EE89471AB254047C77A66E75AA5AE0474E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Xs...............j.......b.......b.......b.......b......Gz......Gz..........l....c.......c.......c.......cm..............c......Rich....................PE..d....'V_.........." .........................................................@......w}....`.........................................0....................F...................0..0....H..T....................J..(....H..0............ ...............................text...`........................... ..`.rdata...\|... ...~..................@..@.data...............................@....pdata..............................@..@.rsrc....F.......H..................@..@.reloc..0....0......................@..B........................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\is-VSVSM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	590632
Entropy (8bit):	6.463330275333709
Encrypted:	false
SSDEEP:	12288:Mt8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3Ho/:MCMm9pyp35bQEKZm+jWodEExg
MD5:	E74CAF5D94AA08D046A44ED6ED84A3C5
SHA1:	ED9F696FA0902A7C16B257DA9B22FB605B72B12E
SHA-256:	3DEDEF76C87DB736C005D06A8E0D084204B836AF361A6BD2EE4651D9C45675E8
SHA-512:	D3128587BC8D62E4D53F8B5F95EB687BC117A6D5678C08DC6B59B72EA9178A7FD6AE8FAA9094D21977C406739D6C38A440134C1C1F6F9A44809E80D162723254
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n..............w.(...#...<........../.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;......(A......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-2M1CS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	4.891825004332733
Encrypted:	false
SSDEEP:	48:cFx8DUAA8XGhQXmbt6CVrwQdi+SEQAQdikSESSAQdiGSbQAQdiISbSSE:fJXGhQXmZFrwQdi+SEQAQdikSErAQdi0
MD5:	EB5AE1A2971541214DBFB0F9A62C09D3
SHA1:	CC8BC9251B7F016C38D8004983458A92E6BD2F86
SHA-256:	EE4604416BDC01B355F7E420DD865B2238FD2A624B1DF80CA87528AE049F2246
SHA-512:	36211EC09C4CABCE6246623E50F5BABB558E981A13C0E1BB7F19F1FEFDAA687CF0572720F54D7699C7AA40C03E657E1C0A7D7A923773F28A2E5103D0CD92B40E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">50000</avgBitrate>.. <maxBitrate type="uint">100000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">35</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>.

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-39A7G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	4.901729136243566
Encrypted:	false
SSDEEP:	48:cFx8DUAy9GhQXmxfZCVrwQdiTSSEQAQdiTSSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmxkrwQdi+SEQAQdi+SErAQdiC
MD5:	1B8A5FAC7AFDAF1D1065544D28FA8032
SHA1:	6ECBF75BBBCCAC4D1E489092EC1AE6CA04933A87
SHA-256:	65FABDFBD8EC6FCD83E98773617549F3A429743CC6353A07BE47E8FB3D596E73
SHA-512:	65FF373816011F1651642B1874842457DF57837FB99613AE34F43161EDDEB2CC77F88ED7BDEB683535DCEF2091ACC37A581D2EF325E45881C6C5CD1A562971E6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-3LBIS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	4.897602688600901
Encrypted:	false
SSDEEP:	48:cFx8DUAy9GhQXmxfZCVrwQdiESEQAQdiESESSAQdiqtSbQAQdi5SbSSE:fy9GhQXmxkrwQdiESEQAQdiESErAQdiz
MD5:	41F4DBF923105EC11F65BA2144A4AA1C
SHA1:	08944B39295DA9DCB2C9552621B18F2675D72A28
SHA-256:	A1B83BDBF455584BD9CB52F4046DD11F2C0C344BDD9AAF3A9C86026CD5A19539
SHA-512:	152E8B1F6FC5BCD4E8F552E777B97470D551A00ADC99328EAF35ECD4489EA4E5F784DB8DFC118CA96E9F2A264F9FC79533BE2D94AE07C38A804FE383378697F8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-5EQ0E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2774
Entropy (8bit):	4.898279100458865
Encrypted:	false
SSDEEP:	48:cFx8DUA7ExGhQXmbfZCVrwQdiGSEQAQdi2SESSAQdiOSbQAQdiCSbSSE:f7ExGhQXmbkrwQdiGSEQAQdi2SErAQd1
MD5:	74D3A101D199809C2D5162F09AE1FDCB
SHA1:	B54E08E6BE8E4F8F61EF1819CDCF5366BFA6195E
SHA-256:	0CE611955AAD8AF165042230B7F4AF5D9668E3A5E1C157554E0E8CD93611BA67
SHA-512:	12428D43FB4630139F017377B9DD3CB776061E76A78E1514C775B8328E97BD91858B05C87A72FEE8ED190C762DF3CAA20AA554D8CCF6FCC8DC2DFEC1B89E528E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">150000</avgBitrate>.. <maxBitrate type="uint">300000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-68POL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	4.898446871040008
Encrypted:	false
SSDEEP:	48:cFx8DUA7vGhQXmxaZCVrwQdiESEQAQdiESESSAQdiqtSbQAQdi5SbSSE:f7vGhQXmskrwQdiESEQAQdiESErAQdiz
MD5:	C4516399B1272FB46728BC44D0F8AF75
SHA1:	90F1632637FDD6F712CD729517BADD1BD76242E3
SHA-256:	2AACFEDF24629B3CFF4056521D4C140F98B98E9FE779E4CA1700AAA4CE8B8EE0
SHA-512:	C8B0526E1FFDAD76C570131B1A9B73640B6FAABF5E92C5E7905D89597BDACAA2769360F1C2A8205682A01F335DF66DD38EE4E14A12ABECE9560D8523CCB23F82
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-70ERH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2776
Entropy (8bit):	4.9012380435446525
Encrypted:	false
SSDEEP:	48:cFx8DUALbGhQXmbJZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fLbGhQXm9krwQdiOSEQAQdiCSErAQdiC
MD5:	59704A98B21B5D7977FE72173FEA8AED
SHA1:	B365E8A0476B57955C77C12923B08EAA5BBCBE42
SHA-256:	7BD5781745DFB8FF0D92E803C8D55FC3E3524CBC3D4E415826881F5CA3201648
SHA-512:	D476E393BFF6F4156EE6AFCF069FB881061F1AA45BB031ABFAC85B2728B502CBAEBEC8772AB66A114590C222227F479235685A7B2A3F66DC093081D4B612F505
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">88</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-929TD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2783
Entropy (8bit):	4.901505287509225
Encrypted:	false
SSDEEP:	48:cFx8DUAW7aGhQXmxRZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fW7aGhQXm/krwQdiOSEQAQdiCSErAQdx
MD5:	A58F9D142858D86DE5744B13508A1277
SHA1:	DD54CE0714F09B54D22E3B6D2F84F19CE1549D5F
SHA-256:	68D2CF05EDFC6361FAEC27FBE85C915E9D5339375956EE9289EEB80BFAAD4AEC
SHA-512:	9937AAD9A78398D8F77271D4F41C740470BFD613F7BC0BD71486181141FAA84A5CA255C7D272084CAFDD97F15C956411365DDBB90BC4A31FBA8B5EE703B377AD
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">750000</avgBitrate>.. <maxBitrate type="uint">1500000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-BITA4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2783
Entropy (8bit):	4.900953331049162
Encrypted:	false
SSDEEP:	48:cFx8DUALbGhQXmxRZCVrwQdir4SEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fLbGhQXm/krwQdir4SEQAQdiFSErAQdx
MD5:	C307D31594EDC65F24723B9CEB54CB53
SHA1:	20A092A476CADE15C29259F08D8488D12C0AC441
SHA-256:	230435126A87E06C08E04D1DD51D7218CAED36CF5859592D9E9F52DC2A710884
SHA-512:	D4BA746C291CFD9E94FD3547B36B29D627ADA184EB2BE67013EBC2DA1F52FB359DDDD9375C630D6E1EB7A3EEAD8952E0F134AC6B25D7658EDF5A408ACA7DDECE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-BSLL4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.899820695443051
Encrypted:	false
SSDEEP:	48:cFx8DUAlCGhQXmxMZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm6krwQdiOSEQAQdiCSErAQdiC
MD5:	3D7059100F8CF93797B50707E579F404
SHA1:	C0EB19A6D7A6346645B9D4C88923C69F47C3368F
SHA-256:	F7CAFA941211364CFF275EEE988066071D26BE2A22A3066E7AC77B5EC008FAD2
SHA-512:	9BCE2F2491ADF41CD9DAAE3941CD09CA66317632E10ADA425748A51066B02074E33E9CFE41CB8F34EB0D610CFDCC05E31E2F08868D2130328E657DD96DC36328
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-CELBG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	4.884427653572266
Encrypted:	false
SSDEEP:	48:cFx8DUAy4GhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiwSbQAQdiSSbSSE:fy4GhQXmaFrwQdiFSEQAQdi7SErAQdiY
MD5:	D00A40C77A68E94D1C5E8B228A8699A6
SHA1:	702DB15DB02B370632CDFB0625F55794C6B223DD
SHA-256:	622C669B93980B8CA46416BF683B1AD9554B1E984970FF3FE06B379122CBD640
SHA-512:	B3C5182FEA25DE82507C40D2253EE9E583C820ECBD37D4982B81F7A1C7DABEA07D07DCAA88C3E2E3B868B083193EDB052AF3505C06F991CA7FE57CB77F3A7C8C
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">20000</avgBitrate>.. <maxBitrate type="uint">40000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-CHT3L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2800
Entropy (8bit):	4.8498080202398155
Encrypted:	false
SSDEEP:	48:cF880UA0KGrDorWbYs43kQX7iVQdXDSCkpK73QdXDQkpKCRVQdXDSCnpKXVQdXDg:L0KGrcrWsuQX7iVQdXDtkpK73QdXDQk9
MD5:	9BDB0DE024E3113C93493CC856B74273
SHA1:	B58E715BD23CBDFBEC96CE9812104EBA5F6442E0
SHA-256:	51B7EAAD90181FF7D3585632A14CF6964B449241D4CD194AC84A6D27E45AABD4
SHA-512:	AC73D4F01C7A15FE5C100CFB412446DB6E93332FB7EBE874E5140F86DD15CA6A2E6E12CBEA571D9177567072ECD36554187D52B5474163A1CE6B3C52EDEFB3D5
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">80000</avgBitrate>.. <maxBitrate type="uint">112000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">7.500000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">40</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">2</codecFlavor>.. <codecN

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-D3DNG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	4.901010228982603
Encrypted:	false
SSDEEP:	48:cFx8DUA7vGhQXmxaZCVrwQdiTSSEQAQdiTSSESSAQdiCSbQAQdiCSbSSE:f7vGhQXmskrwQdi+SEQAQdi+SErAQdiC
MD5:	51469FA9523E74A5D541E564E1B0F9D2
SHA1:	A68F5A8B71367728FFA6228D663BC266DCBFE7EC
SHA-256:	28395B9FC5DFE974EA4F395DC31DB91ED23D89A2AEC9F5BB6CB7650BDC851BEE
SHA-512:	A93A199C127A4F9A49B62D5DEF541A678F2F943AC77655DD50DFF0180A61531B667A25A5E1585B2474E70355EC22CFBB93403AD8351CDB5B2D93B3D2834A9DF1
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-EMVVC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.902211089463482
Encrypted:	false
SSDEEP:	48:cFx8DUAqAGhQXmxDZCVrwQdiOSEQAQdir4SESSAQdiCSbQAQdiCSbSSE:fqAGhQXm5krwQdiOSEQAQdir4SErAQdx
MD5:	81DE0C06D6497EC2A7CB7B8658986EC9
SHA1:	159F250531109C135FFB44DB8F297A74E647FB27
SHA-256:	987ED4FBF8403E67A70B17F62D20321F6A4B1A253846FFDB09915F7492814CEF
SHA-512:	5C8A243DD003BECBAAAF104E13A6E50BB5855CC5A68EA638C99AC6925EE8165256900D0FE920A81C1F62C37A9DEFDB30F072A323332DBADDFF50D1070582BE7C
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-F29EL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2774
Entropy (8bit):	4.899204992683194
Encrypted:	false
SSDEEP:	48:cFx8DUAZtGhQXmbaZCVrwQdiGSEQAQdiISESSAQdiOSbQAQdiCSbSSE:fZtGhQXmmkrwQdiGSEQAQdiISErAQdiO
MD5:	D86218B5C90A79AD4722E00C637B2C37
SHA1:	9B8441BC9FB364B25E99842E2B91F102C8A90AF8
SHA-256:	136742FE009FE8E2E3C579B20E363B10F3DB4D78D7A7D6BF488B9BC76D0AC26D
SHA-512:	7B6739B8B55E8CFCE79DD0206809D43389D37013C5A7144851399BEEF0617CCA9C478DD4D8FE85B96CA967F40EC7E4AD1FDBF5623D3B5E1F45F33D9FB4F25ACF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">225000</avgBitrate>.. <maxBitrate type="uint">450000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-FR4HO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	4.887012888493202
Encrypted:	false
SSDEEP:	48:cFx8DUAQdGhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiwSbQAQdiSSbSSE:fQdGhQXmaFrwQdiFSEQAQdi7SErAQdiY
MD5:	7B08034A769601CA7423A8E5CB3BA023
SHA1:	27D77173000FC265F784ACB1F9441A79DCE1B92C
SHA-256:	B2814E8A44302ECD53A035F65A3ED0359A7C31076B32EE64DADA09D52D0CD901
SHA-512:	4DB8FD610A0AFD1DA24C35CB0F32873A45E07984191FE6BC9B2D71A10DC5BB5B559344640C017C27C879C2C773B06BA725DC5C4933BBE0C9C67299C6662D824D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">26000</avgBitrate>.. <maxBitrate type="uint">52000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-GHI5G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.900208739789838
Encrypted:	false
SSDEEP:	48:cFx8DUAlCGhQXmxMZCVrwQdir4SEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm6krwQdir4SEQAQdiCSErAQdx
MD5:	C553F56300A54DBF9B3293F0265BE113
SHA1:	D411084A1B93C2DD778F4D118F5413CD787F8A0A
SHA-256:	462A635F1EC39F3FEA18D555D09BC2A6C0BC51BB71FBFF7DD56F20B09D203CE7
SHA-512:	7246F0D1130512876769DEB1155A8CC73E2D86669A012C38E5E09629991DE2F582AEDA52096DE55D45346D40052FAB1F1BB1E73B60EC68607E627960F6DF23FE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-GHKQD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2786
Entropy (8bit):	4.900760319907551
Encrypted:	false
SSDEEP:	48:cFx8DUAAEXGhQXmxGZCVrwQdiOSEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiOSEQAQdiFSErAQdiC
MD5:	5D7B439263EB75B6227E51BD37B79AE2
SHA1:	2D785F343437ADC2F78DD06280B6FC3F2227FD95
SHA-256:	F23D3EA032819EDF9575FD7284DD78C2CF63DE57E8532EBC2F3DB534F54CDE7A
SHA-512:	56CA3A349F836B11990D2C077C980380170EE899B240A3747922BCA312F9CB871C27D240D357BE74F907A7BD6582579A1FDCC4950EFF76DA75767570CBF12772
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-GIT45.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	4.900959291006299
Encrypted:	false
SSDEEP:	48:cFx8DUA7vGhQXmxaZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:f7vGhQXmskrwQdiOSEQAQdiCSErAQdiC
MD5:	8EC1E3994954979297D6451177C609B1
SHA1:	0BB6EA34A8D18245C6D8E296E6F21FE9FB7B342D
SHA-256:	9488DFD2A418D2039AB92616FC0C4D641B1ADB8BE57B683C05FF640B76D73651
SHA-512:	6B8418FB1E39FCDFE4C814B1D72EFA935A700895DBC00B82D9EAE5A4B625DD721FC7C81DE484A7104FA047B785CDC6B58F4E1EBCD09BF90CE80E3BFE2A1C54B0
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-H1LIS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2786
Entropy (8bit):	4.8982790656137905
Encrypted:	false
SSDEEP:	48:cFx8DUAAEXGhQXmxGZCVrwQdi5SEQAQdi5SESSAQdi5SbQAQdi5SbSSE:fpXGhQXmQkrwQdi5SEQAQdi5SErAQdiQ
MD5:	258A87EC71859D3E7A0B92D82792C48E
SHA1:	10EB812873308C393A85A0BA95D552F3ED137D97
SHA-256:	3C020749A6B145A812323332E5C2EEA48A14025091B25B5CD3B8EE3E19AAEB94
SHA-512:	0C0C2088B8CE3C8B1E12B717656B17497B364F9B0BEE886959DE58F7DB30518ACA0E421750EB78F780EE142266DED80663BF4CBCE3D3C25467A17DBA6139F6D3
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-H7428.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2783
Entropy (8bit):	4.900947577390879
Encrypted:	false
SSDEEP:	48:cFx8DUALbGhQXmxaZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fLbGhQXmskrwQdiOSEQAQdiCSErAQdiC
MD5:	5307E2EFBE96D3E1AFE609C6A6C0E591
SHA1:	3FF1A198ED0F16E77BEDC71FA7888C95039B2F69
SHA-256:	D8C7CABD3C82CC58BB255229C3A77091C631767A437C1C58AC3085BB1069473E
SHA-512:	E03982089972F26A590D2CDC3E29085EA955AE06DF1CB4CF509DE19339EAD43A2879127C579E30C6182AEAC41AD0B22CAB6E05ED432451513BEC6EDF75C2BDB9
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">70</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-I46UE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2773
Entropy (8bit):	4.892963874866102
Encrypted:	false
SSDEEP:	48:cFx8DUA90GhQXmbd6CVrwQdiwSEQAQdiSSESSAQdiOSbQAQdiCSbSSE:f90GhQXmZFrwQdiwSEQAQdiSSErAQdiO
MD5:	D93D7D90A09D5C70EB4DA26291313D06
SHA1:	9C554F9FE121A93EF7FF9DC36D7606D0328E5E64
SHA-256:	7E5D4FBBDE6766DF96575F1BE3F376FCAF973EF9457E4D80820609E2BB2D9441
SHA-512:	D815A9CAFD8B5AA29419D97D703C039AEA14D9E6C1A40B5196E58812C09561397F94679A897C0275D760C24F3DA063C696425E27F8771B665F81622BFECBFC30
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">100000</avgBitrate>.. <maxBitrate type="uint">200000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">40</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-JOGRT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2775
Entropy (8bit):	4.9006782402039955
Encrypted:	false
SSDEEP:	48:cFx8DUAy9GhQXmbPZCVrwQdiOSEQAQdiJSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmzkrwQdiOSEQAQdiJSErAQdiC
MD5:	369D6681BBB69CA6BB29A106D4F3C3FA
SHA1:	7D392F609C16AC010857180CE09802EA11D0C4FA
SHA-256:	DEB1CC555647073A4E0410054FABFDD8303E53F1F50B16EB126E559F49E445BD
SHA-512:	E05A64636DBB75D8BEFD95049FEB054E9BFBFEBCE144E97B53DD49A09B386A7E820309C0AF089BBB77A56089FE7BADCAF690F3D3304A37868ED389505AC7AB61
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">77</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-KAHAS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2775
Entropy (8bit):	4.900324924891799
Encrypted:	false
SSDEEP:	48:cFx8DUA7vGhQXmbNZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:f7vGhQXm5krwQdiOSEQAQdiCSErAQdiC
MD5:	C955F947CDC39D2466CCC1CC522EAD5D
SHA1:	85D9EA0E5A7B1635C53FE6DF44D30B90B8445C4C
SHA-256:	AC597B9207A05CA0DD7CE8D1609169A3A6536FA798C06F923DD0B1C6FA2AB087
SHA-512:	72F4F0AB335FB21FDC739AF31E367EAEA864518BFE674BCD7410DCFB5BC2C1EF97009C1D00D57D21EB6584021BE832680270B8054E89BBE316D27F2316865939
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">450000</avgBitrate>.. <maxBitrate type="uint">900000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">84</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-KHL16.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2782
Entropy (8bit):	4.901135504160747
Encrypted:	false
SSDEEP:	48:cFx8DUAy9GhQXmxfZCVrwQdiOSEQAQdiJSESSAQdiCSbQAQdiCSbSSE:fy9GhQXmxkrwQdiOSEQAQdiJSErAQdiC
MD5:	0F1839E97AF9EAC1C407E4EDBE43FFB4
SHA1:	647EEFA3A0B2C04F626B1D519B64E240472CF9A0
SHA-256:	C1E4D129BEC794F4966C6D895ACA2B91E9D0A7A05CF0D5B3A4E774EC420CE29D
SHA-512:	BA9901A0E2950410AE046D6DD14A580F50C9495B81F5CD604ECA5E3CCEAB40D5C5A15C3F77C9C9142C1DE9A6B39BEDEA8451551B30E3078CC789D2E8C305A56F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">350000</avgBitrate>.. <maxBitrate type="uint">700000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">60</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plug

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-MVRHA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.897203254179472
Encrypted:	false
SSDEEP:	48:cFx8DUAlCGhQXmxMZCVrwQdiqtSEQAQdiqtSESSAQdi5SbQAQdi5SbSSE:flCGhQXm6krwQdiqtSEQAQdiqtSErAQR
MD5:	A2BED710F1CF410F3FD33970D3D267AE
SHA1:	D3B1C227E851B43596AF7DD8B3FB25A97A516BC7
SHA-256:	1BEF17720FF6C88365AA7E7DF0C3DD490205786A7DEE5B45932D30FDE56264DF
SHA-512:	E7FEFA43DDAEC6C233F77DE670E3BD8F88FDF73A5EE04AD807576E31296E29C93D749FA2489C224FBA068F9AD71A9C28677E8409C3F4486083A65EB707E38CC6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-N2GCJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.90111726170542
Encrypted:	false
SSDEEP:	48:cFx8DUAqAGhQXmxMZCVrwQdiOSEQAQdir4SESSAQdiCSbQAQdiCSbSSE:fqAGhQXm6krwQdiOSEQAQdir4SErAQdx
MD5:	F328E233516EA0EBA47CB6067880E4EA
SHA1:	E6CC429F94C0CB93FB4B47F4C016AFD71BDBC8BC
SHA-256:	E21A0F10C91D6D6D06CABE5E3AE3A3ED96CDFF821DBEFDCDF1C887358FC1F175
SHA-512:	A967F72A2656EB9F48B3B2917BA241D7FE17E2FE2C6A7520221D2D2528F3991D5125F6881C09E81938362A467F437DE21D697D4350E09AE6A744078292042CF9
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">90</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-NTE34.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.899310933601001
Encrypted:	false
SSDEEP:	48:cFx8DUAqAGhQXmxDZCVrwQdi5SEQAQdi5SESSAQdi5SbQAQdi5SbSSE:fqAGhQXm5krwQdi5SEQAQdi5SErAQdiQ
MD5:	90EE424A1EFEE8B9115B06DCB311C814
SHA1:	EB9F2DB4E3CE695AAE9DB7AB4AEF57F15F2D8239
SHA-256:	0B691ACE022931A7E8CF60E8B45AC8A39537216B5F219BC631385F6A70D618FA
SHA-512:	F6546DED7442D49E243F6AE1BD195D7345C49724343F18449937C71223292BC4FDF08DE4918F88B2D7979AA546D498A12DD2F734B03A86659E9DE3108CA65508
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-OLPN3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.900855328863332
Encrypted:	false
SSDEEP:	48:cFx8DUAqAGhQXmxDZCVrwQdiFSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fqAGhQXm5krwQdiFSEQAQdiCSErAQdiC
MD5:	38E965EA1276ED6B62C6EF060D978E9E
SHA1:	4080BA407618A8B684446A950FA8204D48BB33B9
SHA-256:	9C92417E9AC0F855358A2983BA74F32B80A0955E2AFEB975FB75532A98125593
SHA-512:	F8BFF9C4D3AD036EA5C7C775E7865EA0B8B115C875D7070E9E2AD26E910F8B897B3A06C892937D0A22064EB2C919685E820D09F296B0C0002EAF7EC296638C54
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">95</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-OV9MG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2783
Entropy (8bit):	4.898526134677562
Encrypted:	false
SSDEEP:	48:cFx8DUALbGhQXmxRZCVrwQdibSEQAQdibSESSAQdi5SbQAQdi5SbSSE:fLbGhQXm/krwQdibSEQAQdibSErAQdiQ
MD5:	F6BCCFD4B20A2A381D3618422E56D9C5
SHA1:	E55E7D62C8D97611CA4BC069D260A883FF67C55B
SHA-256:	6D6DAC09AB8E5DF5C46F455061116039CD8AD124411C439B5437B56E96647D12
SHA-512:	5F31ED103D227EB67E3E92B6B5C0EA86A9CBEDFA0A2E476F2381687DEFA4B6AF38D8E4975F1E3003B988A806699033261489B5BFF5B27CDBBC13108B9FBC2A62
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">700000</avgBitrate>.. <maxBitrate type="uint">1400000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</plu

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-PH5I5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2798
Entropy (8bit):	4.839744521077124
Encrypted:	false
SSDEEP:	48:cF880UAyCGrDorWbYZ43kQXiwVQdXDSCkpKw3QdXDQkpKiVQdXDSCnpK73QdXDQH:LyCGrcrWs1QXiwVQdXDtkpKw3QdXDQk5
MD5:	3931BA0423004139D1FCB58DCC4434B9
SHA1:	E5C4E12B0DDCF2570C9B32E7FFB9495022C0B8E5
SHA-256:	F1ADB2B4B1F1A6598AED0BD70761E869599A3D503ECE5E980EA1551A075492F8
SHA-512:	EA242F5147E4A57475D9BBAA7B8AFDCF0A514DD18A3904EE281D784920C8A4F2158586007B9C776BC0649194F00C41AE3F4B865630B21E47D43CC85E9637AAD5
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">20000</avgBitrate>.. <maxBitrate type="uint">28000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">5.000000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">30</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">0</codecFlavor>.. <codecNa

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-PRH4T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	4.886617018932608
Encrypted:	false
SSDEEP:	48:cFx8DUAn2GhQXmbm6CVrwQdiXSEQAQdijSESSAQdi+SbQAQdikSbSSE:fn2GhQXmaFrwQdiXSEQAQdijSErAQdio
MD5:	CBEDCAB30E616A115973115340B36146
SHA1:	A5B9C5A1A2F9E37A6CCF2F5E578C1A9C55D3B68C
SHA-256:	00442F4CD2C183505B0B5DF3796CA8FFCBCE6BE02BFCEE9E666A12EE7C3AE882
SHA-512:	8E28EF41EB89E5E5741CC837AFC02A7C49EC7A6C9D8DAD78CB44FBE5BBDBFD972A550A1F66915DAB3F2CD3E813A84942984F9B22DD433BE4F20982E0CACD0E9D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">12000</avgBitrate>.. <maxBitrate type="uint">24000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-QC42T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2777
Entropy (8bit):	4.89018673094656
Encrypted:	false
SSDEEP:	48:cFx8DUAqAGhQXmxGZCVrwQ5iISEQAQ5iISESSAQ5iISbQAQ5iISbSSE:fqAGhQXmQkrwQ5iISEQAQ5iISErAQ5iw
MD5:	A8A1F53B88491643AF854DA1BFED49C5
SHA1:	9E193975DEF484AEA1C449571E0B12C6A73C3A44
SHA-256:	B221266E1EBC54F4007A815918DA4ACF867A9CFEEB2DBDB5CFEE8C0ECECF9390
SHA-512:	6E8FD5CA8E4C6DDE545CDA73468AB734212B814C08DA4A684B6905D7E3A55AC0210A486EBDC4E7104A9C582DACF5EA2C799068FC0E7EF86576E10E8A6DF93B5A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">2000000</avgBitrate>.. <maxBitrate type="uint">4000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-lossless</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-QKRUR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2784
Entropy (8bit):	4.899102304638453
Encrypted:	false
SSDEEP:	48:cFx8DUAlCGhQXmxRZCVrwQdiOSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:flCGhQXm/krwQdiOSEQAQdiCSErAQdiC
MD5:	A615E0394F584B4A2F062F453DAE6E80
SHA1:	57C818FDBE9D55C0DA232CCBD3D38233A3D2CE07
SHA-256:	0A2D12393DC0029DB5B16022C1EAEC6B57A0944623B92153B95178ADF9847240
SHA-512:	4BE1D760825071B36A18B7020E5E2E2CD3E1D9A925F940CC823BFF0B294839F29A2D12A42925681FB9817C69C4702ECB1E50E61BD70DEBC37CFD664E8792762D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">1000000</avgBitrate>.. <maxBitrate type="uint">2000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">80</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pl

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-S1HTH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2786
Entropy (8bit):	4.900760319907551
Encrypted:	false
SSDEEP:	48:cFx8DUAAEXGhQXmxGZCVrwQdiOSEQAQdiFSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiOSEQAQdiFSErAQdiC
MD5:	5D7B439263EB75B6227E51BD37B79AE2
SHA1:	2D785F343437ADC2F78DD06280B6FC3F2227FD95
SHA-256:	F23D3EA032819EDF9575FD7284DD78C2CF63DE57E8532EBC2F3DB534F54CDE7A
SHA-512:	56CA3A349F836B11990D2C077C980380170EE899B240A3747922BCA312F9CB871C27D240D357BE74F907A7BD6582579A1FDCC4950EFF76DA75767570CBF12772
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-TBRIB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	4.888076695342852
Encrypted:	false
SSDEEP:	48:cFx8DUADzGhQXmbm6CVrwQdiXSEQAQdijSESSAQdiwSbQAQdiZSbSSE:fDzGhQXmaFrwQdiXSEQAQdijSErAQdix
MD5:	01BA77EC69B97759673494289721A7A1
SHA1:	EE5F2EAD3DCBD460D3B3785CBA05B9E5FF7ADAD4
SHA-256:	5456F4CD1A39B7AB2524340C8E56FC0F9E3D5F4EAB8A460B3877D582B68AE08A
SHA-512:	2474E8F5E578BA2110ACFB6B0D5A2C6471F724968400AE7EB2A420F27E50608321F8CFACC241ADB10F4B49223C6FDF9D3F292973500CB33173095857E7C6C88D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">16000</avgBitrate>.. <maxBitrate type="uint">32000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-TH42R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2786
Entropy (8bit):	4.900152461503551
Encrypted:	false
SSDEEP:	48:cFx8DUAAEXGhQXmxGZCVrwQdiFSEQAQdiCSESSAQdiCSbQAQdiCSbSSE:fpXGhQXmQkrwQdiFSEQAQdiCSErAQdiC
MD5:	152840C49C7B27E86872A003EC913575
SHA1:	49C460DFAFF5238A6C0C0D73BE97F742D1AA9A07
SHA-256:	AEFAC4EE115419A8BF432D18D2B3D60FA59AC199D7402F83382917994EE16EC8
SHA-512:	AEDEE1D44A6FE9B25F3CD020820F178D2C2701FD95AE60CD471F4A0BA6EF34F10CB1CFAE7F9F6F8E76C11D84C0D38BD74DF8CF29DE3D9DD0D4FBBDC3F7008D0F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">5000000</avgBitrate>.. <maxBitrate type="uint">10000000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">vbrBitrate</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">100</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">30</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-UPAA4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2770
Entropy (8bit):	4.89211739812396
Encrypted:	false
SSDEEP:	48:cFx8DUAfmGhQXmbm6CVrwQdiFSEQAQdi7SESSAQdiGSbQAQdi2SbSSE:ffmGhQXmaFrwQdiFSEQAQdi7SErAQdi6
MD5:	C8859FEBE57ACD0411A0963530D90430
SHA1:	ED75101906B45656BCFEEA1038B70A6C8B4ADF79
SHA-256:	FEA8E082BB13EA02C2F60B91837664637F4325E1DCC26F50183C996FE9FB7761
SHA-512:	4D30E7D56828EB87B2C95A2142160114A4E0B09F530292CD56B57258BA1EDD436F3C32118D964148C0186305F116A74F7AA84BD19903FF330F3E35307206BE57
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">34000</avgBitrate>.. <maxBitrate type="uint">68000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <encodingType type="string">cbr</encodingType>.. <encodingComplexity type="string">high</encodingComplexity>.. <quality type="uint">30</quality>.. <maxStartupLatency type="double">4</maxStartupLatency>.. <maxFrameRate type="double">15</maxFrameRate>.. <maxKeyFrameInterval type="double">10</maxKeyFrameInterval>.. <enableLossProtection type="bool">false</enableLossProtection>....</stream>.. <stream xsi:type="audioStream">.. <pluginName type="string">rn-audiocodec-realaudio</pluginName>..

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\audiences\is-US9VT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2803
Entropy (8bit):	4.8551933948648225
Encrypted:	false
SSDEEP:	48:cF880UA8hGrDorWbYs43kQXGdVQdXDSCkpKXVQdXDQkpKhVQdXDSCnpKXVQdXDQH:L8hGrcrWsuQXGdVQdXDtkpKXVQdXDQke
MD5:	341F17366A7ED4FB2FA3CC4B1FEB6B07
SHA1:	BB6FABB2F9D4B3E97C4662C3545F8FD3B38ACEE3
SHA-256:	1595698CB16144131F0669CE166EDE6FCA0E0B942CB34FCF9D9B095660750D9A
SHA-512:	EFB0271C11681C6C1C3293979D357B6A2C666F5DE7F9A48EDD03F8912292835D16B4BA8F500F01A0CCA0DACBFD7F86203CF40FF1DF18EC1F9FBED7F7B2F9698B
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>..<audience xmlns="http://ns.real.com/tools/audience.2.0".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://ns.real.com/tools/audience.2.0 http://ns.real.com/tools/audience.2.0.xsd">.. <avgBitrate type="uint">200000</avgBitrate>.. <maxBitrate type="uint">256000</maxBitrate>.. <streams>.. <stream xsi:type="videoStream">.. <codecName type="string">rv8</codecName>.. <enableLossProtection type="bool">false</enableLossProtection>.. <encodingType type="string">cbr</encodingType>.. <maxFrameRate type="double">15.000000</maxFrameRate>.. <maxKeyFrameInterval type="double">10.000000</maxKeyFrameInterval>.. <maxStartupLatency type="double">4.000000</maxStartupLatency>.. <pluginName type="string">rn-videocodec-realvideo</pluginName>.. <quality type="uint">70</quality>.. </stream>.. <stream xsi:type="audioStream">.. <codecFlavor type="uint">16</codecFlavor>.. <cod

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-1DHV6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	73793
Entropy (8bit):	5.5605243298434965
Encrypted:	false
SSDEEP:	768:z84NgbRXrRdn8hHNp57RoeTX79c9sI4gA5Ii/hQVCVL8jDOeIJunlkonm+SQYq4W:zIXrRMp57zsD4GiZO+8+onGUdSQT4DS
MD5:	107A64D31CB2DAD1746B060886440F60
SHA1:	BC89B6AFD11FDDE240DAE5DE8C43C567B96C8240
SHA-256:	11D85AED01DA3581D659B18B406F5C188C95EDB7C574B9A4881E0DC0229D849B
SHA-512:	F9DEF5B32D0141395AACF5E852A74841584DDD042B439172FDE8C017EC7B26C3374FC486C549CEE05649CC99B83D7A386C2CC26631DA990F3EC9ADD18363C6CD
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d............!.............................................e...............].......Rich............................PE..L...M$.>...........!..............................U`.........................`..................................................(....@..h....................P......P...................................................D............................text...D........................... ..`.rdata........... ..................@..@.data...<]....... ..................@....rsrc...h....@......................@..@.reloc..@....P......................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-4AD6F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	176195
Entropy (8bit):	6.0377378471977226
Encrypted:	false
SSDEEP:	3072:61Exx64kgPNRE0/WFOBC/Wgf11y1rgEedRjlbDDDDDDDkYzbDd:3NRE/gBC/Wgf11y1rgEeXlbDDDDDDDk0
MD5:	C1237664CC679ECDEBB955981DC8786A
SHA1:	2BBFF876F29F23CFFA55780B28C98504A5BAB6ED
SHA-256:	1E902223D3E4EC7BAA4580AF3B28A15B866340301434090B2F11AF29A021501B
SHA-512:	85AADC138EAD2925D26D164A536D6D39CC893EB412D7B8EE4251022D1B5F6C39FE25D7DC0C24330701001127AF21070947644267346CDCD1E8FECB87DC6E8789
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C............................b...............".......................Rich....................PE..L....;.@...........!................`U.............a................................w...............................0W..p....U..P...................................@...................................................@............................text....F.......P.................. ..`IACODE2. 4...`...@...`.............. ..`IACODE1.......... .................. ..`MMXCODE1.;.......@.................. ..`.rdata...X.......`..................@..@.data....*...`.......`..............@...MMXDATA1......... ...p..............@....rsrc...............................@..@.reloc..............................@..B....g..E@...p$#C..8..3...u...8.d.34..78....)n.9..\p.2..g.7.O._x.. T.B...8..%......tc.>1.aD0X.N.".@f..,.o.........X..Vz.S{2.r.......................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-6RM2R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	548919
Entropy (8bit):	6.4777190361374535
Encrypted:	false
SSDEEP:	12288:5LfLv74Iq4S1K2hTxlSLR8QegKXHLEU+RONk76RyP0oBrfdtW:NnMuR8JxXHLEU+RONk76RyP0oBrfPW
MD5:	FEE174FA75745239446F0D1F1D365C28
SHA1:	D86A90F33A507FBD8278CC58B1D0C2CE6FB809A2
SHA-256:	219A8E99B8002E72E48732D502E3A6BB194B4554104F9E58D4A28D443A1EBDBE
SHA-512:	159456DCD6351C443F1379FD44DE3A79ED624CDDD1BBB91E778A9865EAF6557F52189096AC54D4C5D9B0B73147AE7705A3E2ACA2E6510D36644757D273475AFA
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2x..S...S...S..@O...S...L...S...L...S...S...S...L...S...U...S...p...S...p...S...S...S..<s...S..Rich.S..........................PE..L...}Vr@...........!..............................U`.........................`.................................................<................................f..0...................................................$............................text.............................. ..`.rdata..............................@..@.data...t........ ..................@....rsrc...............................@..@.reloc...i.......p..................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-8OEUB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	327749
Entropy (8bit):	6.6610539163254865
Encrypted:	false
SSDEEP:	6144:H62Ol7Ss4LQZp0Suz1QfJyKEGfWoQaioeygljEzi:dOr0SuzaDEGfWo5glYzi
MD5:	079525F2434437FA1624285657B617BD
SHA1:	E9EB76039AC262F6731C38FCE133C6C99D12A20B
SHA-256:	52D8322E5285EC81044E49CDA3C429ECD275FF168368271239224742C3B4CCE4
SHA-512:	C667A14DF291DFA9E701D0B5DE17F7D2D5724462B5624924D29CDCA29CCFB2FA4AE56D4B6ED38B262542B86B9C3686D0487DAA803E1575623F7D1768DA005C7E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........^......................b..........................."....................Rich...................PE..L...)<.@...........!.........P.....................a......................... ......................................0.......(...P...............................\....................................................................................text.............................. ..`.rdata..............................@..@.data...P...........................@....data1..............................@....rsrc...............................@..@.reloc........... ..................@..B....\..Y`....-.o..`u.k.R.R...9.r\|.y.r..nq....!...t..(...TO1...~...Yi. .....X..vZ.z.*...5.....g.{.m........aU...6...4\.....#pbved. .Intel(R) C++ Compiler for 32-bit applications, Version 5.0.1 Build 010922Z : D:\Intel\rv2001\enc\x86\winterp4.cpp : -Qvc6 -Qlocatio

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-FELGD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	102465
Entropy (8bit):	6.701185053572777
Encrypted:	false
SSDEEP:	1536:q0JYC+dEQ8OMBhyGfnVI7ZWTsrfrI7ZWTsWm:q0iELlMOVI7ZWTErI7ZWTZm
MD5:	A781F8AB9720EFA9C4F198BD79866E11
SHA1:	0111066B577B2CA6098CD77EED2473590E288719
SHA-256:	7961CEAC07ACE2628967D015F78B9E64B71D280CEC641CB9D58926785E47F64B
SHA-512:	CE89D98E3241142F7C0F655D7A479EBA407060464FCC868A0D692C81F3F4713454CE8FFB0418D52FDBDE3EE8B694FE6004C478B4B6E01DBE18EF344507577655
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}O..9.y.9.y.9.y..2w.;.y.V1s.=.y.9.x.).y.V1}.:.y.?.s.8.y..(..8.y.?.r.i.y...}.8.y.Rich9.y.................PE..L....Vr@...........!................G.............s`....................................................................(...T...(....p..@.......................@...P...................................................D............................text............................... ..`.rdata..............................@..@.data....~..........................@....rsrc...@....p.......p..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-L8VPB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	65602
Entropy (8bit):	5.507533722705891
Encrypted:	false
SSDEEP:	768:tBrGeYp8LkLF7JlJa6Cvu+iZK4nGlo7dCYtVykJK+t6tj6tVDWBE3Ghv+XbG:tS8LkzNCvViZNnyYdRK+t6t1F
MD5:	FEC421F11F3E143665387A26B05B696E
SHA1:	881DF4F3E97FCB2E671F4DC54BA6B5D56F0EFF54
SHA-256:	A51BFF72ECE803500283517AC3D35E25D17295B094CB453687B75D159353BAFA
SHA-512:	F30AE4FF177C625DAAABAFD497E191E98571A0A35DE096BBD54A406CD56F85998269D9F720B6BEEB192BAFD1A6EF5A0E747EF313BD0C450F747E199E6380C1F6
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?K.^%..^%..^%..B+..^%..A/..^%..A!..^%..^$..^%..}/..^%.JX#..^%..}...^%.r~!..^%.Rich.^%.................PE..L....Vr@...........!.....p...........{............q`.........................P......................................`...(...\|...(.... ..`....................@..<...0...................................................,............................text....k.......p.................. ..`.rdata...,.......0..................@..@.data....j....... ..................@....rsrc...`.... ... ..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NEFLU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	266306
Entropy (8bit):	6.610971834095742
Encrypted:	false
SSDEEP:	6144:nwbEScIpZH6B7HZDQAfmLSieQu/tWOwFt5ZRsNZmljEz7:qE4aBTZDX7T/thwFt5Z+ZmlYz7
MD5:	C1C3701481221AB39365C2F300643A63
SHA1:	1983AA9BDA31856CC000E280AECD906F54B4E0FB
SHA-256:	91D5A17FF6FCFAB890D24D57C9C64F03F540979E949D4883433CC44B8CC32700
SHA-512:	C115C4599716CF43D0FD3A450AF14A7655A486C2B01DCB02CA4EA8413716C924F57E1B37195223D70B87414FD1B6F86E66EC4CA85EC69AA3B7FDE7978DCD2A95
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..$...$...$..98...$...;...$...;...$...$...$...;...$...$...$..F....$.......$..}"...$.......$..E....$..Rich.$..........PE..L....Wr@...........!................a..............`.........................P...................................... ...........P.... ..P....................0..l....................................................................................text............................... ..`MMXCODE1............................ ..`.rdata..'R.......`..................@..@.data........0.......0..............@....data1..............................@..._RDATA.. ...........................@....rsrc...P.... ......................@..@.reloc.......0... ..................@..BIntel(R) C++ Compiler for 32-bit applications Version 5.0 Beta 1 000517 Copyright (C) 1985-2000 Intel Corporation. All rights reserved. .Intel(R) C++ Compiler for 32-bit applications

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-NJJD4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	479298
Entropy (8bit):	6.491323519270892
Encrypted:	false
SSDEEP:	6144:02yjLfQhD7QvWTM9HZ5kf7kqHda6aDKfFZSScAoyus7Vd/pojh1vczmDJ1u+BilC:eBHzaI/6ymF520j/pch1vcCDJA+8lYz7
MD5:	93B0942D1A70B8D7D59D90089E246C25
SHA1:	2170EADA30779AF102964EA05DD8A6F449876C97
SHA-256:	3B27565278CC6B3A499F3EB041161A8E1E002D7FBD7AD17BE79BFF79E0F5CBBB
SHA-512:	E01EFA89D17DE9658E7974DB3AE1EDB4849AA41D3CA966A064AE4DA68631F83F19450642C515188D13AC4988FE5A2016322C3242445243990CB2E8820D9E4127
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>...P..P..P.3.^..P...Z..P...T..P..Q...P...C..P..P...P..Z..P.w.V..P..[..P.O.T..P.Rich..P.................PE..L...TWr@...........!.................v.............`............................................................................x....`..x....................p......0...................................................,............................text...jg.......p.................. ..`MMXCODE14........................... ..`.rdata...#.......0..................@..@.data...............................@....data1..p............P..............@....rsrc...x....`......................@..@.reloc...,...p...0... ..............@..B................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QI59E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	155702
Entropy (8bit):	5.898078968562479
Encrypted:	false
SSDEEP:	3072:sHWOqg0q2eZa8tMS+4L2XKhQlR9k2AX4G2c78RUtq82OEk74n:gZD/Za8x+I2ahwDAXt2cgRUtV/LE
MD5:	408D468086D281F526A84836E0C49E71
SHA1:	2E339077D0C5BDD0E0A6DB892054289E24AD7682
SHA-256:	B07CC92E6CF0A2609BB20BEF9A4D469A77C6CCE6BC5A147F4125A456CDB429EC
SHA-512:	5A6689890BBC3F13925D73076018F8EBB75F314E732336A8163D563B2959C48D11C347BE997C1F9EE5459AFE52134500A11FFBAB94B8FB632C8597F1D375C096
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7t..s...s...s.......q.......r.......v.......p...s...x.......r...u6..w...u6..u....5..r...Richs...................PE..L....Vr@...........!..........#...................w`.........................@$........................................u......<.....$.`.................... $.....0...................................................,............................text...d........................... ..`.rdata..U...........................@..@.data....U#.........................@....rsrc...`.....$......0..............@..@.reloc....... $.. ...@..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-QP1V5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	102464
Entropy (8bit):	5.749974043070897
Encrypted:	false
SSDEEP:	1536:Hre+EuDd38Nd72KNClBpdHZZd9CBpdHZZd9gr4QcuMV+D8Kf5PL0QTsXcAPZF1:Ha1483FN6rC1mXTGcAPP1
MD5:	9AE31533C71CB4094B6681F0A7D055E8
SHA1:	DDC683257E4C75649FAD93C0543FE5F12CC846DE
SHA-256:	051B7C1F3BC06B34260C16AA4E8EF75018E2C142480027FC5C0D384A545041F9
SHA-512:	E1B8E3678017C0060BB8C047890DB2E4D76FE6E21CDD6CE1EB3893DE8C12B41DEA04CBB2EB3D766DC5384184304591568DD32D8C900C76BBA30D23DAE01F7C57
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..R.a.R.a.R.a.R.`.S.a.0.r.P.a.R.a.T.a...c.A.a...g.S.a.T$j.S.a.T$k._.a..'e.S.a.RichR.a.........PE..L....;.@...........!..... ..........P&.......0.....`................................h................................1..}....0..<...................................@0...............................................0..4............................text...@........ .................. ..`.rdata..=....0.......0..............@..@.data....o...@...0...@..............@....rsrc................p..............@..@.reloc..............................@..B.....#..z.IK...5&.~.....79X...@z#.`....V%..~...o.}&......4.(..Q.~.;........<?..v.5z8....Xij...(?.HkB.}(...M.........Z.G}.yxk.....................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\codecs\is-V9E7A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	548940
Entropy (8bit):	6.292254057074961
Encrypted:	false
SSDEEP:	12288:qM7FGk3xrXrzfN3IBk0hLwPiHRE6sHjFr12d9TNcKKKKYYYYYHZ+dKixv65fxg0:qM7FGkB77N3IWqLwPixE6sHjFUdVNcKx
MD5:	284B66AA31D1B4117141BC4DB6B9210C
SHA1:	2A7B870F34B15643CBE98CC28224250ECDB0E2EF
SHA-256:	0EE3AE8F2FF1324BF4F153AE3BD4FE20505A2DD3049ABC5F23DC4F378D578C81
SHA-512:	EE01E967EF37D7B3358CB57632ED30388CD1A27F1933238AE9B42D2CFA632BB6DC4A9BC425D153370B5BD672ABE7074C2A0BB6E8FA1C0431F320CFC237C55EF2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..C..C..!..A..,..@..8..B.....G..,..F..,..@..C..X..C../.....B..E..A..E..J.....B..RichC..........................PE..L....Vr@...........!.........@......c..............`............................................................................<....... ........................ ..p...................................................l............................text...*........................... ..`.text1.............................. ..`.rdata........... ..................@..@.data............ ..................@....data1...(.......0..................@....rsrc... ............ ..............@..@.reloc...(.......0...0..............@..B........................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\is-CL5VE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	272896
Entropy (8bit):	6.523120738605816
Encrypted:	false
SSDEEP:	6144:P/pb95LIbfMWZskFONizSLLsCn3cEFMWiFtNF7R5Lgr1A09:PBHEML25BkA09
MD5:	78A2145443852E9297D38D70C88AEC06
SHA1:	AC0F6FC47DF474C17792F6EBE3C568EE15B52431
SHA-256:	A3061F0938B309D24524A03A4C7356C396B5DE48F3BB70A13DC5AE2221DFC7CA
SHA-512:	F07B3588AB555B8D4ED0C7566C70C48F2B9A110D206CB796C384C2196111016171A79001EFC6E829AC1C4E462D7CF2BB7C363BA4A698E6B2021E4208CF0186BD
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....X5...........!.....H..........0........`.....b.........................p......................................P....;... ..(....0.......................@..h&..................................................T"..,............................text.../F.......H.................. ..`.rdata../]...`...^...X..............@..@.data...@P.......8..................@....idata..R.... ......................@....rsrc........0......................@..@.reloc...(...@...*..................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-37145.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	5.3597251485932915
Encrypted:	false
SSDEEP:	768:wTijBJRj+KSZhWJrFwW/Rwu177rwnfF0PunStYoA0I89xus+mx7y+:wTijBJRyNZhWJHRwkwf2WSrIIw
MD5:	52E1316205C14C5DE7F16DB53C18052D
SHA1:	3F2EF67E5BF18DCC7ACAD84C9A9AD8B5554F1BDD
SHA-256:	9D61A772F8FF721F4E6F03403CC3A9A1C97347E700364975B8D4D67DEBAEBC54
SHA-512:	142765AEB5A4259C00628833E58881D9B008AE548AC44F982533048563B950742772B9589E45D68EAF64FB10DCE08C07AC857E94C2641E462A95C3CBBCA74E9E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c@..'!.W'!.W'!.W\=.W$!.W'!.W-!.WE>.W#!.W'!.W !.W.=.W.!.W.'.W&!.W!..W)!.W...W&!.WRich'!.W................PE..L...m.=...........!.........P....................8`....................................................................e.......P.......8............................................................................................................text...`........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...8...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-6LQ0G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	61493
Entropy (8bit):	5.5587880881632845
Encrypted:	false
SSDEEP:	768:qvmCzyQ2W+V028BTjy5U/Kx9nELA0RmI6RleZDG2tqZrBht0wx:aD3+V028BTjM9EsXbMGv/t0wx
MD5:	3F823B4A0072A63493D5520ABA54E667
SHA1:	F799505F167224B375D7CF46541E419BC336AEF0
SHA-256:	193618D489E76BEF9BBBCEA7369721170874AFE2D6722A156CE70914E49963C8
SHA-512:	4C545BD7567361B3B3A5D8E01CCA49BD21FB7E74082955E59C346728F47BB27AD710051CF3EE6FED629601E52DC17D91F9A61656F7C96B4DC057EB7E656BC73F
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........cu....V...V...V...V...V...V...V...V...V...V...V...V...V...V...V...V...V.!.V...VV..V...V.!.V...Vn".V...VRich...V........PE..L...YWr@...........!.........P.....................`................................................................`...{.......P...............................H...................................................................................text..."........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-CMQSS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	262204
Entropy (8bit):	6.472369609358146
Encrypted:	false
SSDEEP:	6144:hODHwsiXglutYxyv3wPwLjgG2V/hakgl7Tr23znV/ym2v/KGYg6oX3q/x20SvC2t:hODHwsiXglutYxyv3wPwLj92V/hakgll
MD5:	420ACE51F164B0951A993EE8C9A71DB9
SHA1:	2EFA3807A850332CDDF3B2F5D99CD50ADE195970
SHA-256:	3CD05F6A3DBD061BB90C50770F8B2F1C9DE73EEDEBC14BDACCF7AFCF3A70A0D9
SHA-512:	ADC3E476453228C706768E73DC17361A9B4DDA14DC2BCBE6BCCC9CE1C55B4BDF623AE769E34FF2023AF68524402FD270494AEB68B3500049D4E57C1A1EB7AAAC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\>D\=P.\=P.\=P.'!\.Q=P..!^.^=P.3"[.]=P.3"Z.Y=P.3"T.^=P.>"C.[=P.\=Q..=P.Z.Z.]=P..;V.]=P.Z.[..=P...T.]=P.Rich\=P.........PE..L....Vr@...........!.....P...........Q.......`.....`....................................................................O......P....................................a...............................................`...............................text...eC.......P.................. ..`.rdata...D...`...P...`..............@..@.data...h........ ..................@....rsrc...............................@..@.reloc.. ........ ..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-DBGJC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	4.516940717479657
Encrypted:	false
SSDEEP:	384:QcI3vT+ceoy8tbnSEJK+NSmLedj96qrr0m6akPVKdo:kr+Ky8tbn3JK+NSIed5Drrfq6
MD5:	CC63DC6E942B646B6052E02C1C7142FB
SHA1:	D5FEB9C48B68BCE7B58EA86EC00C7238B8128C48
SHA-256:	B98685C985B325CAA4208263D7DFEA2E66C76951BAB313C87CF5F0AD2C17D063
SHA-512:	402D8F12206997FCF1285CE409CD2EB2DACAB7C10B9BAB8D57E443E4A074A79E051DAA12B7872608AD774CB6D5C779444F933C180A87EEE4A75B1147AAFAFF39
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#.vp.vp.vp..zp.vp.wp.vp..ep.vp.vp.vpT.tp.vp..pp.vp.}p.vp,.rp.vpRich.vp................PE..L.....=...........!.....@...P......pM.......P....;`................................................................0a..g...X_..<.......x............................................................................P..X............................text....>.......@.................. ..`.rdata.......P... ...P..............@..@.data........p.......p..............@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-JLV0H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	4.6602334406323
Encrypted:	false
SSDEEP:	768:6m6CjTBuCjDr0M6L32+cSsnbInD1tmSOlX/UxbV:zzVuCjDrLy31vGbIpqCb
MD5:	791A9D804A7430D1170D39C0BCDAD904
SHA1:	2A0D7AACDD0C6D0580736E01642C478D239255CB
SHA-256:	57ABD3EE33952EA698AD82029F0397796221A82DEB2F42050A9CC357245D186D
SHA-512:	D2C15B34792474DA8BE3470147F888C184ECACF2E8A2E0A739ADC85FF4B0314771553EFE6EAD966C9C5D4C1F5E565266132D9F334D13AC7DF1501BAAD8FE2257
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.^h:.0;:.0;:.0;A.<;;.0;:.1;0.0;X.#;>.0;:.0;<.0;..2; .0;..6;;.0;<.;;5.0;.4;;.0;Rich:.0;................PE..L.....=...........!.....`...P......@i.......p....9`....................................................................g....~..<...............................h....................................................p..L............................text....Z.......`.................. ..`.rdata..'....p... ...p..............@..@.data...h...........................@....rsrc...............................@..@.reloc..:...........................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\plugins\is-M0I4H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	45056
Entropy (8bit):	4.853195739293399
Encrypted:	false
SSDEEP:	768:ua+EuN+JpcTEMIBuk+vS+r/ktVEgr+9otjj:BuNSEhD6+r8t+9oF
MD5:	D5D93E823FA7258D34DFFA6D15AFA59F
SHA1:	E9FCD7ED97D659A09FD64DCCFF8DAB5749F1C7A9
SHA-256:	95CF864D738A9765B1295BA5CA1B653EBF3C6E325B5AF0785F1B46CE05D688F4
SHA-512:	657D5801B9A37F4D2234C6DB844EB4E1CA30EFB5956CCEDA0118C5D44D6B1E1EE49AC26B3B53E18DE0C0EE6579B19D872999B6E33B1D8DC147667948EA28C86B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........".#.C.p.C.p.C.p._.p.C.p.C.p.C.p.\.p.C.p.C.p.C.pl_.p.C.p.`.p.C.p,E.p.C.p.`.p.C.p.c.p.C.pRich.C.p........................PE..L.....=...........!.....`...@......P`.......p....:`................................................................`~..g...t\|..<............................... ....................................................p..\............................text....Q.......`.................. ..`.rdata.......p.......p..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1DN8R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	86110
Entropy (8bit):	5.959546455793157
Encrypted:	false
SSDEEP:	1536:n0U/KLLKYqrTZ2g9Vlrpnu9CoU5Y386dmOhHnvzzeVe1:n0U/0LKYWr6CR5iHgOhHnrgm
MD5:	09DE48D387A3C0CD5B03195DE94784B9
SHA1:	BBFC1DE0DB0C33463345A34BE9CF8AC1EC6D81A9
SHA-256:	712618303BCB1932597C28C9F99AAB18E232B5F019C0748FFB697C08FEBD9307
SHA-512:	5B4C376238BF2711D4A9DAD127F9BBC39FCD820835E4B9AA2A8D2B9FDAEC6A0CF714C3744AFF7A311842C40DAED629869E5E65F3FA0A8462D5944DBDFBDCC5DB
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........MU...U...U.......W.......T...:...P...:...W...:...T...7...V...U...~.......T...S...G.......T...RichU...................PE..L....Ur@...........!.........P....................A`.........................P......................................P...........<....0.......................@..<....................................................................................text...@........................... ..`.rdata........... ..................@..@.data...8.... ....... ..............@....rsrc........0.......0..............@..@.reloc..f....@.......@..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-1KUPI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	49249
Entropy (8bit):	5.258823116095141
Encrypted:	false
SSDEEP:	384:t0Tt0w1OmGwiYpQGviUCpa7YXF+XCPbzF/G4sTQ0PHxamprbPTz5ogjEr:t0ZlsUb7YX1B/PEHUmwr
MD5:	1C7985146A1ECA9FA0008C9E02790791
SHA1:	88E9F981CCB0778D8F7CF61B5FABEF23E3CE7C95
SHA-256:	5017F5D6A4902CECAA64FCF78F57A6939F6550DA3D1C0FBADE732D019DA68619
SHA-512:	17AF6BBA3125D6F3003EF9EACFC64B1DA86808AA975BB5CE007B01012325C175EB566A13C160F4DB42725DBE705F2E0B6959D9631764204323187F7A2CCE91F6
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=bOZ\..Z\..Z\..!@..[\...@..[\..5C.._\..5C..X\..8C..Y\..Z\..x\...Z..[\..\...U\...\|..[\..RichZ\..........................PE..L....Ur@...........!.....`...P......yb.......p....9`............................................................................<...................................pp...............................................p..l............................text...._.......`.................. ..`.rdata..=....p... ...p..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-4922F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	45139
Entropy (8bit):	4.788372838984784
Encrypted:	false
SSDEEP:	384:oTFr8+Rbz7lJxYqmfbHWwfCjTndNlXVCr0PCzHCrbPTz5ogqcj:wh8oDl+H36TnlorECW
MD5:	FBFB901208E79DB5F33EB7F89F8F15D3
SHA1:	E671CDFEA50EE342049D74D2939F874CBA4AE2E6
SHA-256:	225B125DDB986E6ABB1F134E6B428B106FE16D102C65AA61BBD5FD95D67FA6A9
SHA-512:	99B5C0F9C464A2C464F9A5966DDB752D741D5C99F18C5122148AEF43B1D11F3AC2A1AE60A54AAD5C78320F86138C9581E22520F197741AF881F394CC4EDE76E6
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8.W.VSW.VSW.VS,.ZSV.VS..XSV.VS8.\SR.VS8.RSU.VS5.EST.VSW.WSs.VS..PSV.VSQ.]SY.VS..RSV.VSRichW.VS........PE..L....Ur@...........!.....P...P.......B.......`....;`................................................................0r.......o..<....................................`...............................................`..t............................text....L.......P.................. ..`.rdata.......`... ...`..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-64E3N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	327767
Entropy (8bit):	7.692893011603594
Encrypted:	false
SSDEEP:	6144:D+cIfk6us3zzi+oiTAhBiD19rzaXTRu27U6evL8wUK7k2V3aqumtvTmzITX9y6AD:D+cIfkM3niXQAPcvaXTRZboLrjn1DxE5
MD5:	E9C106CD21AE3F195C9D7D6B959C0051
SHA1:	3488905B9420204322B5551FC234B86631CF40E3
SHA-256:	637DE17363E08DE7046AA314102856163259E88C054872F411BB0D7B8455BFD4
SHA-512:	0573AFD9492130FBD8B2538EBE1DCCC9C493EA1FFD9B1BA942431434DD377BD9F697BC6D42473957D7D7E97C8285860223C31B4E5A10CD5A8E2667F60C4B5F20
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.rP..!P..!P..!+..!R..!...!Q..!?..!U..!?..!R..!2..!S..!P..!w..!V;.!W..!...!Q..!V;.!_..!.8.!Q..!RichP..!................PE..L....Ur@...........!.........P......!.............1`............................................................................<....................................................................................................................text............................... ..`.rdata..(........ ..................@..@.data...$...........................@....rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7EV8O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	4.283195798719668
Encrypted:	false
SSDEEP:	384:HE3NQNp2u848+ZGithLXePb41DAPMBEX0/+flUJgI:HEd/QttuPb4DAkBEX/q
MD5:	260F7E5C55E9A98F3B03267D12D13E08
SHA1:	6870BDFD240B3BF957A4BF5633146940C9C3D7D4
SHA-256:	FDD81E80BD6170BB6487C1BEB0BF15271A2AB75D1D35A35ED6EBB34EEC107DB9
SHA-512:	463C334844C3D5A44FAA6C3AEDE141B5B723C1329E53F7F760BA1E1DC7D8CC33069ACBF9098B8D96570D8B7CD2411A60920CC3AA7D7F927888AA560CEEFF8869
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............u...u...u...i...u...u...u...j.u...u...u...i...u..Fs.u...V...u..~U.u..Rich.u..................PE..L.....=...........!.....@...@......@C.......P....C`.................................................................\..m....X..P....p..P............................................................................P...............................text...p7.......@.................. ..`.rdata.......P.......P..............@..@.data........`.......`..............@....rsrc...P....p.......p..............@..@.reloc..f...........................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-7JSD1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	106582
Entropy (8bit):	5.717207834632074
Encrypted:	false
SSDEEP:	1536:4+tp0F8OstZjpozMB1PHVsA09H7q7JxTZM7uxC3ybKBTtxLTJQCysD7vrB:WFdst1pozMvHG+r6uxRbKBZxLTX
MD5:	C6526E82614CF3457E5AEE07BDA860FA
SHA1:	3ED2CFD79D0661B5C7B31953D2C36520D46114A5
SHA-256:	B25B382C72B3C1BBB074A300C58C4C358C24B2F4DE23662ECB0DDC599C8B5E40
SHA-512:	827312E40681048AAF33796074FCD257A438B9D193A1C58B9912608B7B32B51383EC2141B76E857B94B9E03F18089B33E35BA82AA14077EA566D5912FA20BFA7
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.$.).J.).J.).J.R.F./.J.F.@.,.J.F.N.+.J...D.-.J.F.A.+.J.K.Y. .J.).K.}.J./.@.+.J...L.(.J./.A...J...N.(.J.Rich).J.........................PE..L...`Vr@...........!................_........ ....P`................................................................0@.. ...x:..d....p..........................H... !............................................... ...............................text...^........................... ..`.rdata..P!... ...0... ..............@..@.data........P... ...P..............@....rsrc........p.......p..............@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9F3I2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	49235
Entropy (8bit):	4.958930850083015
Encrypted:	false
SSDEEP:	384:SqKUEx7koAtUHPGpYgVN+Cjh4uCN0AmP1VP60P4rs9T1rbPTz5oguO1j:S5v3A/ph4v+Am3SE4rsP5
MD5:	0A6457A0EE22CEA6D5AC44EBA38ECD3E
SHA1:	43923FB66F7F59CEB5F2E2EA11100CF2D55D7EB7
SHA-256:	39815B0C5F0C99D0BE272670178BF41DE44B82EB3FBCFE745C568413C38C559A
SHA-512:	9CA573BC768FB9755626C911AC77E54FDD51A941895FAB24A03A490A5F35702C8FD3928998EB62AFB619E28FD11D4445806FFA49B6D5D03A276CB121EE35D450
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._..S_..S_..S$..S]..S..S]..S0..SZ..S0..S]..S=..S\..S_..Sy..SY..S^..S...S^..SY..SQ..S...S^..SRich_..S........................PE..L....Ur@...........!.....`...P.......O.......p..../`................................................................p....... ...<....................................p...............................................p..\|............................text... Z.......`.................. ..`.rdata.......p... ...p..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-9S1L5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	77920
Entropy (8bit):	5.999563000943942
Encrypted:	false
SSDEEP:	768:NKJxNUC1pbd3UizQP1hWWe7xOGY+xVCWByl0f5+BQ8CxxP68ajEQXPPFAATB:IOOpxkizQPXy7teW4QT76njJ3FAATB
MD5:	21A11C56DD3AEB5F79BF15294B1289DC
SHA1:	2CA65B4F67AA344571B375F452C1E5C5858B046B
SHA-256:	A049702599E7CA08761B4BA2D8AD9F6FFF64094D340A15A45A5A9B058CFDA3D7
SHA-512:	46BD236BFC259E7AB9D60CAC376C7AF798465891B80DCA1B8CFAD08A00AE87DFA74C846D9778B5F5AB827D9251542DA7A9F2B6DF1DA2B2598DCC43B52390B9AB
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..._..._...$...]......]...0...Z...0...]...0...^...=...\..._...\|.....^...Y...C.....^...Rich_...........PE..L...SVr@...........!.........P....................N`.........................0......................................`...........<............................ ..........................................................t............................text...`........................... ..`.rdata........... ..................@..@.data...<...........................@....rsrc...............................@..@.reloc..n.... ....... ..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-DS9U1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	69718
Entropy (8bit):	5.854259334889487
Encrypted:	false
SSDEEP:	768:E8ovAPuQRxUc0YoPuRKky9uUlPoDGj0ZcErTZhDqP1AW6:3ovkuQcLP6C3PoDs2cI7i1AW6
MD5:	C828F4B1B35BD7B4E1CD57BB8C2FC129
SHA1:	F2973E8DFDBD0231426D8BD7815A29AF1F473758
SHA-256:	646EE2EABF359C198463A5078C8C0E20E59A9B1E97341CDBB08C5266878D18B7
SHA-512:	EE932E0AE7E8EB0A22E47D1EAA525559CF8C5445C7F918083D6217EC76D5D2EF81297750DA811F53251BBEC12450482B4E455FE046A58D65372DBD58CD515771
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.D.#..#..#..X.&.%...$. ..L. .&..L...!..L.!."..A.9.$..#.+.e..%. ."...,."..%.!.8....."..Rich#.*.........PE..L...MVr@...........!.........P...................M`................................................................ ...........P...............................P....................................................................................text...j........................... ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-FE45C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	53341
Entropy (8bit):	5.0149309510201965
Encrypted:	false
SSDEEP:	384:AHcXgww1529wBT1/+tNWqDoxd9qXvxVUv2A5TJDcrbU90PQ/M9jzHmSrbPTz5og+:4CcTp+/DooX/UeuSrb+E59jaqFiN
MD5:	BB6F628341E8B00837B6112DDACD7A12
SHA1:	0181410B78649483F6F4C46156439D589F635466
SHA-256:	683AEE9C684FB965EB35FAF6ECB99796E4B83191E5B047498540E8AEB9C06212
SHA-512:	E730EFBB31475E29B9DA99A08E9449027C05977251744F25C33230D3CACFE3AF7209FDD9C57C97D65CA0C8D4D318F84DF45534127AB8210A14FB224CEC83C4F3
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}..V...V...V...-...W.......W...9...S...9...T...4...U...V...t......W...P?..[...<..W...RichV...........PE..L....Ur@...........!.....p...P......{V.............`................................................................P.......4...<...................................p...................................................l............................text....`.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-GSO7L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	241736
Entropy (8bit):	6.4131477076269086
Encrypted:	false
SSDEEP:	3072:UnaY/vCCb36mulLClER/8/9dYllKFwW+De54/GsfmwhrOWQNWH4zL7:G/KCb3/uJmEq9dYllFE4/T+whrORWHsH
MD5:	299231BBF812B8D75DACC446CEEC2387
SHA1:	8CAB0FC10134A0F8DDD7EAA75AD2A06D0B247453
SHA-256:	E705B11F80E542A7B90E08D983C831810E36107C53F8D6987D2B2B469A22A20D
SHA-512:	10E298606A03B5A596B7045B54C038878A3FAB1904E3B3682A741A634C8136110F1B0B347F933B11B0CB2522762D96B5C42C8D570A4FA49C94928E793DBEB858
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X`c.............g...............s.......s.......s...............~................"..............."..O....!......Rich............................PE..L....Ur@...........!..............................$`.................................................................H......@>..d....p..........................<...0...................................................(............................text...5........................... ..`.rdata...Y.......`..................@..@.data...`....P... ...P..............@....rsrc........p.......p..............@..@.reloc...&.......0..................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-KH2SN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	489
Entropy (8bit):	4.442207571053521
Encrypted:	false
SSDEEP:	12:NQYNRNCc5JFfLqOVKqOcqOZdtqOEqORxqObhqOFqqOJShqOdqqOFqOM4KqOZGrqk:mQMgJFfb4XMhyGj
MD5:	37A1F65A0EA2D40FA5DA4F3884BFE777
SHA1:	06BA220E1456F460DC18678C8D5B19A7CD5BE431
SHA-256:	E8B65828CC8D143B45EC79EF22120E8891F7F38A509713EEDB837D7C18862ADE
SHA-512:	94E1899BB1004C13F781DA71C37BEFA2A04DB41A6EB3F530C50CF19FC7BD07DF81B5C14D66B23215A138BF0EEA666A77484C93D43E8047CB97A558D6E4CEDB71
Malicious:	false
Reputation:	low
Preview:	# Video codec mappings (old,,new,)..videostream,rvg2svt,,rv8,....# Audio Codec mappings..# old-name,old-flavor,new-name,new-flavor..audiostream,atrc,0,cook,24..audiostream,atrc,1,cook,25..audiostream,atrc,2,cook,25..audiostream,atrc,3,raac,2..audiostream,atrc,4,raac,2..audiostream,atrc,5,raac,3..audiostream,atrc,6,raac,5..audiostream,atrc,7,raac,6..audiostream,atrc,8,raac,7..audiostream,atrc,9,raac,7..audiostream,atrc,10,raac,8..audiostream,atrc,11,raac,10..audiostream,atrc,12,raac,11

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-LKBCE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	356352
Entropy (8bit):	6.753439093757412
Encrypted:	false
SSDEEP:	6144:PCy9Vu5Dyryvt5b7QE3EHs5dmR27PMmLA6fD7YQ5fI94TG/jcjCQmtAsTRmxybOU:PRODyw5bH3EHs5dmI7UmLAw7YQ5fI94k
MD5:	5FE4925C7B5FDC2354DCF94683703231
SHA1:	382BBA9557DBB8F9E62CE2C9D2EF41C9E6B9E150
SHA-256:	4A7840B68F3715862F3B9FD000C566310E49C8BF987AED554365DB72183B59FD
SHA-512:	8BC16735F1216C8B678DDAE16CC229FAC794974C85EAA46E4A5CF86CEA6711B8C5532B38913E942A7DDE2535ED08A0C7663F167D780D10E367A2E0FC2CACB5A2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..$.$.$..8.$.$..$..;...$.$.$..8..$...$.X".$....$.`..$.Rich.$.........................PE..L.....:@...........!.....`...........0.......p....,f.................................................................... ...0........0..P....................P...!...................................................p...............................text....P.......`.................. ..`.rdata.../...p...0...p..............@..@.data...............................@....rsrc...P....0... ... ..............@..@.reloc.../...P...0...@..............@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-MJN3C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	548864
Entropy (8bit):	6.265313525434334
Encrypted:	false
SSDEEP:	12288:jCpPYLV5qcOJ30h+1N1DsptjAEgMWNQAJUEaGmYEiDOeaLGgprOftjutjMsFiY:jCpPYLV580hO2uEgMZKNRcGc+tjutjMU
MD5:	3AEDCE85B9EC52171C3E7209BB40B072
SHA1:	1E5E13F79894849F4560C609094C7CA32C007E99
SHA-256:	6F64081AAB3FBC9E3597B7AC083887954954DDE53EFF4E458152EEBF16916988
SHA-512:	984B26F405662B89CD3DA820502192A5D8FB9D303E6ECD1F9A6BF929C478E05B9B49FED71744877249B79CA3F72D11F64902EFF602C1A97DD04DCAF41DF5BF18
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~T8.:5V.:5V.:5V.A)Z.5V.:5W..5V.XE.65V.:5V.<5V..)T.v5V.<.\.<5V..3P.;5V.<.].V5V...R.;5V.Rich:5V.........................PE..L.....:@...........!............................. f................................................................P..................../...................@...9...................................................................................text............................... ..`.rdata...K.......P..................@..@.data...,...........................@....rsrc..../.......0..................@..@.reloc...F...@...P..................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-NL7MN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	65634
Entropy (8bit):	5.723064571271445
Encrypted:	false
SSDEEP:	768:YmBUXe/akLZ+fHk4D17cWpsUky5Ezg0EKzNZNe4PNMeyR8:Ymd/asAE4D17NpZkPFlNjhK8
MD5:	8DE300ACB1232AF176EC7E67DA384FBD
SHA1:	69236A37F4F033B96924A704F6BCE4278AEC38D2
SHA-256:	37FBEC440BE54651AD3E924CA5B57FCA18932458B4648BB0EA6DE2DDBD85CA45
SHA-512:	F4C338D7A1CA3DBB5774835E8AA4EA65F93AE15FE118FFAC61B5C5E6E7099CC11C88A647A5A182EEE4AC27DC64F034C08D66FBFAC4F2B8A9128C819E6BB93D7B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.~.m.~.m.~.m.b.m.~.m6b.m.~.m.a.m.~.m.a.m.~.m.a.m.~.m.a.m.~.m.~.m.~.m.].m.~.mrx.m.~.m.].m.~.mJ^.m.~.mRich.~.m........................PE..L...nVr@...........!.........`....................T`................................................................p...........<....................................................................................................................text............................... ..`.rdata...,.......0..................@..@.data...............................@....rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-R788B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	53327
Entropy (8bit):	5.643503698094455
Encrypted:	false
SSDEEP:	768:0KmFsZXdiKwL9SQToKnrj3Zoue1IQ4wH8Sedg1fkOBnGD:FCitij/oue1Ivxdg1MknGD
MD5:	6726AAC87D65C7A9C290730336BB4EF3
SHA1:	9EC6A6CB87D237EE0AB7CA0DAB1EFA84A223FC6D
SHA-256:	D748BB1634D91B84B4205997F18FFD37BE3C886A773748A6DD2A89E7ADE0B158
SHA-512:	3488640FA6F08893FA8F4532A1A4F79135476FC9DBBF43F1FF781B92F68A2F3155A1EC4417A110BF056004B805C47BA8E665EFED69EA5F0268C23F1C52A9FCE5
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=..\..\..\..@..\.-@..\..C..\..C..\..C..\..\..\.iZ..\.....\.Q\|..\.Rich.\.........PE..L....Ur@...........!.....p...P......;c............0`...........................................................................<.......................................................................................x............................text...`m.......p.................. ..`.rdata..T........ ..................@..@.data...$...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-RJM7O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	57443
Entropy (8bit):	5.33215530076098
Encrypted:	false
SSDEEP:	768:XyFWUrbYft1psEPsDA9Cgsse32SUpEJSZv:Ctrsft1pl09tV2ljZv
MD5:	0BAFA265AF9736A1DAC4CEA5BCB2B303
SHA1:	1FEE6BA625D824FEB4EDF2658EA44A9472D35896
SHA-256:	7266D7C340CA0B270505C9C2DC00A5508E831FDC4BBC0C0029A80713A6E1CC07
SHA-512:	5FAFE201C4429DDAF5DF4621B090CD440F57B870CE69ABA210EC23DBCE71A10632577A571CC4725E7B3335A3D8020897655F3A7D422921EFBD485CE027C7C3E9
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..Ee...e...e.......d.......g.......`.......g.......d.......f...e...F.......d...c...w.......d...Riche...................PE..L....Ur@...........!.........P......{l............8`...........................................................................<.......................................................................................t............................text....w.......................... ..`.rdata..~........ ..................@..@.data...x...........................@....rsrc...............................@..@.reloc..z...........................@..B................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-SR4CK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	53325
Entropy (8bit):	5.302694654024429
Encrypted:	false
SSDEEP:	384:SFhEoDhzcd3GXmlmGQZWNhmTAqSTvGcYgUm1M/ci73lLMR9U4FzeJB0PQ/xspbLE:UdeG2lmGQZWowhRxM/cCmR9taBERW9
MD5:	F285CDC7B5E9CFB4E5519EB02D56ECE5
SHA1:	2BFDC1AF79201412C08EB1DBD7B79B87CF677213
SHA-256:	57A790067E8C00BD58CD3EC2BB65FAD14D6A883DE417F615C48C92BAB5DB7759
SHA-512:	40EC86CC71C1F325E2EAEA56288256CFD9C8F9F67A0D83763053005C51993B61C7DAD772678E2778210ECD3545D0392B43AE859AE4C6CE8EE9D9628121C19419
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......852v\|T\%\|T\%\|T\%.HP%xT\%.HR%~T\%.KV%yT\%.KX%~T\%.KW%}T\%.KO%yT\%\|T]%ST\%.RZ%}T\%zwW%oT\%.tX%}T\%Rich\|T\%........PE..L....Ur@...........!.....p...P.......U............7`................................................................`.......,...<...................................p...................................................p............................text....f.......p.................. ..`.rdata........... ..................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VE8B0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	856132
Entropy (8bit):	6.631298398710922
Encrypted:	false
SSDEEP:	24576:wU2w3LbOqMLdrhBRDhp6dkBvQGKSctiW6vXMBeQKrI7cRfeR:Z3sLDES0gRf6
MD5:	35BB6BAD26A19E65FE5B81C5796F001A
SHA1:	5E3E06A5307391EC9B913F9525085EEAB99FCDED
SHA-256:	3F2453EC5785B8D19BF1BD9FDAD810F3EF1C3D22958F2E4FEA8855CE00340147
SHA-512:	1A056661C03177CC7387683224094E546A48CE8B408D289C1CC2CFADB2FBDEE67E0A0F59878C8307F38A42204DFE815FB74647863EC1A2CF0D159B5A7544ABD5
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.............................D..........................m...4...........4.@..87....Rich...................PE..L...CUr@...........!.........`.....................`................................................................P..........x....@.......................P..8...p...................................................l............................text.............................. ..`.rdata..............................@..@.data....s..........................@....rsrc........@.......@..............@..@.reloc.......P.......P..............@..B................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\RMBin\tools\is-VQ2C8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	53321
Entropy (8bit):	5.290946622219615
Encrypted:	false
SSDEEP:	384:aVJagqMxqaz0ZKGNluLvtvTTKA2z6EJ7buAINwT89tBNfjYQW40PKR+HT8rrbPT6:uQZNSJTb2Z6VNwTU5jlW4EKIYF3f8
MD5:	915BE4B4B577370E9C171F0144D02183
SHA1:	6514B33547D6438F0A7D04FCEDD04772073FBAEB
SHA-256:	0B8BCDABD778275A472FAC79D4CCED998D95D41A92707F135403140FBDAFE008
SHA-512:	9716606F6A72E5BE3F476E57D8217FDC534BFD92804D2CF21E9CD615C1D4BF88EF56BC9C829B531FD3227882F25DDE4C7503466469467C1FA1DF61EA01D22C4D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..O..v...v...v.U.z.,.v...x./.v.A.\|.+.v.A.r.,.v.A.}./.v.L.e.-.v...w...v...p./.v.(.}.!.v...r./.v.Rich..v.........PE..L...ZUr@...........!.....p...P......._.............`........................................................................8...<.......................................................................................\|............................text...pi.......p.................. ..`.rdata..#........ ..................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-35DF0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	88472
Entropy (8bit):	6.351952857437715
Encrypted:	false
SSDEEP:	1536:RtJZyn7/uDNaHFMA8IA6XaaLmX4VVgl6ylIRPJA0BG:uDuZMMnCa4FVVGtIRPW0E
MD5:	F36FADC30B8A80976BC197FE837BC6A4
SHA1:	16DA7069D02E2A8995667C947ABE1DD026809870
SHA-256:	64A0E74BCA0CEF05ACF3542F73493C79423EE810106C34D31675DD104F965891
SHA-512:	4C49FE3C743C70FF90C468FA00E2E9B21629A84DD55AAFFC0CD3D6AF0482AF21CC9DB66D769B16FA920B8C473D8992E0E76C7C0ACA6330D3941171B8B6FDC65E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.f8?..k?..k?..k6.k1..k...j3..k...j;..k...j;..k...j...kd..j<..kd..j4..k?..k...k...j>..k...j9..k...k>..k?..k>..k...j>..kRich?..k........................PE..L....(V_.....................z....................@..........................p............@.....................................,....@..X............>.......`..........T...............................@...............t............................text............................... ..`.rdata..&<.......>..................@..@.data........ ......................@....rsrc...X....@......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-GUIIM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	147352
Entropy (8bit):	6.332695235371158
Encrypted:	false
SSDEEP:	3072:VX19iXoFUZNJSq+xRULJizZzMJEQkvxJlXHFPwk08:VfiXoCMxRULJizt85kvTc8
MD5:	EB5C9AA1ACD8373617FBD8A5E9902CC0
SHA1:	F94852B13CB54F17E3B01965F72B4101DBE9887D
SHA-256:	E5FEF8802192F0DDB8BCB8CA18245677E01E41702F2D61732F6567AFB858CD20
SHA-512:	7D6D13DD9ED95E0A6674AC49DC7CB599D3691FF0C61BB232077EBC22AAB1EB1DAF32FFAEA5F5AD5D325C40EA698512E85A7B7B3710CC6CC801335D06937A6BEF
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........?...Q...Q...Q.....Q...P...Q...U...Q...R...Q...T...Q...U...Q...P...Q...P.w.Q.Q.U...Q.Q.T...Q.Q.....Q......Q.Q.S...Q.Rich..Q.........PE..L....'V_............................R........ ....@..........................P............@.................................D............L...........$....... ... ...S..T....................T...... T..@............ ..X............................text...4........................... ..`.rdata....... ......................@..@.data....'.......$..................@....rsrc....L.......N..................@..@.reloc... ... ..."..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-Q042M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	83752
Entropy (8bit):	6.903773905350177
Encrypted:	false
SSDEEP:	1536:ygQmqDRK9IfURwL67cuhH6poqPpep4yW3UecbiEI+/z3SnC:yg+DRGI86L6gshupXUecbiEZ
MD5:	55C8E69DAB59E56951D31350D7A94011
SHA1:	B6AF2D245AE4D67C38EB1CD31E0C1CFFB29B9B2C
SHA-256:	9D8D21022FF9D3F6B81A45209662A4F3481EDC2BEFAE0C73B83CF942EAB8BE25
SHA-512:	EFB2AC1891724DF16268480628EB230B6EE37ED47B56D2E02A260559865CDD48EE340CE445E58F625E0F4D6DBDC5BFB7CE2EEEDF564B837CFF255EF7D1DC58CD
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......reM.6.#F6.#F6.#F...F4.#F?\|.F=.#F6."F..#F.t G%.#F.t'G".#F.t&G*.#F.t#G7.#F.t.F7.#F.t!G7.#FRich6.#F........PE..L...~8.^.........."!................@........................................@.......\....@A........................P................ ..................(A...0..t....#..8............................#..@............................................text...d........................... ..`.data...............................@....idata..............................@..@.rsrc........ ......................@..@.reloc..t....0......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\ActiveX\x32\is-TI4FS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	456480
Entropy (8bit):	6.668806207955215
Encrypted:	false
SSDEEP:	12288:xltXrXT8sqcLNvDbiv7TlkWBElGuIMyYehUgiW6QR7t5s03Ooc8dHkC2esrMnUv:xfXrXTXLNvDb0TlkWBElqYd03Ooc8dH4
MD5:	448B345BCAC7EC3729F291229C942060
SHA1:	5813E35F62F3C670D02CF18DFA0DCA523108660E
SHA-256:	5B920691E5273821987680FAB51B91F9DE89CF2C66C10C568DCA57EAF2AE74FA
SHA-512:	72D01D35716AD9E1FDE5941854B811765479C73A7A3CDC9E3FEFCD3A6AECF68657354599B5CD18E67C8B1A61A3D5756AE83B13963C08E7BB638E415236C9D136
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).>gm.P4m.P4m.P4...4o.P4d..4{.P4m.Q4..P4..Q5n.P4..T5f.P4..S5e.P4..U5..P4..P5l.P4..4l.P4..R5l.P4Richm.P4........................PE..L....8.^.........."!.....D...................`......................................+.....@A........................................................... A.......;...z..8...........................Hy..@...................$...@....................text....B.......D.................. ..`.data...l(...`.......H..............@....idata...............`..............@..@.didat..4............t..............@....rsrc................v..............@..@.reloc...;.......<...z..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\Icons\is-OEFT9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1052672
Entropy (8bit):	5.4230507758611255
Encrypted:	false
SSDEEP:	24576:iMMMMMMMMMMMMMMMhSMMMMMMMMMMMMMMcMMMMMMMMMMMMMMMhBMMMMMMMMMMMMMk:iMMMMMMMMMMMMMMMhSMMMMMMMMMMMMMY
MD5:	5AE900396D4E7F610FF769C87D8230E1
SHA1:	15ED6F1FB9B6E7A1EE9FA0A62E6CE66E708AE563
SHA-256:	BA219FD9115F314D304E38500D202DC45AD617ABB8511FD0920ED913A6278E37
SHA-512:	DF6C64B298AD2051A534000C115F1E4884023A58CB8BC6335D7F8D680D55C9325BF85A4193FD56DB5192024EA024053897195C7F921DA4C4FA79CCC53ADC6E42
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!Library created by Axialis IconWorkshop...$.......vS.w22.$22.$22.$22.$.2.$.:.$12.$]-.$32.$]-.$%2.$...$>2.$4..$32.$Rich22.$........................PE..L.....aD...........!.....@...................P..............................................................................$T..(........c...........................................................................P...............................text....4.......@.................. ..`.rdata..p....P.......P..............@..@.data...h)...`...0...`..............@....rsrc....c.......p..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Program Files\Common Files\FlashIntegro\Skins\is-B3CLK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	745976
Entropy (8bit):	5.322883147226045
Encrypted:	false
SSDEEP:	12288:1m6ka6HUKf6ka6HUKh6kA6HUKk6kT6HUKO0RrPXTVGEs26:1F0pJG126
MD5:	AD0642059AA6BF329FD413CE0DC2C058
SHA1:	D4D8674C37456F957F0ECE96B00A3BB933D3262C
SHA-256:	9F4DC283A55B86BEA2F80A7F014C9C2F60A3275E1394B1B658A0647AAB91B295
SHA-512:	B9488813F98E6F3E8410CE7F50FFD1FD7A5C12725F1D230591CEE5672D5ECB7F0A98D92ED2E15D3D135F9A2B8898B5B494143FC125676DAD8794DF7DDEF5D4AC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ 5.A[..A[..A[.hG]..A[.Rich.A[.................PE..L...K9VN...........!.........H...............................................p...........................................................E...........J.......`.......................................................................................rsrc....E.......F..................@..@.reloc.......`.......H..............@..B......................... ..0... ..P...................................f:.......:.......:.......:......Z;.......;..0...;..H....;..`...<..x....;......`<.......<.......<.......<.......=......J=.. ....=..8....6..P....6..h....6......T7......&7.......7......F8.......7.......7.......8..(.... ..@.... ..X... !..p...H!......p!.......!.......!.......!......."......<"......."..0...d"..H...."..`...."..x....#......Z#.......#.......#.......#......&$......^$.. ....$..8....$..P....$..h....%......2%......

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-2QLEA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6218
Entropy (8bit):	4.911207792201517
Encrypted:	false
SSDEEP:	96:rswlzaDKEOLXtRkh//gEMKM7vszf+OW0004AMwkqsVMfYZTkiut2:w+5XoXM1IhW0001O
MD5:	BA8EB6172962837D3C32D1800A33049B
SHA1:	77C7328D3873092AF2C8A36B29B8A427A4FFD059
SHA-256:	F88BCBA711B9D014DD028FFF3D22FF6C67E094D7263D0F90F34252C3A0F9B381
SHA-512:	E14E663A6505B547639C1AC46BAC84543D5A10B31E9021E6BE808DF524E0ACC74CEB138339ED100E24B4F095AB33216AF6AF1E59EE0728457E47FAF521FD948D
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.... .(.K.o.r.e.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.$.X. ..........H.e.a.d.e.r.T.e.x.t.=.%.s.t.(...). ....D. .H.......S.u.b.H.e.a.d.e.r.T.e.x.t.=.8...\|. .....X.. .t. .........\|. ... .X.0. ...t. .t. .$.X. ......(.%.s.).\|. ..... .......$.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.t. ......... .4...t. ...h..... ......?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.8..... ...\. ..... .....\|. ...%.t. .......$.(.....).......Y.o.u.r.E.m.a.i.l.=...X.X. .... .T.\|.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.$.X. ..... ... .4...D. .X.. ........ ..... ... .t. .......$.......M.y.C.o.n.s.e.n.t.=.. ..... .....0.. ...\|. ...t.t. ...X... ...... .....D. ... .L.. ...<.p. ...x. ..... ..... .).h... ..X.X.. ...<.\. .....).........M.y.C.o.n.s.e.n.t.2.=.. ..... .....0.. ...\|. ...t.t. ...X...

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-6PL4E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8998
Entropy (8bit):	3.4597037095028043
Encrypted:	false
SSDEEP:	96:rswS1Cyet/EOzItdnEudNGedEVsLahUUMeJnL+67RJpx0MGg7/ynU/LcoTVZr/cW:wxCyhf8L+cyMLcoBFKOj+I
MD5:	5B42EDF21C241F237C407BF42803A8A6
SHA1:	A28B2520476D0E9FABB6DB143F42DD31F677E02F
SHA-256:	444F8659317ABADB97626385615C65CCBAAE846D6ECC58966829071518512CF9
SHA-512:	0663753E724FF4E80DC2379F412B8999985B34EE3152B334E2A1E2D0D932B1EE1C4B297A266F1A142D0C68640639AB2BE17BBFF20672DE2B794C260321B29D71
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.P.o.r.t.u.g.u...s. .(.P.o.r.t.u.g.u.e.s.e.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.R.e.p.o.r.t.a.r. .e.r.r.o.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.a.r.o.u. .d.e. .f.u.n.c.i.o.n.a.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.E.n.v.i.e.-.n.o.s. .e.s.t.e. .r.e.l.a.t...r.i.o. .d.e. .e.r.r.o. .(.%.s.). .p.a.r.a. .a.j.u.d.a.r. .a. .c.o.r.r.i.g.i.r. .o. .p.r.o.b.l.e.m.a. .e. .m.e.l.h.o.r.a.r. .o. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.O. .q.u.e. .e.s.t.e. .r.e.l.a.t...r.i.o. .c.o.n.t...m.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.r.n.e...a. .i.n.f.o.r.m.a.....e.s. .a.d.i.c.i.o.n.a.i.s. .s.o.b.r.e. .o. .p.r.o.b.l.e.m.a. .(.r.e.c.o.m.e.n.d.a.d.o.).......Y.o.u.r.E.m.a.i.l.=.S.e.u. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.e.v.a. .e.m. .p.o.u.c.a.s. .p.a.l.a.v.r.a.s. .o. .q.u.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-9B4VS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8632
Entropy (8bit):	4.307855702994277
Encrypted:	false
SSDEEP:	96:rswBarEOKEiiYi3x+XHARPSlcNFbP8fowiOxJYzHxhEjK6qM9zprAiKqDxG6ZO1w:wONQ8CbFoAhEFjK6qyzpr9IM7
MD5:	7133F35C69E84C9BFF0899DAD8B36C07
SHA1:	9B71C69D46A9436E3E1C3A7E6517508668162CB4
SHA-256:	AA3B6F6245B27E2D58D3C164264AF853FE6E718BB03D1C6F77B159616C768CEB
SHA-512:	9DBBB09646F74F9DBBC32169489E48CD3801BC00A78566A6CD5DCBC47C33EEC5141C9AF56FF226EEEF3A85FD3B3474C05CA60E2912F040F0DACD5E83F25B1E3F
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=. .C.A.A.:.8.9. .(.R.u.s.s.i.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=...B.G.5.B. .>.1. .>.H.8.1.:.5.....H.e.a.d.e.r.T.e.x.t.=.%.s. .?.@.5.:.@.0.B.8.;. .@.0.1.>.B.C.....S.u.b.H.e.a.d.e.r.T.e.x.t.=...>.6.0.;.C.9.A.B.0.,. .>.B.?.@.0.2.L.B.5. .=.0.<. .M.B.>.B. .>.B.G.5.B. .(.@.0.7.<.5.@. .%.s.).,. .G.B.>.1.K. .?.>.<.>.G.L. .8.A.?.@.0.2.8.B.L. .>.H.8.1.:.C.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.'.B.>. .A.>.4.5.@.6.8.B.A.O. .2. .>.B.G.5.B.5.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=...@.5.4.>.A.B.0.2.8.B.L. .4.>.?.>.;.=.8.B.5.;.L.=.K.5. .A.2.5.4.5.=.8.O. .(.@.5.:.>.<.5.=.4.C.5.B.A.O.).....Y.o.u.r.E.m.a.i.l.=...0.H. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=...?.8.H.8.B.5. .2. .=.5.A.:.>.;.L.:.8.E. .A.;.>.2.0.E.,. .:.0.:.8.5. .4.5.9.A.B.2.8.O. .?.@.8.2.5.;.8. .:. .>.H.8.1.:.5.:.....M.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-BCRV8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8286
Entropy (8bit):	3.737493027902729
Encrypted:	false
SSDEEP:	192:wMLEp1uveWEPzzGA0xKuxBn8ge863B+npfG:w+Ep1uvezrzGxM88ge863B+1G
MD5:	B6AC6EB650D062D043CF4030196B9798
SHA1:	CC43EA49FE9C007494A1EC1D9AC086CC2DDA6CC6
SHA-256:	8D96400D7159C90D7CE290006790399AC2100080D7280134E7371CC1DB011970
SHA-512:	A8110FF38A36E1D4DAA392209EBB497BB041332F0125FB30FA1D9EE775F34925D2A704A5FEE594739AE0909F34DFC06448884A6A3B926C88362B3B98042686DE
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.P.e.r.t. .P.y.t.e.l.k.a.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.C.z.e.c.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.H.l...a.e.n... .c.h.y.b.y.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.Y.e.s.t.a.l. .p.r.a.c.o.v.a.t.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.Z.a.a.l.e.t.e. .n...m. .p.r.o.s...m. .h.l...a.e.n... .o. .c.h.y.b... .(.%.s.).,. .p.o.m.o.~.e.t.e. .n...m. .t...m. .z.l.e.p.a.i.t. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o. .t.a.t.o. .z.p.r...v.a. .o.b.s.a.h.u.j.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.o.s.k.y.t.n.o.u.t. .d.a.l.a... .i.n.f.o.r.m.a.c.e. .o. .c.h.y.b... .(.d.o.p.o.r.u...e.n.o.).......Y.o.u.r.E.m.a.i.l.=.V...a. .e.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.P.o.p.i.a.t.e. .n...k.o.l.i.k.a. .s.l.o.v.y.,. .c.o. .j.s.t.e. .d...l.a.l./.a.,. .k.d.y.~. .d.o.a.l.o. .k. .c.h.y.b...:.....M.y.C.o.n.s.e.n.t.=.S.t.i.s.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-GBMCS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9340
Entropy (8bit):	3.451418069049947
Encrypted:	false
SSDEEP:	192:w0Zfj6VP8dYFdYJ2Tgk4OzuNfPDCPnymnTMcDPETUTH+iJQV:w0Zb6VP8aFaNOzuNnDUjWYCoe
MD5:	733051CB5BF0A0E194C171380884328A
SHA1:	CD3106376F42E9E30F02F11D60DD7636DC81E944
SHA-256:	8837AAAC9D6071256514C7B9BC7DFC87F485036403C29DB778B3CBE6DF7C7D89
SHA-512:	B136BAA49EB8B4636DD29403E19991DA5FA027F849EEF16EC9BD6E4B51E04C4254F566E5EC36E0FCA97F809B8AC2B2041D82DD0631EE910FFBF7D6184C4352B3
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.F.r.a.n...a.i.s.e. .(.F.r.e.n.c.h.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .a. .c.e.s.s... .d.e. .f.o.n.c.t.i.o.n.n.e.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.S.'.i.l. .v.o.u.s. .p.l.a...t. .e.n.v.o.y.e.z.-.n.o.u.s. .c.e. .r.a.p.p.o.r.t. .d.'.e.r.r.e.u.r. .(.%.s.). .p.o.u.r. .a.i.d.e.r. ... .r...s.o.u.d.r.e. .l.e. .p.r.o.b.l...m.e. .e.t. .a.m...l.i.o.r.e.r. .c.e. .l.o.g.i.c.i.e.l.....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.Q.u.e. .c.o.n.t.i.e.n.t. .c.e. .r.a.p.p.o.r.t. .?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.u.r.n.i.r. .d.e.s. .i.n.f.o.r.m.a.t.i.o.n.s. .s.u.p.p.l...m.e.n.t.a.i.r.e.s. .s.u.r. .l.e. .p.r.o.b.l...m.e. .(.r.e.c.o.m.m.a.n.d...).......Y.o.u.r.E.m.a.i.l.=.V.o.t.r.e. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D...c.r.i.v.e.z.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-J2KOS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6012
Entropy (8bit):	5.008950496948138
Encrypted:	false
SSDEEP:	96:rsdsjz2Yy5EOzwyYgZvNR/4YlfcRYsXXveLVbK6sbHBU2cwQRfgZwNMqhjlfDk+:wa8H2y6jkwon/k+
MD5:	734EDE39B3C0908BBA4C4DFD4D94CCFB
SHA1:	79BF0855227E8F30C5C8374A60B24BA6FC631BF0
SHA-256:	E5E774D8EA8EE657A8E25E0F90F0FA18DB40BDADBD47A6939473557508D8A7A6
SHA-512:	2EF962E808EA8F58CAA29937AD4684D115AA9A21D56FFEF70351EDB517712CBCF58608F8EADCBB4696E43410273B8CCB6ADB26663F541345E59C98733508BAC0
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.D.a.v.i.d. .M... .C.o.t.t.e.r.,. .d.e.v.i.l...t.a.m.a.c.h.a.n.....A.u.t.h.o.r.E.m.a.i.l.=.d.a.v.e.@.k.j.a.m.s...c.o.m.,. .d.e.v.i.l...t.a.m.a.c.h.a.n.@.g.m.a.i.l...c.o.m.....L.a.n.g.u.a.g.e.=.J.a.p.a.n.e.s.e.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=..0.0.0.0.0.0.0....H.e.a.d.e.r.T.e.x.t.=.%.s. .o0.R\O.0\PbkW0~0W0_0.0....S.u.b.H.e.a.d.e.r.T.e.x.t.=.S0n0.0.0.0.0.0.0n0OUL..0.OckW0.09e.UY0.0_0.0k0.0.0.0.0.0.0.0.0 .(.%.s.). ..0...OW0f0O0`0U0D0.0....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.S0n0.0.0.0.0k0o0UOL0+T~0.0~0Y0K0?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.OUL.k0..Y0.0...R.`1X.0eQ.RW0f0O0`0U0D0 .(..chY)..0....Y.o.u.r.E.m.a.i.l.=.J0.[.in0.0.0.0.0.0.0.0:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=..0.0W0Q0.0p0.0.0.0.vMRn0.d\O.0!\|Tok0...fW0f0O0`0U0D0 .:.....M.y.C.o.n.s.e.n.t.=.[..0.0.0.0...O]. ..0.0.0.0.bY0S0h0k0.0c0f0.0x..bW0_0.0.0.0.0n0.Q.[k0.\|..W0f0D0.0S0

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-LFTOB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8514
Entropy (8bit):	3.6760387725466406
Encrypted:	false
SSDEEP:	192:w4C/vhOSsOClqGbpa1PPzfBqZBQKYcgtHAOQsOSRfPja:wl/pOSsOsqGbMdPbBoBOgOQsOSRfPja
MD5:	2F97D087B9D2B9A04325F54D0BC65235
SHA1:	770BD8B419D1D7614D8FE7F7523060F8B8AFEF2C
SHA-256:	4CF9914EDE1297C37BB194C65729D44BC9C48C0434F566E80185FA9EB86D0EBD
SHA-512:	0D917DE5D20BF1F0FAA4DAC30FAABD0B7BFF36787443B0A089905B9C3C7399E059B507E76DE0A53E85A3D713711EFB61AE36BC95F2BD7FA03B6B8E80BB585098
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.Z.o.l.t.a.n. .T.i.r.i.n.d.a.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.S.l.o.v.a.k.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.H.l...s.e.n.i.e. .o. .c.h.y.b.e.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.r.e.s.t.a.l. .p.r.a.c.o.v.a.e.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.Z.a.a.l.i.t.e. .n...m. .p.r.o.s...m. .t...t.o. .c.h.y.b.o.v... .s.p.r...v.u. .(.%.s.).,. .d.o.p.o.m...~.e.t.e. .t...m. .k. .v.y.r.i.e.a.e.n.i.u. .p.r.o.b.l.e.m.u. .a. .a.j. .k. .z.l.e.p.a.e.n.i.u. .s.o.f.t.v...r.u.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...o. .t...t.o. .s.p.r...v.a. .o.b.s.a.h.u.j.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.o.s.k.y.t.n...e. ...a.l.a.i.e. .i.n.f.o.r.m...c.i.e. .o. .p.r.o.b.l...m.e. .(.o.d.p.o.r.....a. .s.a.).......Y.o.u.r.E.m.a.i.l.=.V...a. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.P.o.p...a.t.e. .n.i.e.k.o.>.k...m.i. .s.l.o.v.a.m.i.,. ...o. .

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-OOR8C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9150
Entropy (8bit):	3.4945763167127226
Encrypted:	false
SSDEEP:	96:rsw6KEFzpEOfykDiY8E1VwyS5mYFDMdaCF4wvXT4trYy9CwjewTs0Rj0DyfmEW/U:wtKsD5OFgD4E4xt0wVYZyfYK1
MD5:	088F56F41CAE74E6C399FAD788829B93
SHA1:	59E3C6542B92ECF5A63CB9BCA529823498721437
SHA-256:	562B71D6B0340D8F5D881198A164FA857A646F4E43D01C76270A71D65588E605
SHA-512:	9A95E2C09AEEF76B55B9021D151A5914802D0A5E7E17DA6128D5165FA8F338ECF5BD38CD056A43A3041C1893299FD0002186B756245A4534FE7752C5D9E03BDC
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.D.e.u.t.s.c.h. .(.G.e.r.m.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.F.e.h.l.e.r.b.e.r.i.c.h.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.t. .a.u.f.g.e.h...r.t. .z.u. .a.r.b.e.i.t.e.n.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.B.i.t.t.e. ...b.e.r.m.i.t.t.e.l.n. .S.i.e. .u.n.s. .d.i.e.s.e.n. .F.e.h.l.e.r.b.e.r.i.c.h.t. .(.%.s.).,. .u.m. .u.n.s. .z.u. .h.e.l.f.e.n.,. .d.a.s. .P.r.o.b.l.e.m. .z.u. .b.e.h.e.b.e.n. .u.n.d. .d.i.e.s.e. .S.o.f.t.w.a.r.e. .z.u. .v.e.r.b.e.s.s.e.r.n.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.a.s. .e.n.t.h...l.t. .d.i.e.s.e.r. .B.e.r.i.c.h.t.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.B.i.t.t.e. .g.e.b.e.n. .S.i.e. .u.n.s. .z.u.s...t.z.l.i.c.h.e. .I.n.f.o.r.m.a.t.i.o.n.e.n. .z.u. .d.e.m. .P.r.o.b.l.e.m. .(.e.m.p.f.o.h.l.e.n.).......Y.o.u.r.E.m.a.i.l.=.I.h.r.e. .E.m.a.i.l.-.A.d.r.e.s.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-RB1FB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8214
Entropy (8bit):	3.46410018464503
Encrypted:	false
SSDEEP:	96:rsw6o2KPZEOTWSucfgjfJpkiZJpkiVxoVrOSBngI3NnS0FivuiLugXeTmZ4dIc8k:wlo2K/uKFVVgOgncoW
MD5:	771DA39B527E886A247A0C0A33FFB715
SHA1:	CB762ABE50294A08A7823C246E02CD9347555B49
SHA-256:	763F0FE5AF80055827FB2563AF696BD1452C39BE080720AB483D0CE6AC36EE92
SHA-512:	628382CF8A6035275B48D6FF3CF0DC17C2B61F65E4EF0F138990A09FD0CF09A4F821E2CB5780A3FDDB49A01E3F6AF1F379ED44BEF290D39B0D04D5E110B7D9A5
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-S1GUV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5194
Entropy (8bit):	4.934990217399529
Encrypted:	false
SSDEEP:	96:rs49VxEOEQbecIBPPF+ZmsDoV0LB6W8lcJELyKBKR1TxZTkiut2:wOIQG+Zzk0L38lUwy
MD5:	4CA209C131119E28C581447D10F5F9DB
SHA1:	9F49C9C89E0A7149A8F3A9451A58D6D5EBED05C4
SHA-256:	EB3DD1604138B82F9BA13A180D71E513599D201B4A6EABA814179D12BFE97ABB
SHA-512:	CB0F404D8D9044FA92F15FCADBAFCC3BDE75C7BA33DD58E26B2FCE7656847F757F7F2947F52D587205544FFCF0B29C05865350E98D4F6840A657B787D0E02701
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].........A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=..{SO-N.e .(.C.h.i.n.e.s.e.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.............[.M.a.i.n.D.l.g.].........D.l.g.C.a.p.t.i.o.n.=....bJT....H.e.a.d.e.r.T.e.x.t.=.%.s. ..]\Pbk.]\O....S.u.b.H.e.a.d.e.r.T.e.x.t.=....\,g...bJT(.%.s.)..S...~.b.N...^.R.b.N.Q....T9e.U,go..N.0....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=..bJT.S+T.T.N.Q.[......P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=..c.O.f.YsQ.N@b.Q.s...v.Oo`...^.....0....Y.o.u.r.E.m.a.i.l.=..`.v5uP[...N0W@W......D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=....{.w.c...Q.s....e.`ck(W.L..v.d\O......M.y.C.o.n.s.e.n.t.=..c.N. .S...bJT. .c....sSnx...b.q.`.bJT.Q.[.N.c.S.0...y?eV{.0ag>k.0....M.y.C.o.n.s.e.n.t.2.=..c.N. .S...bJT. .c....sSnx...b.q.`.bJT.Q.[.0....P.r.i.v.a.c.y.P.o.l.i.c.y.=..0...y?eV{.0....I.n.v.a.l.i.d.E.m.a.i.l.C.a.p.t.i.o.n.=..eHe.v5uP[...N0W@W .....I.n.v.a.l.i.d.E.m.a.i.l.T.e.x.t.=....c.O.gHe.v5uP[

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-TMPGC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9490
Entropy (8bit):	3.4273353891983014
Encrypted:	false
SSDEEP:	96:rswy4K+rEOZAsqa+M6N0bhexWHG9l8rXhF3Urjo6hQgCwZuO1MSc+36FNL00Z828:wF4K+KBl8P9mBULe
MD5:	0871AABBB223D0FB55540FE7ACBC51CF
SHA1:	085476DFE9B8F75A11399008E4AD6E931C3505D5
SHA-256:	90AA62BAA98F460F4911C1D7794E54B1697C524A82229C62F632627A9339EDBA
SHA-512:	FECF554978ACD9E5A03FE7BD987DB75190B5759275867B6119E95581A09F0ADA68CA30BD07BED91C46D80683B4A8E412721FCBF776DDEEB5AD655804A6EC0699
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.s.p.a...o.l. .(.S.p.a.n.i.s.h.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.I.n.f.o.r.m.e. .d.e. .e.r.r.o.r.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a. .d.e.j.a.d.o. .d.e. .f.u.n.c.i.o.n.a.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.o.r. .f.a.v.o.r. .e.n.v...e.n.o.s. .e.s.t.e. .i.n.f.o.r.m.e. .d.e. .e.r.r.o.r.e.s. .(.%.s.). .p.a.r.a. .a.y.u.d.a.r. .a. .s.o.l.u.c.i.o.n.a.r. .e.l. .p.r.o.b.l.e.m.a. .y. .m.e.j.o.r.a.r. .e.l. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...Q.u... .c.o.n.t.i.e.n.e. .e.s.t.e. .i.n.f.o.r.m.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.p.o.r.c.i.o.n.e. .i.n.f.o.r.m.a.c.i...n. .a.d.i.c.i.o.n.a.l. .a.c.e.r.c.a. .d.e.l. .p.r.o.b.l.e.m.a. .(.r.e.c.o.m.e.n.d.a.d.o.).......Y.o.u.r.E.m.a.i.l.=.S.u. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.a. .e.n. .p.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-UGT21.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8706
Entropy (8bit):	3.418128050943717
Encrypted:	false
SSDEEP:	192:w0DiqO3rAVfZZz15oZKY/VekjYT0nOz3vt:w0Dibro770Zat
MD5:	7946240B3F0A4F4690A606E99D033D80
SHA1:	3F1EED3D945155BB9805D3D8A7AB8AB46AEF93E5
SHA-256:	668861ED83446DDD88A52D1DA75B26F81FBBFBD28BEF799DFFD81545B6620929
SHA-512:	6D185ABEF33B9DBEE082161DD0C9DC85D85A23641EA87D02A998B45A9CF9D4E11F5844611A337ADE63BD71D5F8DB436B9A0080B402ACEA7370D63173F5AF79F2
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.D.a.v.i.d.e. .Z.a.c.c.a.n.t.i. .-. .Z.a.k.S.o.f.t.......A.u.t.h.o.r.E.m.a.i.l.=.t.e.c.h.s.u.p.p.o.r.t.@.z.a.k.s.o.f.t...c.o.m.....L.a.n.g.u.a.g.e.=.I.t.a.l.i.a.n.o.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.S.e.g.n.a.l.a.z.i.o.n.e. .e.r.r.o.r.i.....H.e.a.d.e.r.T.e.x.t.=.%.s. .s.i. ... .i.n.t.e.r.r.o.t.t.o.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.I.n.v.i.a.n.d.o.c.i. .q.u.e.s.t.a. .s.e.g.n.a.l.a.z.i.o.n.e. .(.%.s.). .c.i. .a.i.u.t.e.r.e.t.e. .a. .m.i.g.l.i.o.r.a.r.e. .i.l. .p.r.o.g.r.a.m.m.a. .e.d. .a. .c.o.r.r.e.g.g.e.r.e. .q.u.e.s.t.i. .e.r.r.o.r.i.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o.s.a. .c.o.n.t.i.e.n.e. .l.a. .s.e.g.n.a.l.a.z.i.o.n.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.r.n.i.s.c.i. .i.n.f.o.r.m.a.z.i.o.n.i. .a.g.g.i.u.n.t.i.v.e. .(.r.a.c.c.o.m.a.n.d.a.t.o.).......Y.o.u.r.E.m.a.i.l.=.L.a. .t.u.a. .e.-.m.a.i.l.:.....D.e.s.c.r.i.b.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-VM6FH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8322
Entropy (8bit):	4.353613255564818
Encrypted:	false
SSDEEP:	192:wFGk8sWYOcdCjdvZHxCSQGKgrFvPDV/V0feOWwyldbtdaJLNJQN:wFGk8snOcdCjdvZHxCSDKmFvLV0eJwyf
MD5:	80F518D5E437F08859716F164E3DC503
SHA1:	1277A14A7978168A7EFD6BFA779C124E37AA3FE8
SHA-256:	84AE05D640D8F05D6C9C97194734E0CB54AD74661EBA12076225D74EB11FE85E
SHA-512:	5D0718A9D4A60680811BADF291EE7DE702853831D950EAE32825ADD2E80E8D54DE26B47B011A725BCDEA8CFAA44C4D0EAF3E7ABBC81CA24C8C0A0570CADEA64D
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.9.?.(.M.&.@. .(.H.i.n.d.i.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.$.M.0.A...?. .0.?..K.0.M.......H.e.a.d.e.r.T.e.x.t.=.%.s. ...>... .,...&. ...0. .&.?./.>. .../.>. .9.H.....S.u.b.H.e.a.d.e.r.T.e.x.t.=...C../.>. .9...G... ...8. .$.M.0.A...?. .(.%.s.). .0.?..K.0.M... ...0.(.G. ...G. .2.?... ...&.&. .8...8.M./.>. ...K. . .@... ...0.(.G. ...0. ...8. .8.I.+.M...5.G./.0. ...G... .8.A.'.>.0. .-.G...G.........W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...8. .0.?..K.0.M... ...K. ...M./.>. .6.>...?.2. .9.H.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.8...8.M./.>. ...G. .,.>.0.G. ...G... ...$.?.0.?...M.$. ...>.(...>.0.@. ..M.0.&.>.(. ...0.G... .(...(.A.6...8.?.$.).......Y.o.u.r.E.m.a.i.l.=......>. .....G.2.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=...A... .6.,.M.&.K... ...K. ...*. ...M./.>. ...0. .0.9.G. .%.G.

C:\Program Files\FlashIntegro\VideoEditor\Localizations\is-VQJ9Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8346
Entropy (8bit):	3.749763960246923
Encrypted:	false
SSDEEP:	96:rs533qW9PwtEO40PyZA8tUZDOnRSVAYcqxy6/MaBCK8KVQ8UtS3oqcUYkDOYyDL7:w536W9Pwq4+wBp06VQ8U23SDLUGCXMwQ
MD5:	8E1574B9F46EC84C1C471C76ECDB5E78
SHA1:	F91E0E641F3D4F9F2D2AC4DFD3635FCE386EB487
SHA-256:	5B5B3113C0A23400FB11D311995F82F96AD30792C700F09F35BB40D63987F302
SHA-512:	579607BFFD41ADA4EAFB547ECB1582EFDFCE8C3D44A4F12B0B95CABC5EFC23D986604381E906690C6B8A13F4852F349BA667D39524793511C5276EE0895C3D35
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.P.a.w.e.B. .A... .J.a.n.i.c.k.i.....A.u.t.h.o.r.E.m.a.i.l.=.p...j.a.n.i.c.k.i.@.f.g.2.4...p.l.....L.a.n.g.u.a.g.e.=.P.o.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.R.a.p.o.r.t. .b.B...d.u.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.r.z.e.s.t.a.B. .d.z.i.a.B.a.........S.u.b.H.e.a.d.e.r.T.e.x.t.=.U.p.r.z.e.j.m.i.e. .p.r.o.s.i.m.y. .o. .w.y.s.B.a.n.i.e. .d.o. .n.a.s. .n.i.n.i.e.j.s.z.e.g.o. .r.a.p.o.r.t.u. .b.B...d.u. .(.%.s.).,. .a.b.y. .p.o.m...c. .n.a.p.r.a.w.i... .i. .u.s.p.r.a.w.n.i... .p.r.o.g.r.a.m.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o. .z.a.w.i.e.r.a. .t.e.n. .r.a.p.o.r.t. .b.B...d.u.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.D.o.d.a.j. .d.o.d.a.t.k.o.w... .i.n.f.o.r.m.a.c.j... .o. .b.B...d.z.i.e. .(.z.a.l.e.c.a.n.e.).......Y.o.u.r.E.m.a.i.l.=.T.w...j. .e.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.O.p.i.s.z. .w. .k.i.l.k.u. .s.B.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-18N5J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1911
Entropy (8bit):	5.038849126214727
Encrypted:	false
SSDEEP:	48:U25MZR3Kpxrk1Vdn1PdK4h04I4k04tT3l7:K7Ak1Vdn1Pd5hzPkzl3Z
MD5:	BFA9652318169A91896A34E443C95148
SHA1:	77FF0BABFC09A4BB7E2AEFDAD83FA5CB66E62C77
SHA-256:	1A57FFEE6FBEEEA47441F206462EE01B0CC35BC5CFE446A36880FAB970556AF7
SHA-512:	D6E875FACCBE0364DD1476084090DD6527A53FB79EFAC7F57487F14C83C48BD80B566855F13E7F9DA0900120A0113832B8B388B77D816441BB9BC077CDFBE95D
Malicious:	false
Reputation:	low
Preview:	//texture PrevFrameImage;..//sampler2D sampler_main = sampler_state { Texture = <PrevFrameImage>; };..//float4 _c0; // source texsize (.xy), and inverse (.zw)..........//float4 _c5; // w1,w2,d1,d2..//float4 _c6; // w_div, edge_darken_c1, edge_darken_c2, edge_darken_c3....void PS( float2 uv : TEXCOORD,.. out float4 ret : COLOR0 )..{.. //SHORT VERTICAL PASS 2:.. //const float w1 = w[0]+w[1] + w[2]+w[3];.. //const float w2 = w[4]+w[5] + w[6]+w[7];.. //const float d1 = 0 + 2((w[2]+w[3])/w1);.. //const float d2 = 2 + 2((w[6]+w[7])/w2);.. //const float w_div = 1.0/((w1+w2)*2);............ #define srctexsize _c0.. #define w1 _c5.x.. #define w2 _c5.y...... #define d1 _c5.z.. #define d2 _c5.w.. .... #define edge_darken_c1 _c6.y.. #define edge_darken_c2 _c6.z.. #define edge_darken_c3 _c6.w.... #define w_div _c6.x.... // note: if you just take one sample at exactly uv.xy, you get an avg of 4 pixels... //float2 uv2 = u

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-205MJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.901513226891922
Encrypted:	false
SSDEEP:	384:CIQySyf2192T4mMHiOY100L6l0jIc96OfkcVo71ntrq0rhuO+cAHlo5JzVAaidI:CIQNh2T4mk66s9oooJtrq0rhYHlofWx
MD5:	0D1DE8822FE782D1061BE3C211C00D18
SHA1:	93A6FB5FA83234F5D7938A5A1B19D9B8859EC9E2
SHA-256:	D607BF890E6A738C9E4AAB6D57B8E019196F56D5FD427970388EF01905636A9E
SHA-512:	68F2C5F1CECE0AEE3724257DFC8B9A1AEB38B9CF19B0B9BDFD295C8726BE403C156AB29C2BF6B0ADC33CC3A6038BD3DB33EC93AF3D8D04308B75E56A4ABE0460
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................`......................................Rich...........PE..L......=...........!.....P...p...............`......................................h...............................`k...... f..<...............................l...............................................D....`...............................text....B.......P.................. ..`.rdata.......`.......`..............@..@.data....1...p...0...p..............@....shared.............................@....reloc..\...........................@..B/.[J ....8.K+.....[J8...........USER32.dll.KERNEL32.dll.NTDLL.DLL...............................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-71763.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	533
Entropy (8bit):	4.700605334293967
Encrypted:	false
SSDEEP:	6:fwTW+ERq5IEkFDt7OfniqCMEFoMYY+6/J0MJfnCwcFQX/sEcIKjLF4cnEhrybpv8:p+EYIBuiqBIz0MRn/syyRuW9sx
MD5:	F1226EC4E962927F3FECA7FB82D957E5
SHA1:	14746DA5A96FBEF3D807664E6405590C0D1451E5
SHA-256:	9D7E3255E25C4904078D8A23B90604523890D72AFED39DCEAEA71FCB871EF24D
SHA-512:	E03B60CB753CF05653CA1E49DF2DDD20F7D68C3F75FCA2B44025085A219E1AC83074E927B78597026B3957DDFE89C97F583E470617AD6C831925A63576B47B3A
Malicious:	false
Reputation:	low
Preview:	void VS( float3 vPosIn : POSITION,.. float4 vDiffuseIn : COLOR,.. float4 uv_in : TEXCOORD0, // .xy = UVs to use (unwarped), .zw = IGNORE.. float2 rad_ang_in : TEXCOORD1, // .x = rad, .y = ang.. out float4 _vDiffuse : COLOR, .. out float2 _uv : TEXCOORD0,.. out float2 _rad_ang : TEXCOORD1,.. out float4 vPosProj : POSITION )..{ .. vPosProj = float4(vPosIn.x, vPosIn.y, vPosIn.z, 1);.. _vDiffuse = vDiffuseIn;.. _uv = uv_in.xy;.. _rad_ang = rad_ang_in.xy;..}

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-D7F0R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	585
Entropy (8bit):	3.608329580553739
Encrypted:	false
SSDEEP:	6:X3yP/R3Av2emCzxwgaREaXe3AvJ3Xhnawd/3Av2emCzxwgaREaXe3AvY:SnRQOeDl8RErQR3Xpawd/QOeDl8RErQA
MD5:	E828884C04C8EC0FF9A313D380AD81B0
SHA1:	16B28EE776F3BFF85B8A2A8E1587BAAAC787CC59
SHA-256:	24D7F0FA5B89E88D5F501E092A77ED27C586C6F6F9BC96627D26E37862140774
SHA-512:	6FE7C7A9B2D2CAFD3211998A0EDE2BB27A5BE7231B2B8297AAEE7B0C8EBBF599CEF266625D3B9DC02D4C286F15E5D2E7E7A491E142BB23EBA3A993ED0E869981
Malicious:	false
Reputation:	low
Preview:	shader_body..{ .. //**********************************************************.. // NOTE: the body of this shader will be replaced by MilkDrop.. // whenever a pre-MilkDrop-2 preset is loaded!.. //********************************************************.... ret = tex2D(sampler_main, uv).xyz;.... //********************************************************.. // NOTE: the body of this shader will be replaced by MilkDrop.. // whenever a pre-MilkDrop-2 preset is loaded!.. //**********************************************************..}

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-EE30E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	366
Entropy (8bit):	4.498678614819149
Encrypted:	false
SSDEEP:	6:fwTW+EZIEzuGjXtCMEFoMYY+akcFQX/sEcIKjTZDLe39:p+EZIPudBI5IsyOE9
MD5:	C6D5A8377907920A1F750C0F4A88B191
SHA1:	048AB023A63EBD79257466FF657430CFC5F47143
SHA-256:	06C2FD594D3DABC09C2AAB550651996F4313261444A9B73A25B586372DDC0634
SHA-512:	F4307399C64FBF649165DA447703ED52BAFDE9CF62980572BE488682BED7F6C9007DC3AFD6E4A89806639579C5BCEEE199949EF258624E2A01F97E4B29A7A406
Malicious:	false
Reputation:	low
Preview:	void VS( float3 vPosIn : POSITION,.. float4 vDiffuseIn : COLOR,.. float4 uv1 : TEXCOORD0, // .xy = warped UVs, .zw = orig UVs.. float2 uv2 : TEXCOORD1, // .x = rad, .y = ang.. out float2 uv : TEXCOORD0,.. out float4 vPosProj : POSITION )..{ .. vPosProj = float4(vPosIn.xy,1,1);.. uv = uv1.xy;..}..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-JL8TS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	529
Entropy (8bit):	4.687396160594937
Encrypted:	false
SSDEEP:	6:fwTW+ERq5IEzuGjX8iqCMEFoMYY+6hlatMJfnCwcFQX/sEcIKjLF4cnEhrybpj/C:p+EYIPusiqBIvlmMRn/syyRuW9jVg
MD5:	18F45CF79B85B877A9269CB7508E710D
SHA1:	833690291E9A80A1CBF3AB2569F752E908141AA5
SHA-256:	162D11AE68B6C29D0BFBC318AA2B1069F4A64CF9EF89A1C024EF93E5AB703E4D
SHA-512:	B9379BC90925138D2B07F3F9E76CB0563752C0D965C401A476D23A1481E3DDB4565FCEF6EE68A3139B2CE84E9EEB507F6CDC1BDDA7C97A80D63B6C95A1839E11
Malicious:	false
Reputation:	low
Preview:	void VS( float3 vPosIn : POSITION,.. float4 vDiffuseIn : COLOR,.. float4 uv_in : TEXCOORD0, // .xy = warped UVs, .zw = orig UVs.. float2 rad_ang_in : TEXCOORD1, // .x = rad, .y = ang.. out float4 _vDiffuse : COLOR, .. out float4 _uv : TEXCOORD0, .. out float2 _rad_ang : TEXCOORD1,.. out float4 vPosProj : POSITION )..{ .. vPosProj = float4(vPosIn.x, vPosIn.y, vPosIn.z, 1);.. _vDiffuse = vDiffuseIn;.. _uv = uv_in.xyzw;.. _rad_ang = rad_ang_in.xy;..}..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-MACAJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	677
Entropy (8bit):	3.7748059064732273
Encrypted:	false
SSDEEP:	12:SnRQOeDl8RErQJVtv63X1du3FI1H/UQOeDl8RErQ9n:SPeD6/S3ldu3FI5WeD67
MD5:	A4C5D5DC0B201ED30C4E5DCC1DA79F96
SHA1:	B1C2CF1F2244AAEBECBFDCEF3D6361D644EB9AB7
SHA-256:	27A38036B0A50E8E735CC8E171A8CB7F697EDD1F695AFE2E275D9D788613353A
SHA-512:	5A6F5CF6BA01B484432B50F8CB7BF209D36395F872641B25B5CFBAC44D51FF484347DFDA1085362F8B6D60489C07122505E1974677B1F708121A81A8BF511BF9
Malicious:	false
Reputation:	low
Preview:	shader_body..{ .. //**********************************************************.. // NOTE: the body of this shader will be replaced by MilkDrop.. // whenever a pre-MilkDrop-2 preset is loaded!.. //********************************************************.. .. // sample previous frame.. ret = tex2D( sampler_main, uv ).xyz;.. .. // darken over time.. ret -= 0.004;.. .. //********************************************************.. // NOTE: the body of this shader will be replaced by MilkDrop.. // whenever a pre-MilkDrop-2 preset is loaded!.. //**********************************************************..}..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-PASQS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2203
Entropy (8bit):	4.9304126799691685
Encrypted:	false
SSDEEP:	48:UTyVszGEy6pxfaunmPd04h+04Qm4h30434hk045x4ht04a/3l7:RWV3aunmPdzh+zQ9h3zohkzQhtzY3Z
MD5:	11F365F2488A4EFF2B55E74670EFFE46
SHA1:	78E43E85FD3A5661FEA5CB05E6547EABAB90F4EC
SHA-256:	9973C5C3FC5736BA2CB6BF884223331BD84336C4D2B336AD22A0EEEA576DE06D
SHA-512:	637EFC56A07CD87167682A2AFBF5896A50FA5946BA1B3245408FF084C6E0896E95A1DA5539BA6837D2A5AA2517A257899B93B8F8B63702E0504ADE31A6D0B8B5
Malicious:	false
Reputation:	low
Preview:	//texture PrevFrameImage;..//sampler2D sampler_main = sampler_state { Texture = <PrevFrameImage>; };..//float4 _c0; // source texsize (.xy), and inverse (.zw)..//float4 _c1; // w1..w4..//float4 _c2; // d1..d4..//float4 _c3; // scale, bias, w_div..........void PS( float2 uv : TEXCOORD,.. out float4 ret : COLOR0 )..{.. // LONG HORIZ. PASS 1:.. //const float w[8] = { 4.0, 3.8, 3.5, 2.9, 1.9, 1.2, 0.7, 0.3 }; <- user can specify these.. //const float w1 = w[0] + w[1];.. //const float w2 = w[2] + w[3];.. //const float w3 = w[4] + w[5];.. //const float w4 = w[6] + w[7];.. //const float d1 = 0 + 2w[1]/w1;.. //const float d2 = 2 + 2w[3]/w2;.. //const float d3 = 4 + 2w[5]/w3;.. //const float d4 = 6 + 2w[7]/w4;.. //const float w_div = 0.5/(w1+w2+w3+w4);.. #define srctexsize _c0.. #define w1 _c1.x.. #define w2 _c1.y.. #define w3 _c1.z.. #define w4 _c1.w.. #define d1 _c2.x.. #define d2 _c2.y.. #define d3 _c2.z..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\data\is-QJKGK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4905
Entropy (8bit):	5.197454124939398
Encrypted:	false
SSDEEP:	96:vay3YYm1eKlo2uVzGNlvQAJNo4fl6geEmw:vp3Wu0NlZlOw
MD5:	89446A36BF72E9EBA2DDF750BECAAD58
SHA1:	FEFEC961798C07124FDBF91878264B35513F578E
SHA-256:	700C38FBEBCD3FA51EC5DD1696EC7CE27A5898B98AE46284396C4CDA82265E81
SHA-512:	0F49FBC112A481F089FE96766C295EAA8B8453827A070A931087D8FA5853FE7AA8553F541B0BB5A40E315B58240CE1E9F55A38545097ECBFFE0D68C5B7486081
Malicious:	false
Reputation:	low
Preview:	#define M_PI 3.14159265359..#define M_PI_2 6.28318530718..#define M_INV_PI_2 0.159154943091895....float4 rand_frame;..// random float4, updated each frame..float4 rand_preset; // random float4, updated once per preset..float4 _c0; // .xy: multiplier to use on UV's to paste an image fullscreen, aspect-aware; .zw = inverse...float4 _c1, _c2, _c3, _c4;..float4 _c5; //.xy = scale,bias for reading blur1; .zw = scale,bias for reading blur2; ..float4 _c6; //.xy = scale,bias for reading blur3; .zw = blur1_min,blur1_max..float4 _c7; // .xy ~= float2(1024,768); .zw ~= float2(1/1024.0, 1/768.0)..float4 _c8; // .xyzw ~= 0.5 + 0.5cos(time float4(~0.3, ~1.3, ~5, ~20))..float4 _c9; // .xyzw ~= same, but using sin()..float4 _c10; // .xyzw ~= 0.5 + 0.5cos(time float4(~0.005, ~0.008, ~0.013, ~0.022))..float4 _c11; // .xyzw ~= same, but using sin()..float4 _c12; // .xyz = mip info for main image (.x=#across, .y=#down, .z=avg); .w = unused..float4 _c13;

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\is-AEM9J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	144319
Entropy (8bit):	5.0084924817157495
Encrypted:	false
SSDEEP:	768:dPZD8w42Z30TG8rqHavXN6qIquLsYWhAbQL6+EuhHXypOVyVBk1Q3QHUU2Ky8nLw:/8lI+z2LDZgeN0NMZK9JiF0e
MD5:	BC4F66733AD038EB5EABEEA6ED1FB961
SHA1:	FFE3539C4BA7CE609DEE64184EA0F29388C1BCAE
SHA-256:	8AEB79A66EA264D380EFAF0B1387865D2FD37B112568126DDFCF52801C02562C
SHA-512:	8FDC6037C2E008F7D4BCD5F582DABB542FCD6F342586441EF0CF4F6345D4FE1C0A4ADEC0CDFD4D5D2B6E6017795502C3B0E7305D364935955D665AA2AB88A4B0
Malicious:	false
Reputation:	low
Preview:	<PropertiesBag version="1" tag="-1" type="13" itype="1">...<PresetsGroup version="1" tag="-1" type="13" itype="1" ctype="0" pos="0">....<Title type="8" pos="0">Aderrasi</Title>....<PresetProperties version="1" tag="-1" type="13" itype="1" ctype="0" pos="1">.....<Title type="8" pos="0">Airhandler</Title>.....<Path type="8" pos="1">presets\Aderrasi\Aderrasi - Airhandler (Principle of Sharing).milk</Path>....</PresetProperties>....<PresetProperties version="1" tag="-1" type="13" itype="1" ctype="0" pos="2">.....<Title type="8" pos="0">Bitterfeld</Title>.....<Path type="8" pos="1">presets\Aderrasi\Aderrasi - Bitterfeld (Crystal Border Mix).milk</Path>....</PresetProperties>....<PresetProperties version="1" tag="-1" type="13" itype="1" ctype="0" pos="3">.....<Title type="8" pos="0">Bow To Gravity</Title>.....<Path type="8" pos="1">presets\Aderrasi\Aderrasi - Bow To Gravity.milk</Path>....</PresetProperties>....<PresetProperties version="1" tag="-1" type="13" itype="1" ctype="0" pos="4">....

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-2EJ77.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6179
Entropy (8bit):	4.843132324785254
Encrypted:	false
SSDEEP:	192:8a3JYnl1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGu:8+JYbFtJpf7mOv91HFMtE96XIoYa4jjM
MD5:	2A7CD4094FCC4A53ADF1627E3300D482
SHA1:	D93DCA55948A021D1284AEF237404B21BC004B4B
SHA-256:	EB80DDC5B37DC12D3461ECDB9EBF734C91E6AFCB32BEF92F523D3E8B43A364E8
SHA-512:	8FEAE86080C904CE33CF0FD400B037645B554E7572D1D2CA18F4945FBD42036E7D0F42198D4E674583341D75A3EF569B34062294E580C3A001F88C2153AE7BB4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.420000..fDecay=1.000000..fVideoEchoZoom=0.999823..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001185..fWaveScale=0.325446..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=2.630064..fWarpScale=3.209168..fZoomExponent=1.000158..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.500000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.100000..nMotionVectorsX=6.400000..nMotionVectorsY=4.800000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-2JGVN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2002
Entropy (8bit):	5.072105285068405
Encrypted:	false
SSDEEP:	48:yXOsW5Q3JqSl4V3AZcZJaNJhnuskTcaJRj10:qOA3J4Vsczs97kTNJo
MD5:	94DDF63496C038703EF1F65F0FE3EDD8
SHA1:	2BB55790199A7F1123FF7646D7689720CD0D4AEA
SHA-256:	C8900119E93F58E3CFD4E524D865269F5037D58A18BD3850BE45F9582F828385
SHA-512:	D3105C10FDBCC0FAA26F59EBDF729C426354C5A3AA898C43A5AE713D2C3CAB2A4BCD9C01BBE9718ED117E3CDA8DA3858963B2BDC7589DC13A6298C4EC698B883
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=2.216706..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=3.749272..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.990000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-3LHV4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2268
Entropy (8bit):	5.092775068414148
Encrypted:	false
SSDEEP:	48:K/4f1f5Q3JqSl4V3AEWmxFBNowkHnuskT2sQCAgAS:KAfo3J4VhWmxiwkH7kT7eS
MD5:	9EC23017054F066974C2851AB4C64C22
SHA1:	D9765C679C13CFB1EEED4419CC52BAC8BE0237A3
SHA-256:	42081EA31F9D854AD6DF3455D3934515E244730A0802DAE623D253BEA6D83FF7
SHA-512:	F919E4084CF1AFEFC17DB37BD2D6CD61A48DCA7476E083322108A3060D8EC015838DAF7FCF16A3E9FE08501F7675CFEAC4CC8AA9DA372E179EBAE2275FEE2574
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.930000..fVideoEchoZoom=0.999837..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.796896..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999995..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.500000..ib_size=0.010000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.500000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-4S9MO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	5.112820384434664
Encrypted:	false
SSDEEP:	48:a/Pv1S0p5Q3JqSl4V3AE8akmi7cyBNoooIXBnuskTj+pXDNVGHxAw:Ovw0E3J4Vh8akmi7c7oo07kTKdjAAw
MD5:	EA6883A44F8CB038C98685FF98C89E8C
SHA1:	2085DEF642047714B79FA5AFEF2BAA4BAD0B3463
SHA-256:	D5AA0B3CB1669C1786A63A2FF9C23A18E93D7BBC51CA9A7A7273C8506990DEBC
SHA-512:	BCA858180BAF93E8F899055E0511129B21B4DF6033A47150C9C300FDD087F3C41BC99D4FD67DF8817B531A71B236E950868DFC05E8D7CC8F02925CEE9D5D029B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=1.488620..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=0.010000..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.200000..ob_r=0.900000..ob_g=0.900000..ob_b=0.900000..ob_a=0.500000..ib_size=0.050000..ib_r=0.900000..ib_g=0.900000..ib_b=0.900000..ib_a=0.500000..nMotionVectorsX=1.280000..nMotionVectorsY=9.599999..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-76EQB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1906
Entropy (8bit):	5.063173923069763
Encrypted:	false
SSDEEP:	48:IUF1W5Q3JqSl4V3AEDZJOJaNoo3nuskTpqZYxlV7Zi4s:jF73J4VhDbM7oX7kTpVVU4s
MD5:	11273C90C29F534ECF2F0815FEC0BFC1
SHA1:	EDDA3D42D5A736B11C4CF4CEA55ED31544BA972E
SHA-256:	921E00067710D55DCF3CC2EBF02160732BA086DAB8E2927F01421BF53D2A2ACF
SHA-512:	F9BCB07263146FA823E8967DDF82CF06076546C4AA15585E8BB33D78EB42BC85AE8382DA3CD08C3D7811E923FA4D964C55368E9A081EDEBEB35E230E0904423F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.990000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.972366..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.451117..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.800000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.100000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-9E7R5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2211
Entropy (8bit):	5.126734896797436
Encrypted:	false
SSDEEP:	48:M6EsW5Q3Jqbu3rAJWWENmIUfQHoApKQCQPQIy6F3QS9no3/Uft/Ai+W:pEA3J+WWZCXol2vy6F3QIoPgxcW
MD5:	F2E206F24E177C7E58E822CA1AE0BD9D
SHA1:	E7618E6F8721BCD2181FB09D3934D50B4EE49E71
SHA-256:	1C4FAFD7CE4252C5239DCB84C22760FF6ACF84F5BFDD858C099F77038562477C
SHA-512:	BDCFA7C50E3D93E6B1B56AE3D44D3C2A77ADC0A2B9C4C4A98FD9710B250DC5BE999B8B7378EDB2AAB913C60013B8416F7061C450C8C4D051B019CFA21FD7761E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.463937..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.600000..wave_g=0.600000..wave_b=0.600000..wave_x=0.500000..wave_y=0.100000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.300000..ib_size=0.015000..ib_r=1.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.300000..nMotionVectorsX=6.400000..nMotionVectorsY=4.800000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-CI9B0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2107
Entropy (8bit):	5.124016375463587
Encrypted:	false
SSDEEP:	48:pc6FOW5Q3JqSl4V3AEDSoSoFVnuskTlWmO7YcM4CcEb:q6Fm3J4VhDBFJ7kTVO7Y/rb
MD5:	76E991B00EF4CADF1E95A047FA452ADC
SHA1:	937297E830291C6FE50B950D833296E4022F126C
SHA-256:	424D9872F615055FC0B59C6E40F380FB89545A33E7E764A208E9BA0B3D376DA2
SHA-512:	84557CE14498CAA839298767B00DCFA1D78600FFD8C301356A2D699E3A511A148695A4E8092FB6AE158C553EFFE84B711836B60C9839CC8C006C8B206D14B03E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=2.448626..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=1.310603..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999900..fShader=0.000000..zoom=0.999999..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.200000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-EKH8K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5949
Entropy (8bit):	4.808061612049402
Encrypted:	false
SSDEEP:	96:j9gDZKI1lPtLFpf7mOv9tnHFMtE96FzTIEFYa4jj6QmnQCnyrCHFVPvHdFPLd587:pgVKI1FtLFpf7mOv91HFMtE96FXIEFYP
MD5:	D8D25F86EB429FA1C8A9D389B2FB2DCF
SHA1:	88F3E77A835D069AA7DF325F285AFF239925607F
SHA-256:	F9345422B213DE1433B7AD79C515D8A85C8D65FC89E3BE3F4DFD27D766B70C2A
SHA-512:	98B207FF22600A4BBFD6F10C2317C23A58D1847069AE1306A17D2C290031C417D5C8F2E102A01DDE8B5C8A8F22F125E5871925C6213BD593D3D53EE3ED4BFD5B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.350000..fDecay=1.000000..fVideoEchoZoom=0.999599..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.690724..fWaveScale=4.778029..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999513..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010100..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.100000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-FIVE4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6483
Entropy (8bit):	4.84556232479041
Encrypted:	false
SSDEEP:	192:B3JYOXQ1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGn:xJY6+FtJpf7mOv91HFMtE96XIoYa4jjB
MD5:	3A7C46D520A72EB028AB5C2A479FA011
SHA1:	062E616EBE80D41FE5E684AB8EF4945EAA918823
SHA-256:	DE587935101F0989F410F08C2C3CCA31F8C82A1C9CED4A8CEC22E84A1180942C
SHA-512:	06FB98B17F2964B5D2A3E500E0FB37862D5E86CE9395AB4EC0AB76DFB070C77C579D3964ABF273023A380E25753126E4083833D590F1AED96D983C218EE4F927
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=1.000000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.447722..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-FL6SE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9360
Entropy (8bit):	5.071405821291067
Encrypted:	false
SSDEEP:	192:mZq3JGzQ1ftVrOvJ1uFMtE9va8gnIX4jKTJLQ7nyrCIlXSEbX58lsAyFiGDqzB8e:mZOJGz+ftVrOvJ1uFMtE9vGnIX4jKTJe
MD5:	1445B9C6C6BCF2F7701F5B868FB9EE7C
SHA1:	E6F78E7DEEA531BEFFB097E3B9244D6BA0F2DCBF
SHA-256:	EB4F8B68DFB9008DA4DB0EC816E2D0459FF5E58F484C82BF459414FBB2D65123
SHA-512:	F1D6EC93AE53FBC456F35CA59ED24CC5D0A9E55CB51E0ABFDA0FB259C7BA7F8CD94BD46BB9EB339F3815FFAD444F2114385213759DAB5EC3B957979F9FCFFAE3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=5.000000..fGammaAdj=1.700000..fDecay=1.000000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=1.310600..fWaveSmoothing=0.500000..fWaveParam=-1.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=2.006759..fWarpScale=14.681465..fZoomExponent=0.334693..fShader=1.000000..zoom=0.995037..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.300000..wave_y=0.500000..ob_size=0.050000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.500000..ib_size=0.050000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.500000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-GJEC6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2485
Entropy (8bit):	5.1351413895414915
Encrypted:	false
SSDEEP:	48:MAk1W5Q3JqSl4V3AEDNpnJaNoqjsynuskTDpLhK0sQ3IvW:wH3J4VhDNL7qjs67kTDHFslvW
MD5:	6D3EF9D4FDE7F8BFA56DA1DC91B4944D
SHA1:	55E123DBD82476732DE99250D5C9F61EB27F634D
SHA-256:	E1DC14C66CB7E3A695D04711CF596999E9D46EACA51AF1947187EE4F2AE9C758
SHA-512:	3ADB8CB12F8CB70CE6E5A9351E2F31904B12931D122B22F1F9DC8A89CDF4343ED0DB4A79C2482E44778FBD4AABE828D8A6FD6A5FF8E1B5621B4622374A94C5C3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.980000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.127257..fWaveScale=1.599183..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.010000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-GQFU2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2035
Entropy (8bit):	5.0665931552828685
Encrypted:	false
SSDEEP:	48:p0e1W5Q3JqSl4V3AEDZJaNosnuskTSm08j+jGzzf:SeH3J4VhDz7Y7kTXj+jMzf
MD5:	E942D44D9D7328F342A4E4781DE63AE0
SHA1:	7AD13BF1CBAC3FAAF732FE963EF619FF9E141498
SHA-256:	F54BF9B8D83DAB79A5E66B1A9673AB4C12BEAE911E11BA9DB507CE7F262D67FF
SHA-512:	F204031A76EFFAC22A9B7A31BE377989B3B89CE589CDFAE62224A03F94BC5EBB4C88CF1312C39264F23F6183EC3D7F307C0BE220B909CD30F848618B3FAD75CE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.397106..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-GTG9P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2120
Entropy (8bit):	5.091803766594655
Encrypted:	false
SSDEEP:	48:w/qFOW5Q3JqSl4V3AEAoZrJaNo4LnuskT3jxXhcE1Gav:QqF23J4VhAoZl7E7kT1ui
MD5:	A4F6F864174AA2710D651E1DD07CFA25
SHA1:	5E8EC3DF5F3462B498CC52A9849AC8AC27D886A9
SHA-256:	A22671A6FB637E8B0C6B1B372609D4D5543D10A89BAD2AFF62768B186B9F3A9B
SHA-512:	89BAACAEA66D6DEC40F81F0CE7F3EDB871441491283B93F93236DAAB5757CB2A2115F1E2736DA18618925926FFFB2B82A97F0FE250414E70F33D0840DCC4F7D4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.796897..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.100000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.100000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-HGA76.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5955
Entropy (8bit):	5.136828438664944
Encrypted:	false
SSDEEP:	96:8+eMxQE/TR5qiyhXSqlnDN/wGd9Tl2Sf8LmfdxaJOIJ2JDjiB:rz/N5qiyD2Sl0Oo2Jvw
MD5:	93906DB67522EE97D5EC1EBE95F36B6A
SHA1:	F52A7B017B937EAE62E84AEA57C5AEFBADD3E0C5
SHA-256:	DAC37EC99AC19E8A3E74827F97C9A857FA7F342D69B9EFAF835F6154D749FCC7
SHA-512:	BD1097E46DEB864428F9A8697F69F9E4384D28410B95EA3211AD3CEC98B17ABA91D9D97A54852251951611A7BA50041115AAD05CCCC0E7B47E01675A331E0740
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=2.001..fDecay=0.950..fVideoEchoZoom=1.0..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.073..fWaveScale=1.286..fWaveSmoothing=0.0..fWaveParam=0.0..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1.0..fWarpScale=1.331..fZoomExponent=1.0..fShader=0.0..zoom=0.99951..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.01010..sx=1.0..sy=1.0..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.8..ib_size=0.0..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-LOAA6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3056
Entropy (8bit):	5.212176543239162
Encrypted:	false
SSDEEP:	48:CPb195Q3JqKd3aAEeGFsJaNojOsqqvP+sqdFstRBnfYd0iI4fQF8Afz0ExnuskTv:ye3JgeNTjbLHrqd2tRdfWzRfQF8Afz07
MD5:	1FCA180F7A37C7688A75749CE6AC6B88
SHA1:	5FA8CE1DE6DB5B08A6178D1624BDE5386F27A386
SHA-256:	AFDE23996B010CB6CF1DFBCB440C9875362527DAC03AE7B0A8061AFE00F1816F
SHA-512:	96EADCAD6010FBA724348250F33563ACE796F6C3221FBF1A9E6FF511E9E4B9CCF898B80BCF27606820EF4FFD26775EC96B69EC74E93E33DED71296D5BC28D30C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.990000..fVideoEchoZoom=0.334695..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.255374..fWaveScale=100.000000..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999997..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.005000..ib_r=0.000000..ib_g=1.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-NG7L4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2295
Entropy (8bit):	5.086734589242887
Encrypted:	false
SSDEEP:	48:MM+qsd5Q3JqSl4V3AEWmJkN2y/nuskTv47KgAnJm+0f:zRV3J4VhWmJXy/7kTQKgAl0f
MD5:	FD32B688EE390FB54743A9E48EFDCBE6
SHA1:	040F44E9F1663269BA24F6C5E01A90F1FA192F73
SHA-256:	DE8C7A8C48E2D6B2A04E5B13D866439FFE69D228A81B639A005DE427BA9C0621
SHA-512:	DA8485FAFED7406ECDB0A77564DB8D1C986EA2A0C38C517385C911A992CBF3539DE9BD249023DF2A659D38FB29AE94D345D4C0B2D71A484195DD8339ABB9F029
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.5..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=1.008000..mv_dx=0.0000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-OPJ0L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2180
Entropy (8bit):	5.10467842773469
Encrypted:	false
SSDEEP:	48:cyFbk5Q3JqSl4V3AEWmJlJaNo+bfnuskTRahjA2SuP53:FFj3J4VhWmJX7G7kT0J
MD5:	B515B989AA84684486DE1892DD61EE1A
SHA1:	53FACB9FD31689561974ED00F84893233D24B854
SHA-256:	8008E6FCC11997BD18932F950AE80D65B914363C219A970D0BF4186C7F41708B
SHA-512:	4F542F83EF396B235C69555DD7E1C00FA19140AC48C87EB2AA6A9251269556C308307DD522121AE7075915950260A690FDA2754653E76DDC63BD576C390144A0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.990000..fVideoEchoZoom=0.741918..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=3.072694..fWaveSmoothing=0.000000..fWaveParam=-0.500000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=2.781671..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-QUMD0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	5.054029858017568
Encrypted:	false
SSDEEP:	48:93musW5Q3JqSl4V3AEaaJaNo2se3nuskT1BEh:FZA3J4Vhaw72seX7kT1G
MD5:	05221D2F8B52E7919B92EBDB9EFDF409
SHA1:	B3A5360963DC31221952D3657F68194C7C63B66E
SHA-256:	FDCA24A98D7D0BB20AF185662F090DDF552E19549E54E6AE937791E56DAF2888
SHA-512:	CCF28324BE597B395CC7F74866BAAEAA7FE79C24AA864E73F346A73CC9B49CF42DB5AD69894309F6135E0BCFCF18B5391294D034F84A909CFCF6DD39F23D982B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.980000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.05..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.020000..ib_r=1.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.0000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-RQ9AI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8419
Entropy (8bit):	5.195578794689031
Encrypted:	false
SSDEEP:	192:rH8s5qq6nL9RdAOgwZnbXmYCKfwo04b7kTdnI28kM:rH87L9RdAOgwZnbXmYCAwo04boTd4kM
MD5:	AE861DF59ADDF2A18AF288CB7F7D8826
SHA1:	B12BB39D63F531824E58065158396F2DDDE7F298
SHA-256:	F91428F597130D8F9BBA5ABD6B8C96DD6BF04808A4C5B454249FAF3253884450
SHA-512:	58988D4B3836F19944CCC65118C90B02E383003E6A8ADDBF4F4074E207A5CA88763632FE270A20D0F938D36DE2AA53F16807AC29C1CE8809650507061A98B1DF
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.399..fDecay=1.000..fVideoEchoZoom=1.488..fVideoEchoAlpha=0.300..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.691..fWaveScale=4.778..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01010..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.90

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Aderrasi\is-UNULP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11092
Entropy (8bit):	5.1215487904524295
Encrypted:	false
SSDEEP:	192:f3JYWPQ1ntZ7fOvI1uFOtE9va8ZVIlmKTQLQ7nyrCIlXcb1lsvyFiGDqzB8uMuwV:vJYa+ntZ7fOvI1uFOtE9vLVIlmKTQLQZ
MD5:	B2A9BE9BC96CFE5969369F9DEFE0D089
SHA1:	06FD40E4D20C1AEF03D14E8E852FB69B9D88F991
SHA-256:	F59976CA86103CCE84FF46C746BCF77122D1EA21FB8E7F7EC5EE017FB3BB4F04
SHA-512:	6BE1E2A95107510E3ADD239018BFD11EA487809E17812C3ED793A8D1D2A846509CE46524E6389ABD1425998867412BB5FA79CE1B24D2B9DC0B1E4A253D6F7B8D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.816690..fVideoEchoAlpha=1.000000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.447722..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.451114..fShader=1.000000..zoom=0.498313..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-04MSU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7111
Entropy (8bit):	4.875726563839343
Encrypted:	false
SSDEEP:	192:bx3Jg/1Ltff7fn291HFMtE9vRI0KTQLQ7Ory7I8vWdOlsvyFiGDqzBFauFiAWIJL:1JgNLtff7fn291HFMtE9vRI0KTQLQ7O1
MD5:	A5D44D51A6E93DBDDE1937543314A7CA
SHA1:	0FB6F2DF352C1F9F86F57D15B86C6AB0E0419525
SHA-256:	FC582A427FEAEA7823DECDAF58091E7581372E2D48C07923A4234740358EB2CF
SHA-512:	DF4693BA7C1A3D6B92195A8928331CDA4FAA8BCB54657E8C0720597B6300CA98BD478E57DDEE7ECB2C2AAA820AD47D63B5CDC0B2A58F574E6ED5E3F5441C40F4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=1.001822..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-1793G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	20153
Entropy (8bit):	5.215920448560841
Encrypted:	false
SSDEEP:	192:r9aQ0qvZMdtqlGkx/BrTJcCrD9KmSgfrXEWdXhn2nv6e8d2ga:r9aQhvsq1HHm0D9KmSgfrXEsGv6Zd27
MD5:	C0B8E22E7A3C72FC28BDFCE6EE5B9719
SHA1:	203F26F65CFED949FA93DF1E4BB4D5CBFA457618
SHA-256:	49DC037BF344F6D9C2FC9BC1B6DC00367495FB811EA3B59889A2C63D8BE135E5
SHA-512:	1AFE2D143DA9167FBB21168C4E1303E8572FF6260A6FE7D7B3A1630EFE78F07EA350F65D5BF15759DB1B4FDED182D128E503871D4D60D21F90C70273DA24576B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.700..fDecay=0.960..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.012..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=0.037..fWarpScale=0.015..fZoomExponent=1.22019..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.03300..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.400..wave_b=0.300..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.090..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=3.000..nMotionVectorsY=2.000..mv_dx=0.020..mv_dy=-0.020..mv_l=0.15

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-1HGD7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16223
Entropy (8bit):	5.066340454595237
Encrypted:	false
SSDEEP:	384:YqJfCir0stqf7fO2e1ENtE9vnwoDIna4FlTQSh7nyrCIjuv1d5dkN20ZixD7OKrT:YqJCstqf7fO2e1ENtE9vDDIna4FlTQSF
MD5:	DD81F7E159493BD3B92183AF6229D1C3
SHA1:	67D4D8E2EB2BCC75285E157E56E872183CFFCD2A
SHA-256:	AFB4A90DFEC3E290C927B6ACD93AB4B7E22D008CCBB04E757FA1AC1764A3B0A1
SHA-512:	691786E7E473EEC82B35DB05ACDF32FB1CBAACC72B4FF28E74FA58129E5D569C89A10F949FD92BCE882E54C9E32595F8B3286222AE743F2989F60466030DC5D9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-1UNB8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	23618
Entropy (8bit):	5.167662895438339
Encrypted:	false
SSDEEP:	384:rfvDLnB7TqjRnDQ6QAOgwZnbCyYCSr33UXXX6j:rfbL12tbQAOgwZnbTYCU6XX6j
MD5:	784397D63F2CC924BD4883B8FAFAA7FE
SHA1:	F3B8741C37024ADF7D2850F6A8571BA954B4547F
SHA-256:	FDA15A8440B5175EB67E01D7D80473A0D5EFBB54FABB4D7C40BF972C73C84AFE
SHA-512:	14B49694A04295847954E5A9582567505817D1C70CB4E7FA6C5236E435039755A2B07959E9F88C57717E83E29DAE25C8D9E908560632FB735817FAAC67FFE43A
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.210..fDecay=0.960..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001..fWaveScale=0.012..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=0.037..fWarpScale=0.015..fZoomExponent=1.64463..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.03300..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.400..wave_b=0.300..wave_x=0.500..wave_y=0.500..ob_size=0.035..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=43.200..mv_dx=0.000..mv_dy=0.000..mv_l=1.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-2P44S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10253
Entropy (8bit):	4.940220222291208
Encrypted:	false
SSDEEP:	192:Zmr3JfNS1DW1lKr1n29z1EMtE9vEkR0KTnES7nyrCI4vdFTd58lsvtniGDqzwFDK:ZqJf7lKr1n29z1EMtE9vEkR0KTnES7n4
MD5:	32861EF56D9D2C07085E36496B4F2040
SHA1:	D3775805E594281118FE51F880862B02E39B1CA4
SHA-256:	2A3928303C15F489C86298DB67B66D76021FE0BE671781ABA3ADAD8EDC067456
SHA-512:	7597FBC1235BC4E3CEC5C7421AD9F058274E86180D469B3C6F6D854A1B91C30FDB6BFE24FF11BB8ECC28A6B07234FC8C56981FAAED32B97F6E391FE9C65E7D7A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-3JNV3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19280
Entropy (8bit):	5.052024597714383
Encrypted:	false
SSDEEP:	384:9AfZZR322Xtbf7mVY91uFMtE9vupI0auKTQLQ7nyrCIbvpd58kNvrFbGDqzkFash:9AxZR322Xtbf7mVY91uFMtE9v4I0auKl
MD5:	3B1BB2259EB676AD8F9703D82281D722
SHA1:	D5250A15A83B2F49215C53BFBCAD7982E29B307E
SHA-256:	9B8BEB2FB5A516D463D2D55E78FECC9DAD85D95DFB43ABB175960678E81CEFE7
SHA-512:	DF84A97FE1635D38B2770D03D6F3B7032530C130A8EFC430EF9662F39A5E0D2A41A43AD8F3F36B0F548AC7CAB7F4B04B5DAA9040557546A9F46B8EACABA0D338
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.280000..fDecay=0.960000..fVideoEchoZoom=6.600763..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000001..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-43G0Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5854
Entropy (8bit):	4.758188016641815
Encrypted:	false
SSDEEP:	96:J933JgcNQ1bPtHf7fn29tnHFMtE9vlTICaDK6QLQ7OyrCI8YvHNLd58lsvyFxdG0:Jx3JguQ1LtHf7fn291HFMtE9vhICaDKx
MD5:	582F9A0251160D9BF90FF4A827412CE9
SHA1:	162D86DA1719C07DB5D050BAC08E74810A1CC364
SHA-256:	C3C4BA488DF1B8D1F4A0DFBD0CEDC3E5A5DE545883D3701F535610F14F60DEF9
SHA-512:	20B460AFDE1559D5EB29CC5A4CEEE6F47ACB9AE1B571AF50DFE195368FAF21BF2E60A76A412ED48AB78F33D58B70675F73C604244F0FE2C0434F12080F7E00D0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=1.615172..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=9.600006..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-6ARCB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7471
Entropy (8bit):	5.139656764856156
Encrypted:	false
SSDEEP:	96:Fgrg3zkKk81mPOStn6iIvwNxv1+RQv2tqW/S:6g3zrP1mht6Ni9Mqv2wJ
MD5:	965EA861D5BB8EE2DFD9E8DC9D14A0F2
SHA1:	8161D432A977EEB74B42FFFC286BD1AD7FF856F1
SHA-256:	9E746FC1434B77E5199ECBE630EF5F2A3D642822FE7A91C01A857B9AC19306E5
SHA-512:	E7047EFED9B27D311322AB717C3765B97473C91233EA94B8AF1B055A1947D6378D76561562BE591D9E49FA6639FBE244EE1164171026FFC790D68F2E1699F9DD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.0..fDecay=0.950000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.0..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.019788..fWaveScale=0.011726..fWaveSmoothing=0.9..fWaveParam=0.0..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.0..fShader=1.0..zoom=1.0..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.010000..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.4..wave_b=0.3..wave_x=0.5..wave_y=0.5..ob_size=0.0..ob_r=0.110000..ob_g=0.0..ob_b=0.1..ob_a=0.0..ib_size=0.005000..ib_r=0.0..ib_g=0.0..ib_b=0.0..ib_a=1.0..nMotionVectorsX=31.999994..nMotionVectorsY=24.000004..mv_dx=0.020000..mv_dy=-0.020000..mv_l=1.0..mv_r=0.490000..mv_g=0.480000..mv_b=0.300001..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.0..b1x=1.0..b2x=1.0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-6NCGG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16178
Entropy (8bit):	5.138288057002602
Encrypted:	false
SSDEEP:	96:40BswNfhvWZqReAIBz4fTV3GsT+u8JOHfDTGxCPHlYIhpGwqokpRYbLr3zEuOTW+:DadvilG0vguOkFPs7JcCrF9nclYcO
MD5:	033E77ADE5625F5F228D278E7F738C4C
SHA1:	82C9E707685165E212E993937BFBF0E700D5288B
SHA-256:	3567368D8B309ED8EDEACC2206B8BB286C6B6D02C171601447EB4CF22C66DEAB
SHA-512:	74ED474FD3D33D6257C357EA10E53B8AF089B4776C25995089CCCDC874211FC7D8A1A6C99F76B47B5B38837148D724933650BFC992540C51F86A36697F2B7FC3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.7..fDecay=0.960000..fVideoEchoZoom=0.999514..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.9..fWaveParam=0.0..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.0..fShader=0.0..zoom=1.0..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.033004..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.4..wave_b=0.3..wave_x=0.5..wave_y=0.5..ob_size=0.050000..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.299900..ib_size=0.090000..ib_r=0.0..ib_g=0.0..ib_b=0.0..ib_a=0.0..nMotionVectorsX=3.0..nMotionVectorsY=2.0..mv_dx=0.020000..mv_dy=-0.020000..mv_l=0.150000..mv_r=0.490000..mv_g=0.480000..mv_b=0.300001..mv_a=0.0..wavecode_0_enabled=1..wavecode_0_samples=512..w

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-73DMN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17040
Entropy (8bit):	5.1839671488207735
Encrypted:	false
SSDEEP:	192:raXawdvilG0vguOkFPs7JcCrF78oj3Vn22ms:ranilvTlim0F78sNms
MD5:	6D05CB5727CA22C936B9B078F9E9D024
SHA1:	D49FB7AD9C9597813501C99E41B841F54EF55C56
SHA-256:	8A9018564BB1B4366D4EBFEDD0A70B51B3B0D246B86DC8E481FB547A35366398
SHA-512:	5BDC3803DB6A60FB451C35C16EBD603023D414E9E46D4D513BEB59C45E0C44E0EDF1061B625DDC574C0FF6A1F08E8A3B1D405E39D2128115C552B7B245575485
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.7..fDecay=0.960..fVideoEchoZoom=1.0..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.012..fWaveSmoothing=0.9..fWaveParam=0.0..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=0.037..fWarpScale=0.015..fZoomExponent=1.0..fShader=0.0..zoom=1.0..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.03300..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.4..wave_b=0.3..wave_x=0.5..wave_y=0.5..ob_size=0.050..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.3..ib_size=0.090..ib_r=0.0..ib_g=0.0..ib_b=0.0..ib_a=0.0..nMotionVectorsX=3.0..nMotionVectorsY=2.0..mv_dx=0.020..mv_dy=-0.020..mv_l=0.150..mv_r=0.490..mv_g=0.480..mv_b=0.3..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-7VHFA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6798
Entropy (8bit):	4.82495862810431
Encrypted:	false
SSDEEP:	192:Rx3JgtO1ut/f7fn291HFMtE9vCIuaqKTQLQ7Ory7IHvtdslsvyFiGDqzBMauFiAV:PJgtEut/f7fn291HFMtE9vCIuaqKTQL0
MD5:	52084EF8173B7FC6106E712D3947C299
SHA1:	B342CCE82D667F47F13C4C6B9AB4E641CE2570C0
SHA-256:	88AF9545E05BB705B470E991BD28D7B9677F1123A9631EC2753FBCA4779EF107
SHA-512:	E7CE5DE9DD98C6EAE0567BB4485D71D7F4F23B70197635C691A82B3DFB02B96594B9E6CBE3320936F57AA2797602185251B040F509F355F82D035AC62E1F62FE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=1.970816..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-9KC7I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6859
Entropy (8bit):	4.868570707296349
Encrypted:	false
SSDEEP:	192:nW3JgnQ1LtHf7fO291HFMtE9vUIoaDKTQLQ7nyrCInvdFTd58kNvrFbGDqzwFDa6:iJgn+LtHf7fO291HFMtE9vUIoaDKTQLk
MD5:	F4F33A31297D5F116565F4BFC8EB8785
SHA1:	EE29922A4EDD9D80F0934CEA7873399E770FDBAB
SHA-256:	07C533DE4A8B355EE8237B7B93CE7055C87D5530BEB6DA335E6A3ED3CFFF9A2B
SHA-512:	F4596984A9BDD8676402DB26A387EE16F6D066696E800FB204264A7394CB2C10AB1DBD6D528C92A3832E19E3874C79D7CCB42A7B90578F615F60E1CBE237B28F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.498313..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=1.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.030000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-9QBMD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7537
Entropy (8bit):	5.003902877559558
Encrypted:	false
SSDEEP:	192:Mv/wy1Yt7fKn290HEttE9veIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqzwFDn:Mv/wQYt7fKn290HEttE9veIoYa4jj6Qt
MD5:	0780B9C771BEAD1AC8EB3C303CDF6141
SHA1:	89BBB778C3917582D53494094304A408442B0CDC
SHA-256:	683D0C04F635FF79770E33802828D89B3A752B4EF960F3CED7D4776D885E5CF1
SHA-512:	01F4CCC6283DAB44EBDC083BB54063E764A83E6962F0BB5DD4AD9390DAEFCFF28C4B7644A1E8008AB5DF9C81D5B509ACECE0C0004BF0BC5BFE51A2F8F3E56298
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=3.679999..fDecay=0.900000..fVideoEchoZoom=1.000747..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.999974..fWaveScale=0.000009..fWaveSmoothing=0.900000..fWaveParam=0.173490..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.350000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.039900..rot=0.180000..cx=0.500000..cy=0.500000..dx=-0.059000..dy=0.000000..warp=1.508800..sx=0.999900..sy=0.999900..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.448434..wave_y=0.121660..ob_size=0.008955..ob_r=1.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.045734..ib_size=0.003418..ib_r=1.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.732955..nMotionVectorsX=1.000000..nMotionVectorsY=1.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-9TRIO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21109
Entropy (8bit):	5.2324742804531805
Encrypted:	false
SSDEEP:	384:UJyV9uMjpo/Zn290HEMMFcvQICVKTnLQ7Ory7Ii/vcdzlsUyFiGDqzBaa/x4JyRb:UJy93po/Zn290HEMMFcvQICVKTnLQ7Ov
MD5:	7D2240C6FE78D35BCC05B827872B15E7
SHA1:	71F59F47F0B748FA458429651B18E7ACB9106E26
SHA-256:	2C8DDC21CE806EA750718FE510C5DC9379EA3D720F5DB6FDBE4979B1DF282836
SHA-512:	3AF6564CB979D8F784D2CCBF9CF6BDC1F7A3FCFB0E27854A1289AE59E590BBCB4AC64D48104FC3BEAF51622A18A10129815746DF390D09F49C2C894F7EE3F808
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.500000..fVideoEchoZoom=3.012146..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.010000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=12.799999..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-AA542.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12702
Entropy (8bit):	4.989513851009588
Encrypted:	false
SSDEEP:	384:hPJfa4Jt2fk1Ov+1uFMtE9vqKIoYa4jldtDEhCnyrCItvPTd58kNvrFbGDqzkDa/:hPJi4Jt2fk1Ov+1uFMtE9vbIoYa4jldG
MD5:	32143C29AF330D2A69342D3A4AF9F579
SHA1:	D2E0229FFD1EECA091AE00231ECA419141B351D2
SHA-256:	9AC2256C5962927F6EF4CA96BCC6CE30523256FAD7AB640B279EA9E609931E33
SHA-512:	30A49CEEEED1DB496CB67B622B3A3AD424F6376C89618F7A090F0BD90808F131BE7C51B72B70B98700C76BD1D2A00003F73E28360B102FD3306C3DC41794B9D6
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.210000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-AG5E8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9255
Entropy (8bit):	4.966080587329067
Encrypted:	false
SSDEEP:	192:umq3Jf7h2xgXx3NMS0tXfJn290HEMtE9vZIjwKTQLQ7nyrCIgvdFTd5dkNvrEbGz:uPJf7M80tXfJn290HEMtE9vZIjwKTQLX
MD5:	4D14B4471DE7078A786E89BCA2429941
SHA1:	0AB68A39D0612D97964E159FE936E854E1116103
SHA-256:	5A6D3DE18D92F130755189BD9D24FB56A3AFF55778557911AD39719C4A45EC7D
SHA-512:	6E79A0046CBF4096B92EC19179D30ED8163BF98429DA20550CE74C6E047188142FA62400236E84072710732E12772919205219E0D30F2D8526D769E86502953A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.960000..fVideoEchoZoom=0.996629..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.350000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-CPBLM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5853
Entropy (8bit):	4.680491630930972
Encrypted:	false
SSDEEP:	96:qF+rr3JfmefQ+QzJ1KS0tCf7mn290HEMtE9vVITITa4j2tJQF1tSCnyrCI1PvHdk:Smr3JfNIjV1KBtCf7mn290HEMtE9vVQA
MD5:	68270DE29AC9E3E779DFF68BF233A552
SHA1:	1D38998F1B819BC5D4A764E8917ECE7990713526
SHA-256:	EA75D181BBE98A6B294DAF85F57D265E6A1D0AB12FE4EC1DF77122926C3932C8
SHA-512:	F4497F5F075398C780BAC417F7BB7134FBADD2B60794C2297E18DA1189889AF7A33040F50A603909C9A887B14C0CEAF5934C976DC05118A5FC546FA538794F8D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.000000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=1..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-F6C3V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15607
Entropy (8bit):	5.1857579395156845
Encrypted:	false
SSDEEP:	192:r0vwSaPlULVLnguOkFP0TJcCr86vgAOgwZnbXmYCKPlG12vt4tAt/tlFT:r0vY0TlCm086IAOgwZnbXmYC0Ge8UV7T
MD5:	F72097A988DFF36A5BF12319438790CB
SHA1:	2CC462C2ED194EDB05316E42605A43D92FC6C2E5
SHA-256:	C2C996FB61BDBC906440EB20B9D134B32A93F52BEDE9F505E87D9E566448CED6
SHA-512:	078C0E4D131B404E964F0A91B7F62113B94EAC6AAF591131867CA8B34AAB19E73F3B49AF2669584202A9FB7E932536E7A445F1F69F81661525EA34A3DF42E272
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.960..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.012..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=0.010..fWarpScale=1.611..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00400..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.12532..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.400..wave_b=0.300..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.110..ob_g=0.000..ob_b=0.100..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=3.000..nMotionVectorsY=2.000..mv_dx=0.020..mv_dy=-0.020..mv_l=0.150..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-G5U8P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8365
Entropy (8bit):	5.048270511465389
Encrypted:	false
SSDEEP:	96:8+eMrrUdvKtD8TALlFmJ0SkAB3qRfxzOgdmncOuXmYzmzLIllGJ2nqS:r8dviD8TAx8kAkRNOgfzmYCzL+I2h
MD5:	BBCDA667E6AA8558D1DD9D034254ADF0
SHA1:	57FCDFF5D6E2028092D9F7404BD89560F9A998C6
SHA-256:	D9CF5390A1FF4F7A8D92E2BED9E94CE116892B18F2D34A49A1F7F67931C75F7C
SHA-512:	E46DA4D2EF6DCD64EFDFEE9C99026D8C9F5BFC0DDD2A1EC26B698419C0F47FA3045B3B2940BA2460B3F47E148C2CAF9C4A3815148D4162082985F6785DD37DEB
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000..fDecay=0.960..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.012..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=0.010..fWarpScale=0.010..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.400..wave_b=0.300..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.110..ob_g=0.000..ob_b=0.100..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-IS4JU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18904
Entropy (8bit):	5.047829492391614
Encrypted:	false
SSDEEP:	384:xAfZZR3v0Xtbf7mVY91uFMtE9vupIRa4jKTQLQ7nyrCI1vPTd58kNvrFbGDqzkD9:xAxZR3v0Xtbf7mVY91uFMtE9v4IRa4j6
MD5:	F4995783769928474EB3A42C1A762934
SHA1:	F656BAB3D0CB3927A9D060C721AD353684C010B6
SHA-256:	20C4C2B72B62017B8D23F32C6FC961428364AF2CACDB44E563126088C19205D1
SHA-512:	C7233E4A9F6260AA896C181F88208EB6F1881CDFA5B2D805189E2EC29A284DC53C41E1F08E06DB3BE16CA8F82B22E1A3BE0C55D0C41E3EC7B4388E2CC3480173
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.280000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000001..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-IVS55.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16365
Entropy (8bit):	5.061257159534407
Encrypted:	false
SSDEEP:	384:8AffZnVRTlim0FBttSAn290HEMtE9v/IoYa4jj6QSQCnyrCl1vPTd58kNvrFbGDL:8AnpV5lj0jtAAn290HEMtE9v/IoYa4j9
MD5:	C12516C2CE01E1BD892F9A8E37E6D5DB
SHA1:	773D859F4BFD30DF4185F2D1C89680BEFB573328
SHA-256:	A813B53641B86DD6D2AEC5FA052B04AFB77C571A593A7B89E394983BC029C83C
SHA-512:	5401C9F61D891CF4BF848A2F926CF4C0EDCA35821DA3F313BA2F47F7B34CF1AF06D06730D104CD98FE5FE8D351FF4C9C75D83E2D9D101443152D78F74802BA29
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-JITLO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16339
Entropy (8bit):	5.062138982077011
Encrypted:	false
SSDEEP:	384:aAfRnERTlim08BttSAn290HEMtE9v/IoYa4jj6QSQCnyrCl1vPTd58kNvrFbGDqz:aA5E5lj0CtAAn290HEMtE9v/IoYa4jjk
MD5:	3C1F73D93C5D84C319C285B4F4416002
SHA1:	530AB8CE3BD6AF33F7E41D7A4871653C35C9B7D8
SHA-256:	110D01E0427B7F06D756504AFCA1849FB7FFF2C7F91F4BA352F610AE76D9B546
SHA-512:	C4332C8B17FAFE1B31C1261B302815F6815BDE43F4164F6625EAFEE62FB7091174EE9668137906922288D9C9686D97651701D82241BC7BF402E7297F7F7822D1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=3.000000..nMotionVectorsY=2.000000..mv_dx=0.02

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-JO30Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8895
Entropy (8bit):	5.060922019555973
Encrypted:	false
SSDEEP:	192:4OoKSa1vtVFn290HEMtE9vIILia4jKTQLQ7OyrCIHvXd58kNvyEiGDqzBosapAWZ:4OoKS4vtVFn290HEMtE9vIILia4jKTQ4
MD5:	CEF975DC1BCE45536B358A837207EF31
SHA1:	34C6571FCC0EE3FD8554A03711E8945DF0C7D071
SHA-256:	7B4B4073898C1D797C9E82F8FB288C48CA5014F3BC7CDCD1DCF0CC6280E91D85
SHA-512:	7B6FAF12902F3390E62516ABAB879304916A103A50ECAB807B8981A119A0229DE50502D294D52B57084FF5164BF9F34CBE8A29CD37EF775BA3794E15642373E9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.940001..fDecay=0.900000..fVideoEchoZoom=1.000747..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.002906..fWaveScale=0.262110..fWaveSmoothing=0.900000..fWaveParam=0.173490..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.350000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.939900..rot=-6.139995..cx=0.500000..cy=0.500000..dx=0.001000..dy=0.005000..warp=1.508800..sx=0.999900..sy=0.999900..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.448434..wave_y=0.121660..ob_size=0.008955..ob_r=0.600000..ob_g=0.000000..ob_b=1.000000..ob_a=0.149900..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=1.000000..ib_a=0.000000..nMotionVectorsX=1.280000..nMotionVectorsY=1.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-K3NSQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5819
Entropy (8bit):	4.762973938250411
Encrypted:	false
SSDEEP:	96:y9X3JgqMgQ1lPtLFpf7mOv9tnHFMtE96FzTIEFYa4jj6QmnQCnyrCHFVPvHdFPLa:yB3JgqDQ1FtLFpf7mOv91HFMtE96FXIT
MD5:	C22388DC726291AC6B6816A3AE95DA50
SHA1:	B7B72700C88195D0CE1D2B5A1394399C414B6D19
SHA-256:	AE7E333568A0E5FC8148FF75323AD81EBF3ADFC2A0E090FA7B50AE7D200C0038
SHA-512:	A6A2F02BC93BAE7B9F497271438698A3F3039B81A7971B9AFA1E1847CB5650DA3B2098D0356F0358A60278FB09E05C6F1C61E4FE0BB3735C7AA87092EBA3861C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.950000..ib_g=0.850000..ib_b=0.650000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=9.600006..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-M548A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13442
Entropy (8bit):	5.074146196353136
Encrypted:	false
SSDEEP:	384:/EL0jJt8P2c1uFMtFlvmeQ2KThLQ7nryCI7/UvndwkOoAFixDqaB/aGAWZ44yR/a:/E4jJt8P2c1uFMtFlvmeQ2KThLQ7nryG
MD5:	E602ACE3878EC33368F5B6B01AAF3B8A
SHA1:	EC61AEC3DDF27EBE9FD7EC7F86AE4E0B2B839ACE
SHA-256:	72DD1D3944E186589A87E2C90E6832CCDFF7D35E3763A87BB4D9A3952AF047F8
SHA-512:	D7D03D9C9E92E2D80E77E0EA3BD69C9D07C47CC733715832B9A5F7CD895F4F197FF634AC1933D1390324499F821B69A0D1375B6B0E5CD28B4ACE1EDA01B196D9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.900000..fVideoEchoZoom=0.999999..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=2..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.311600..fWaveScale=1.228910..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459526..fWarpScale=2.006761..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=-1.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000001..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-MCB45.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	23221
Entropy (8bit):	5.109059057194534
Encrypted:	false
SSDEEP:	384:xAft/nBbTrj8g29BttSAn290HEMtE9v/IoYa4jj6QSQCnyrCl1vPTd58kNvrFbGI:xA1ftjrKtAAn290HEMtE9v/IoYa4jj6N
MD5:	C4B28D539EFE3F12C772A4AE2B698CC8
SHA1:	F8B82CA7BDD3F57D135724DBB9254AC224A395D1
SHA-256:	3B0601AF0AFFD140E1AB3887C31589C81522B053B6FE9E096764A40AE817D6AF
SHA-512:	6A6B5C75B4768EACFD90DFE1A01B785D2A078B09E179FAFAFBDEDC292C9448F224CE32DC3B10A8AE991A47385AF78217200BF106B82E3594C393CDCDD8251FD7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.560000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.005000..ib_r=0.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=43.199997..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-NFHT1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8938
Entropy (8bit):	5.064209189750011
Encrypted:	false
SSDEEP:	192:LOoKSa1vtVFn290HEMtE9vIILia4jKTQLQ7OyrCI+vXd58kNvyEiGDqzBosapAWQ:LOoKS4vtVFn290HEMtE9vIILia4jKTQe
MD5:	385F76D3B08B823F316678AA8ECFD8C7
SHA1:	A1445D6046F303DB41889EAA608068662DEF6477
SHA-256:	45C2BCF8BCF079E5929E180AE70B065B17C00225C18BCADEDC67C78522AFE392
SHA-512:	5E541D764FD7354705DE470F2D50BD9D5FF8B449B98FCC72B26FC32D49E8628CC5A5D8ACA124739B7999E3575D056FA83478ECE080A1205086EB63CF10D30CB7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.940001..fDecay=0.900000..fVideoEchoZoom=1.000747..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.002906..fWaveScale=0.262110..fWaveSmoothing=0.900000..fWaveParam=0.173490..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.350000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.939900..rot=-6.139995..cx=0.500000..cy=0.500000..dx=0.001000..dy=0.005000..warp=1.508800..sx=0.999900..sy=0.999900..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.448434..wave_y=0.121660..ob_size=0.008955..ob_r=0.600000..ob_g=0.000000..ob_b=1.000000..ob_a=0.149900..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=1.000000..ib_a=0.000000..nMotionVectorsX=1.280000..nMotionVectorsY=1.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-NJPQP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	20222
Entropy (8bit):	5.097560218662831
Encrypted:	false
SSDEEP:	384:JAfB/nBXr3tjRzn8xLfIn290HEttE9v92aGKTQLQ7OyrCIdZdUlsvyFi/DqzBtfT:JApf5xZGLfIn290HEttE9v92aGKTQLQE
MD5:	B2D7FEAAC73FF2B1212ECC1CB2ADB5B3
SHA1:	1B7838896648F1D13F585E4BD085B95F43851C50
SHA-256:	17289F472DC66266ABDA1F1C2DE81934944C9C4DF2C14E3E370B72979C934412
SHA-512:	865A4FBB08B32E0A0B2845B2BBF27533DA7C547429EBBA8A86CC8A2A5D2CD93CB8590B4DD310A0EC3E56AF432E2A4A2FEDFB0B946D93FAC5A98316D2B5DC9C29
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.980000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=43.199997..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-OSTLC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11054
Entropy (8bit):	4.981932989217585
Encrypted:	false
SSDEEP:	192:MmQ3JfNs8kioAyc6wt3fgxtD90HEMtE9vMIEFYa4jj6QSQCnyrCHF1vdFTd58kNk:M3Jf9t3fgxtD90HEMtE9vMIoYa4jj6QN
MD5:	B049A34FA4A856A046F306601476C26E
SHA1:	4560F03D5741336F5670D62A2F203C0FF595DBBF
SHA-256:	3E93F34937B79977DFFC574EA9B34E9A0EC8931AD64CAA22297E0E19ED7631EE
SHA-512:	945B62376ACF77A83B5F538783050CAE91A0ED50A783A6E1D514547705C0EC888D145AF581B54B7EDB87BC6C75C8E52289A5FF16F79CE70CC89B1F7F905B1132
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.005000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-PI9KV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6117
Entropy (8bit):	4.820679471678462
Encrypted:	false
SSDEEP:	96:C9c3Jgcnch1bPtHf7fO29tnHFMtE9vv8IoaDKTQLQ7nyrCITPvHdFPLd58kNvjne:CW3Jgnh1LtHf7fO291HFMtE9vUIoaDKp
MD5:	A4ECFE409BAE59C14093B5C42BB09D72
SHA1:	36A7FFF688EECF2546010E989A3F6F24522663FF
SHA-256:	37EFF5BB9C24002F3CC0F616E00B48CA4598B0633E60A570E31C2DDEDD7AA319
SHA-512:	2FDE8563976B90B2610AF6E0EEF820902FA7354B349BEECA57DFFFA127BDC97D50F629B71D85B27EC3992C09EFA868DE326AAB0E2623679481063C3785BA8795
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.498313..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=1.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.030000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-PUMEJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14170
Entropy (8bit):	5.076544550663025
Encrypted:	false
SSDEEP:	384:RqJf1hI1l9YkAWtnfCn290HETtE9vmIkaIjj6hSQCDyrClQDvPTd58kNvrFbGDqS:RqJHMbfltnfCn290HETtE9vmIkaIjj6S
MD5:	4D8FD3878D56C912FA672D166B98A244
SHA1:	21389BCFFFC87E4CD5A67A1CADD124BD6A4B364E
SHA-256:	8EA996989DF49E66E077E6D887264C6302DF0C30F7C43C4E8B700DF607214CC2
SHA-512:	695A9DBBFA04E5EE70733A444AA30E2E605DE6C04D08873A90A3046BAA5922D575F379034AD8BCFB314B38992349EF4E89F69B51D6FC53D74ED5AE9C7034FF1D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=2..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.030000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=30.080032..nMotionVectorsY=35.040012..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-Q4RM0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6238
Entropy (8bit):	4.8239538369714134
Encrypted:	false
SSDEEP:	192:nW3Jgnh1LtHf7fO291HFMtE9vnIoaDKTQLQ7nyrCIjvdFTd58kNvrFbGDqzwFDaa:iJgnfLtHf7fO291HFMtE9vnIoaDKTQLI
MD5:	90D1FE6E6EE386C06C9BB1DD365AFA34
SHA1:	C21CA9351D9CA2A932A010989EF42D140976B477
SHA-256:	4E6CBE535F952EEF1D6F3DF87A5D0E3E7AF16D5E3920D47694F03B668FA2EFF6
SHA-512:	70D2291AC7050C1E6DCA38143A1279B9B1252F90202DFFF08D3F0EA1AD1866568EF21EDE993830B7207C7F3A5F32DDC47BE8C8140BEF0CC4977AA32667FDC5D1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.498313..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=1.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.030000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-QDEAV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13489
Entropy (8bit):	5.084551162411344
Encrypted:	false
SSDEEP:	384:ONLFgEBbd9ntt8P2c1uFMtFlvneQ2KThLQ7nryCI70UvndwkOvAFixDqaBXaGAWT:ON5bhtt8P2c1uFMtFlvneQ2KThLQ7nrh
MD5:	04C2741F81DAF645C901DE8116260B9A
SHA1:	C29964BEC4BB5FF443628E1864899676B82FF01F
SHA-256:	341E7FC2C04E9073D94A597BACAF60D23469D1ED5400914025866A6C7B12E612
SHA-512:	BF6C36FDEE5AB7498CCA1984673383CEFBF7FC624DE163B716DE4F0010A3BEA6F08232AAEDE96095EC99D379889933170EA3E9FFB44AD1F81B230F487BE56397
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.900000..fVideoEchoZoom=0.999999..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=2..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.311600..fWaveScale=1.228910..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459526..fWarpScale=2.006761..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=-1.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-RBA0A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19046
Entropy (8bit):	5.049916817486513
Encrypted:	false
SSDEEP:	384:cAfZmQKXU0tafSVYf1uFMtE9vcaqa8KTQLQ7nyrCIsHod58lsvyFiGDqzBo0dA8Y:cAxmQKXU0tafSVYf1uFMtE9vcaqa8KT9
MD5:	F5F47D359D6441A13D0F3960FEC71533
SHA1:	C7D425CEC9DF813D7A2BE07186D8E48B405D6E49
SHA-256:	5EF79CDA49CAE6F714A2EF3D4FDAE0308FDAE678AE723C3E7876F228E8B54F3F
SHA-512:	21B1D16C44CFB93C34CDE4D7A0D77747D63CFEEE66F12AAFE1810162CE4445A5B6FA3E4764FD349F209F18A8AF9D484D5B8D99BA01875BD10E62A1259A4FFF5D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.280000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000001..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-RE48O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5368
Entropy (8bit):	4.673060916341181
Encrypted:	false
SSDEEP:	96:IF+rq3JfcyT1lPtLFpf7mOv9tnHFMtE96FzTIEFYa4jj6QmnQCnyrCHFVPvHdFPZ:gmq3JfcO1FtLFpf7mOv91HFMtE96FXIQ
MD5:	1EF63A3C5D600A75687D4C6CE04434DB
SHA1:	B4754CC1EF9A8D240EB73330BAD72FB7226A24C8
SHA-256:	73A5C165711150156239445EFBA43D1C5900D1EF5625A0D1A25034DAC637E65E
SHA-512:	81476174249F8878305A810A179390D7366D3C9D9C90EBCA0E32C4620B3A6A295968C2BF67C6DCF0CF95F8C06391ACDDF73F00F26A83F80F0FC84D70E3BA0736
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=2.000000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001348..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.100000..ob_g=0.600000..ob_b=1.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-S3ULH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6980
Entropy (8bit):	4.870874498570461
Encrypted:	false
SSDEEP:	192:zx3JgX1LtFf7fn291HFMtE9vyI3c9FQLQ7yPry7IBvWdDlsvyFiGDqzBxazA03I/:dJgFLtFf7fn291HFMtE9vyI3cvQLQ7yD
MD5:	EECAF3957168D4B5AE8282409D7E69B6
SHA1:	3A3F2B4C754740ED3AE74C4131323726D1C28254
SHA-256:	4A05C45149607D312081AAAD7E4A196343EAF3E29081725601A188A28CDD9D0D
SHA-512:	8739DD1DE3A6F9B949D91E2846C6B89C3F3273E160ACDC92A5CF06931FC2C5C9DAEE258E78958C9736F94A5BCBE297D7333A9ED7A5A1EF684AF82DD0DFC26152
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.630000..fDecay=0.940000..fVideoEchoZoom=1.001819..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.155000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-SB92V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5183
Entropy (8bit):	4.932794407893161
Encrypted:	false
SSDEEP:	48:7SW9te8Z3Wu9+dM8yh6ADOK2WPvZTpkbL2nFdaMjolKMaM04ZXbru51q5rH0aqcY:d9DZ3sMPUJPMsyREN/aSd9T8YOr9
MD5:	76186A919F2A9670B5E3DA897526630B
SHA1:	B2E074F0D596E318AAE6C4B31C44C873F92E8A7A
SHA-256:	BB31F57AB5FF21BCD9139873A879E8AC16F9F0F2844E127A488F02CAF58E36A3
SHA-512:	D107726CA45240C4C99516902E5380F509A260FFAB6CFBF3019A35A3E31EC0AF28425B9A44F270B473A9582A4AF6C1E9C6D2984D5E34498C93516EEBA203AE3F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.0..fDecay=0.940000..fVideoEchoZoom=0.999996..fVideoEchoAlpha=0.0..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.0..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1.0..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.0..zoom=13.290894..rot=0.0..cx=0.5..cy=0.5..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.0..sy=1.0..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.5..wave_y=0.5..ob_size=0.0..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=1.0..ib_size=0.015000..ib_r=0.010000..ib_g=0.0..ib_b=0.0..ib_a=1.0..nMotionVectorsX=35.200005..nMotionVectorsY=29.760006..mv_dx=0.0..mv_dy=0.0..mv_l=0.5..mv_r=1.0..mv_g=0.910000..mv_b=0.710000..mv_a=0.5..wavecode_0_enabled=0..wavec

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-T1D4K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8547
Entropy (8bit):	5.05263928830524
Encrypted:	false
SSDEEP:	192:LOoKPa1vtDFn290HEttE9vUINa4jKTQLQ7OyrCIgvdFTd58kNvrFbGDqzwFDauFC:LOoKP4vtDFn290HEttE9vUINa4jKTQLj
MD5:	57FC0524EE7FB810A79FF5F6F82DC7E8
SHA1:	BFB2301329FCA1F5CF54460B181A376AA138A9CA
SHA-256:	54C0975DE91C2B8AB54353615069D11918326437F742E72B2A2F4C1174F1E32C
SHA-512:	E5671203CC29D9D8ED9C9BF63D9317622662A8ED7C240BC613EB639B9D72D76236F6E0B8096DC7B652D73809FA86B2F2BD45F00C1B8B653DCA531929D688FB39
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.940001..fDecay=0.900000..fVideoEchoZoom=1.000747..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.002906..fWaveScale=0.262110..fWaveSmoothing=0.900000..fWaveParam=0.173490..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.350000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.939900..rot=-6.139995..cx=0.500000..cy=0.500000..dx=0.001000..dy=0.005000..warp=1.508800..sx=0.999900..sy=0.999900..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.448434..wave_y=0.121660..ob_size=0.008955..ob_r=0.600000..ob_g=0.000000..ob_b=1.000000..ob_a=0.149900..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=1.000000..ib_a=1.000000..nMotionVectorsX=1.280000..nMotionVectorsY=1.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-T6CCL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6622
Entropy (8bit):	4.8449687615053945
Encrypted:	false
SSDEEP:	192:Tmq3JfNl1jtLFpf7mn291uFMtE9vmFtIEFYa4jKTQSh1FnyrCI9uivdFTd58wCvT:TPJfpjtJpf7mn291uFMtE9vmFtIoYa4E
MD5:	678108B2A06461E301900BCB0F5AA3BA
SHA1:	618256015DE249B38560EAA7928DB5AEE6080DF9
SHA-256:	2EFA57540AF254D18ACF1BDCD81FCDACC745A531F11F22F579511F9CF14E7532
SHA-512:	C007CF0E41A15FE860CBF0D25099942ADB7C146B9395E23EB40111EDDE2AC46B28A73E8EC0D8CA4082C1BB7D0863D4E51C52A0651136E29CA1B274E490FDD705
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.000000..fDecay=0.960000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.019788..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.110000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-TB8G8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5867
Entropy (8bit):	4.742381774107379
Encrypted:	false
SSDEEP:	96:89c3Jgc5Q1bPtdf7fn29tnuFMtE9v2TIUa7KTQLQ7nyrCIGPvHiLd58lsvyFiGDk:8W3JgEQ1Ltdf7fn291uFMtE9vGIUa7KU
MD5:	248133E149CF5C6F11B3473F2E73C4B2
SHA1:	28B5E787DFB116920FC8ED4E8EC93648E8D0A48B
SHA-256:	D0FE1D285A3A1940A81A1676859615A3F2A5208E23302642D2BAD4A108E4BC74
SHA-512:	407BF8DB56AB531059EA83FF88994BD6A95E1C7D7A026CA00A8537123A16A19F190465E2FBBEADE683E01FD48D3FCA3FF3838C1F7C7A3D717795AB40B0DB067B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.999996..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=1.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-TE7SE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	22388
Entropy (8bit):	5.1021707388352935
Encrypted:	false
SSDEEP:	384:/Afk/nBbTqjR3DQBttSAn290HEMtE9v/IoYa4jj6QSQCnyrCl1vPTd58kNvrFbGv:/AMftWNStAAn290HEMtE9v/IoYa4jj6A
MD5:	FA6F66EEEA06753C45EB3F35A33AF597
SHA1:	FA746B8A32E7D654A679A82FF67CE318ECE81B7A
SHA-256:	062B0E46D4E6F3798A5712FBCA31B679BE30D931C5301ACA069622BA643EC265
SHA-512:	FE6932A836F90AD461B3950C92DE834D660C39AF4C0F6351510C36B2C9BCD7075CD4A7BD35014E4623162C8B3BD9301D13AD53903A5CAF5075E0BF18042981DB
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.210000..fDecay=0.960000..fVideoEchoZoom=0.996629..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.105000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.055000..ib_r=1.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.200000..nMotionVectorsX=0.000000..nMotionVectorsY=43.199997..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-TS4RV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6980
Entropy (8bit):	4.878974740168832
Encrypted:	false
SSDEEP:	192:fW3JgRfhy1Lt5f7XO291uFMtE9vVIoaDKTQLQ7nyrCIjvdFTd58kNvrFbGDqzwFY:KJgRfhQLt5f7XO291uFMtE9vVIoaDKTE
MD5:	9CD96A41B8A26B8B77E593E4566FED21
SHA1:	27873DF5FC0855A47546C69965547DA8DFC6D5CC
SHA-256:	1362039D1FE42C1DD24EE69D4E1F715EF8B3C950A227556387DD9346255C7E32
SHA-512:	34C4EB1206FDECAD2F31217939AE3B55A4218DEB3B51FB200D519EEF17852BBD7A2AC83B722BB9355074F3CAB4D5C9D93AF6328C4936ADB32D5E1BE913CA20EE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.999996..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=1.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.030000..ib_r=0.000000..ib_g=0.000000..ib_b=0.800000..ib_a=0.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-VGQT7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5769
Entropy (8bit):	4.743662764805127
Encrypted:	false
SSDEEP:	96:g933JgcJgp1bPtHf7fn29tnHFMtE9vWTICaDK6QLQ7OyrCITnvGdFPLd58kNvjn1:gx3Jgyi1LtHf7fn291HFMtE9vmICaDKh
MD5:	68B634CD0E8192F530A7D4B41F475170
SHA1:	57A1FFDAD4E7D6D248500943FBDEA7630EEF18EF
SHA-256:	1294A762CD98EDB005187C3349595596B6CBD0AD303FDE159427B344899D4AA5
SHA-512:	96CE24AEE7454486B03DD0DBEE1C844CB3E458D01CE45E297408AFA773D6DF9A5557AB7207C106A9BF96F8FF8DA39F86262E8452C7D9E58E9E8A7D66710B2A85
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.999996..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.015000..ib_r=0.010000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=35.200005..nMotionVectorsY=29.760006..mv_d

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-VKPMB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7957
Entropy (8bit):	4.9377146575333795
Encrypted:	false
SSDEEP:	192:IW3JgRfh/Yt1ut5f7XO291uFMtE9vVIoaDKTQLQ7nyrCIjvdFTd58kNvrFbGDqz6:xJgRfh/Yjut5f7XO291uFMtE9vVIoaDc
MD5:	20A71D6A044C9FF2E1853D36DC62F082
SHA1:	64124BB16C5735E94E83A501D8710CCF81323F41
SHA-256:	A0165CAC56F03A83EC7F7213AF1C1378EDD3EE0A034672714ED714C23CE4C9AA
SHA-512:	C9F34159B6180C8510976ADF358E65B4ADB358A934F891B00A168909FE105B773E2D5143F3B264E62EDA9568EBD7E9AE426C5E3EE4A4EF2631D8CADBDE646F2F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.999996..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=1.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.030000..ib_r=0.000000..ib_g=0.000000..ib_b=0.800000..ib_a=0.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Eo.S\is-VVLRI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18668
Entropy (8bit):	5.042380547234728
Encrypted:	false
SSDEEP:	384:xAfrQKosRtnf9n290uEMtE9vpIoYa4jj6QSQCnyrCl1vPTd58kNvrFbGDqzkDaOL:xATQKosRtnf9n290uEMtE9vpIoYa4jjL
MD5:	65863C9F2E603E8D9372606CD5D17652
SHA1:	75A650B1A01416F260544DF340131C17A9CEC810
SHA-256:	54FBAC09D8345D4FAF0473341034AC7B03D61B26F6D453A027085379A28B6F18
SHA-512:	32EF9D6B494F49E4C5C6818C831976EA823DE8DC036A888DA854988E681AD257D83DC2B28FBEFED1F584BDD578B4E8AA78A20CA585BD84B3CF836617E0571E5A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.011726..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=0.037492..fWarpScale=0.014889..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.033004..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.400000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=3.000000..nMotionVectorsY=2.000000..mv_dx=0.02

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-123KU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7625
Entropy (8bit):	5.058085463103481
Encrypted:	false
SSDEEP:	192:rJWX7c1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDL:rJ0yFtJpf7mOv91HFMtE96XIoYa4jj6U
MD5:	299CBC792E53776DE2C4F29A298966BE
SHA1:	933899E502D1CB21D0C228128DBCBBC64F648DF6
SHA-256:	37FB9F625D4150299451A46B656D9019B3268BC880E4E513C7AAFB899ED5D4C3
SHA-512:	9D0BF460C17C349127A15B082252E239041238C5EB08A45B1A425F53C39B871582EC51B319694F3C397BD52CBC31921AAFE61B5CAEC8CEBE001DEC90E8E3CBAC
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=2.700000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.496230..fWaveScale=4.695139..fWaveSmoothing=0.495000..fWaveParam=-0.140000..fModWaveAlphaStart=0.670000..fModWaveAlphaEnd=0.970000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.007964..rot=0.020000..cx=0.499999..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000156..sx=0.999667..sy=0.999900..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.630000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-24HRR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7542
Entropy (8bit):	5.176792557366809
Encrypted:	false
SSDEEP:	192:rpVEX+y5qq6nL9RdAOgwZnbXmYCK17dF2g2ZtXtbtptmEN:rpttL9RdAOgwZnbXmYCa7dc7dBn/N
MD5:	7F54E0E5172B2F065C1A02E3F5638C7F
SHA1:	0C4BF4E5CB9A99A53465D976C993C989E165D634
SHA-256:	D7D375D0A295248553A3C3082410DD6992FF4C96FE150973523E624729431C52
SHA-512:	3EDE4E6C47EBB5E1F2889BBC96705D9A198E5172951C954389324B018FE62F32395C1FD75DA703A00B1EDCF3C94EF9C3AC2FE13F00B26B4F0B56F85FE49A33B4
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=8.200..fWaveScale=3.228..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=1.050..fModWaveAlphaEnd=1.650..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.20500..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=0.800..wave_g=0.800..wave_b=0.800..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.90

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-2R3EF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8701
Entropy (8bit):	5.153431498351785
Encrypted:	false
SSDEEP:	192:rbMzyP5qq6J9RwyAOgwZnbXmYCKXFhZeHj4Or6spaK0WF+uMoBFC2pqH:rbmh9RpAOgwZnbXmYCuneUOr6hK0C+3j
MD5:	27BE86B66FBF82D3C997C6C962B5EFB2
SHA1:	E3C20BFE1DDF00379214862E11124B56EB5005B6
SHA-256:	D5F4F432CE5ED5913E417B8922FF59A53214F3204AA64DCDB967D911F10DF378
SHA-512:	23F531BECD860F3F3952DDD2E1664E26B62D4BC4AAA55D7DB638DF8FB1D5703530A715F7366E2EDD69277540EF2D4E84DFCDC882A826D54AE139390B0F90F379
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.433..fWaveScale=2.620..fWaveSmoothing=0.270..fWaveParam=-0.080..fModWaveAlphaStart=1.030..fModWaveAlphaEnd=1.610..fWarpAnimSpeed=1.729..fWarpScale=2.108..fZoomExponent=1.64463..fShader=0.000..zoom=0.99901..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.45599..sx=1.00000..sy=1.00000..wave_r=0.600..wave_g=0.800..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.500..ob_b=0.450..ob_a=0.260..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-5P0OV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7452
Entropy (8bit):	5.167896393752525
Encrypted:	false
SSDEEP:	192:rM8Uy5qA06nL9RdAOgwZnbXmYCKqeg7UVwo392nvAhBd2J:rXU+L9RdAOgwZnbXmYCLeg7Um1vAjd2J
MD5:	1E397393F3F677BDC2FBE691D9C789B8
SHA1:	0CE95B23A82E16658B6C04D47E90F5C77AC8CF7C
SHA-256:	4F9D0EB5F31E3700426361B0C775527199D8EB5FF9BD6E579DC050C89DA4A083
SHA-512:	AA0BA0F91D8BB2789DF1113AE2EBFB1B20F87AF0C297128A280F912D83020385F16EAE679BEA175450E9631B07967B565ABAA6D10056F9AEBC2340C673B52EA5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.200..fWaveScale=3.587..fWaveSmoothing=0.900..fWaveParam=-0.280..fModWaveAlphaStart=0.970..fModWaveAlphaEnd=1.670..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.06500..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01459..sx=1.00000..sy=1.00000..wave_r=0.700..wave_g=0.650..wave_b=0.700..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=31.200..nMotionVectorsY=2.280..mv_dx=0.000..mv_dy=0.000..mv_l=2.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-6QM36.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6858
Entropy (8bit):	5.190748481593892
Encrypted:	false
SSDEEP:	96:8+eMxoYRg5qiyhXSqlnDN/wGd9TtNH+jlgngvuxZE3pUHTDBJOIJ2JDjiB:r5S5qiyD54h2HTDDOo2Jvw
MD5:	4C1BF57F1E984EFBE31EA588FAF91DAC
SHA1:	99AFC5DB63C799373A16EDA2F985FB1A4781754A
SHA-256:	EAF98FB37F99072E96B49002A0F1D3ADC29F5B8DF745EE325F821C614BA196E5
SHA-512:	B810FFF03FBE9262160993D6CBF513E3B1F675C91D53DB5EC1A987162BD849CD7C8468DA1D60B6C3C60B041962BD65F8D76F6DDFF83FDDCBA2269F9C8F47F220
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.347..fWaveScale=1.910..fWaveSmoothing=0.9..fWaveParam=-0.1..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.0..fWarpScale=3.138..fZoomExponent=1.0..fShader=0.0..zoom=1.02225..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.00054..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.5..wave_b=0.3..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-8SVCB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7384
Entropy (8bit):	5.085125308259153
Encrypted:	false
SSDEEP:	192:rsKrjy5qq6nL9RdAOgwZnbXmYCKpuvikAar2fUUu:rsKrjlL9RdAOgwZnbXmYCyuK1av
MD5:	8C69B8D5404F8BAA9C97767ED2A1AFAA
SHA1:	A2CD4C7C504F7B2C9C526B9AEC9703B6BE0F29B9
SHA-256:	D58A299E4D629F43D0633BAC59647E5902BA513A0464A695B43B487B7965A612
SHA-512:	AF467EC1343FA1ECFABDC6618C15614A270FB74C2998144A6C9CDF2C3630232FDE8F84B22D007BE8253DAA954EDE1C994679AB08A262AF2366A2C48B27C40814
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000..fWaveScale=3.630..fWaveSmoothing=0.900..fWaveParam=-0.300..fModWaveAlphaStart=1.150..fModWaveAlphaEnd=1.550..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.96971..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.600..wave_g=0.600..wave_b=0.600..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-98G0O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9046
Entropy (8bit):	5.1562613926186645
Encrypted:	false
SSDEEP:	192:rwAzD05qq6d9R6lAOgwZnbXmYCKXFJZeHj4Or6spaKMeFAgTcW2pqH:rwAZ9R6lAOgwZnbXmYCuveUOr6hK51co
MD5:	4645C84ACB1C2060ED5F5CD0FA14FE4E
SHA1:	B7DA5E58746B7C0843B1E3E4272338AE42BD3E75
SHA-256:	571948BF6D82F79A4679518223489744ACFFC690FA4D32C6256D08383B24BC78
SHA-512:	3D68FC442C8B0342B19B6726830BBF1BAA8264E9D4C78F1C83D183B60EDC4F2BBA3F99BB110262B36C0E02E3B726FC5156F48488BCD3789DAB35C8447C567AE9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.433..fWaveScale=1.910..fWaveSmoothing=0.000..fWaveParam=-0.080..fModWaveAlphaStart=1.030..fModWaveAlphaEnd=1.610..fWarpAnimSpeed=1.729..fWarpScale=2.108..fZoomExponent=1.64463..fShader=0.000..zoom=1.01901..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.45599..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=0.500..ob_b=0.250..ob_a=0.160..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-ADGLP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7259
Entropy (8bit):	5.203956456235577
Encrypted:	false
SSDEEP:	96:8+eMxbQDRg5qiyhXSqlnDN/wGd9TVLBvuiVKx3KH7ltMfaKgJQqJ4YJ2Kt:rqDS5qiyDJFyaH7lt+aKgL32Kt
MD5:	ECA5498E87321B153F7D247BE05D5656
SHA1:	45B8C1D712411CC596DA5B70C5D8633585F0E4CB
SHA-256:	E01A4315B9D99CAB21EA1FB97041955EB5E3605FBC98073DCF875F631A03AF64
SHA-512:	4885A6976B377DF67856559E6E10E23BC753A22D5FAC027E3EAB8BD50388E1A7B67DC6FAD83B057207AA36DE01F1E599612B7D7ADEF866CA7AD2AA126DCF6C3C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.0..fWaveScale=1.015..fWaveSmoothing=0.522..fWaveParam=0.0..fModWaveAlphaStart=0.830..fModWaveAlphaEnd=1.310..fWarpAnimSpeed=30.965..fWarpScale=2.572..fZoomExponent=1.0..fShader=0.0..zoom=1.00901..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.00054..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-EH2R5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5956
Entropy (8bit):	5.135035042936439
Encrypted:	false
SSDEEP:	96:8+eMxOMRg5qiyhXSqlnDN/wGd9TOV8E6uvTvqbJc3tJ2R:rjS5qiyDae1cH2R
MD5:	03DB00E4C0BE20AE0A3892F93B608C27
SHA1:	739F7B73F2B3A060CFD5D4F83E7154C1C0A34BE4
SHA-256:	A4E817AE36245EBDE6CCA417A3672CCB2B1A3209CE1262C5AF005C7E10A2A0B9
SHA-512:	F5958DA2C267D7DA009F1C003CADB4B1B4F9389C09DA32D8E0A1739E5749A127401725CD68BEE34461E5777446E2035305D13579380056085E49A1C06253D86A
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=2.7..fDecay=0.980..fVideoEchoZoom=2.0..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.714..fWaveScale=1.139..fWaveSmoothing=0.1..fWaveParam=0.0..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.0..fWarpScale=1.331..fZoomExponent=1.0..fShader=0.0..zoom=1.00400..rot=-0.01400..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.02944..sx=1.0..sy=1.0..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-FKS89.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7827
Entropy (8bit):	5.169903861154557
Encrypted:	false
SSDEEP:	192:rX+Ay5qq6nL9RdAOgwZnbXmYCK5FyaH7lt+aKgLH2veuZ:rOAtL9RdAOgwZnbXmYC4F1xthKmTuZ
MD5:	DEB540C03852492682B1FEE77BFF6D08
SHA1:	B55DDC4F7D2159D8B21C1CFA1F89EBA59F396C26
SHA-256:	B9F79EAD08DB7D8EB59E8AD9639CAD115D2E5B739EF6011FEA99BA0B71486594
SHA-512:	6AADAE4AEE900BE43EFA55B2F882F4C898C20433F5D9F095535CFBEB1968CDADE9C38459842DC057504B4C19A37AFBE7B777721715FB68FDDBCFBF21ABF3AFB6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.000..fWaveScale=1.015..fWaveSmoothing=0.522..fWaveParam=0.000..fModWaveAlphaStart=0.830..fModWaveAlphaEnd=1.310..fWarpAnimSpeed=30.965..fWarpScale=2.572..fZoomExponent=1.00000..fShader=0.000..zoom=1.00901..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00054..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-FLPM0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7457
Entropy (8bit):	5.225970702398186
Encrypted:	false
SSDEEP:	96:8+eMx2QDRg5qiyhXSqlnDN/wGd9TVLBvuiVKx3KH7ltMfaKgJ5k9vgEOy7bF4hok:rNDS5qiyDJFyaH7lt+aKgKSEOqb42p+
MD5:	8F818BC79B987B472199DB8C905B0F72
SHA1:	88A00A4C738B3A6D850377101EC45040A2B18FB1
SHA-256:	6FC6C3EC141C0BAC4CC14882366F05FE02527361F5284510828540BDEA652CB4
SHA-512:	4B675D8115A64B41BDFE2B78DF3170078A7D60F27797AEAF9855E8BA9F3623A2C5503932BB11EBD1998D86A29EF4859E4E47127393A3649A79F5407BF25D76D3
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.0..fWaveScale=1.015..fWaveSmoothing=0.522..fWaveParam=0.0..fModWaveAlphaStart=0.830..fModWaveAlphaEnd=1.310..fWarpAnimSpeed=30.965..fWarpScale=2.572..fZoomExponent=1.0..fShader=0.0..zoom=1.00901..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.00054..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-GTAJC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7217
Entropy (8bit):	5.169481328896456
Encrypted:	false
SSDEEP:	192:rHy5qW6nL9RdAOgwZnbXmYCK76m2ZtXtbtptmEi:rH5L9RdAOgwZnbXmYCjZdBn/i
MD5:	8BCEC2C585171A3D4451F9F4120E1584
SHA1:	BF634C1DF5149D521F2CA6F9127523E9BE2E367B
SHA-256:	3F7C7D0F6F55CF9E01732FE29F8486F073EFAE2C0914CB70AB85D7EB79BDA8A8
SHA-512:	B2971096B52B5A27F50D86D9F4EBC765F69FB34E61786D2E70537982347BF10EA7028E9BB767BD055EF070CF3990C50CF0554EA30FC67870BEFDE460776B2E5C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.000..fWaveScale=0.900..fWaveSmoothing=0.630..fWaveParam=1.000..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=1.00400..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.19788..sx=0.99967..sy=0.99990..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=48.000..mv_dx=-0.941..mv_dy=0.426..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-GVN9T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16703
Entropy (8bit):	5.200189151053453
Encrypted:	false
SSDEEP:	192:rz+75qCWBpX4zvCSI73qRSHD3OhsYCQYNbH1qGeVqWyX2L:rCMfSvCH39HD3OhsYClH1dWyM
MD5:	43D140EBBDABA18864A48A88F01DE5F1
SHA1:	AF611ED1575E0CFCD7DEE4EBE9F8E27F3CA54BB4
SHA-256:	7F1B355BAE8B18B09161597521B0A1C1C7F6A7B227F111DA3ACA92425721240D
SHA-512:	F784449E83616986B004E89264DFD009D13ADC78859E24DC214F2E6A25B598E4F5F11E71031387F21B45C23189943C60353D1D02D6035C828986378249FEBCEE
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.925..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.459..fWarpScale=2.007..fZoomExponent=1.00000..fShader=1.000..zoom=0.99990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99990..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.015..ob_r=0.000..ob_g=0.000..ob_b=1.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-J845N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6901
Entropy (8bit):	5.197000217446164
Encrypted:	false
SSDEEP:	96:8+eMxSutRg5qiyhXSqlnDN/wGd9TPGkIm+7JTrEy/GJfjhWaijzHJ2YLqbm:r5S5qiyDB+07hq2MB
MD5:	54EE4710896F9F0061279DC97173B7AB
SHA1:	A55DA5F4D1EDEBDB5501271458E4390B818A8FB4
SHA-256:	2087A6E698233CAE874AA43221C5C519533D5E9EB07D6ED5EB5E242FD21352CD
SHA-512:	EBC59C60F6772819FC6C42007918A9DE1BF40A5B10CE4FFC234619410C8599B56350A89D9F6B18845D774725E8E98059D3D3B56F5DE024B548BEE296F74E0702
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.993..fDecay=0.980..fVideoEchoZoom=2.0..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.101..fWaveScale=1.326..fWaveSmoothing=0.7..fWaveParam=0.540..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.0..fWarpScale=1.331..fZoomExponent=1.0..fShader=0.0..zoom=0.95400..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.23944..sx=0.99967..sy=0.99990..wave_r=0.510..wave_g=0.8..wave_b=1.0..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-JAEPR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1161
Entropy (8bit):	5.335291041393796
Encrypted:	false
SSDEEP:	24:D/xg2cH3tdM2f4QCcGCDsx4EvNGboUMUSeNPOAa:jQXdQaoOoUNx1Ob
MD5:	B8C3B004D2C4CD8CD5C8D5FF4AC2C024
SHA1:	DB86AB1B83150C16B62B9799B475001022CED7CE
SHA-256:	17E3A43EE0FA6BE5B0320F3F57A0C281F5BE3C4EF3B8D3EAC48B54734C0DDE49
SHA-512:	1A5D4CAF0A9A16A478953F09DC3E5080A763698FE88EB583457B9EE96F4221698BAAE38421AC5A1628001E53290D2F6B8E73209341B63194635F3A2B22BDB216
Malicious:	false
Reputation:	low
Preview:	[preset00]..fGammaAdj=1.5..fDecay=0.98..fVideoEchoZoom=1.010137..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..fWaveAlpha=2.5..fWaveScale=2.202..fWaveSmoothing=0.7..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=2.853..fZoomExponent=1..fShader=0..zoom=1.031..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1.196462..sx=1..sy=1..wave_r=0.4..wave_g=0.6..wave_b=0.8..wave_x=0.5..wave_y=0.5..per_frame_1=wave_r = wave_r + 0.300( 0.60sin(0.933time) + 0.40sin(1.045time) );..per_frame_2=wave_g = wave_g + 0.300( 0.60sin(0.900time) + 0.40sin(0.956time) );..per_frame_3=wave_b = wave_b + 0.300( 0.60sin(0.910time) + 0.40sin(0.920time) );..per_frame_4=zoom = zoom + 0.013( 0.60sin(0.339time) + 0.40sin(0.276time) );..per_frame_5=rot = rot + 0.040( 0.60s

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-K3RRM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1900
Entropy (8bit):	5.351605628328551
Encrypted:	false
SSDEEP:	24:ynMoIg2cH3V/D14QCcGWYDsKYC61uhGRz7M+RQ0L/Zvuu0ORT6xAENe0h3ouVsKl:To1ikWDlMz7jXLBvuu0OV6x3Ne0KisfQ
MD5:	7AC794E107904A417C2BEB94D2D55482
SHA1:	2F449F6C46E4004765D93031D1E8A472FBC68175
SHA-256:	AB750880D98E56F9466CA0519C64323BED5D8989D92DAE528FED2558A5C61AC5
SHA-512:	987E10923859175702E104A0E60CD07E21FAFFB690EC0DD27242134C01D6965CAE49E3FE8893ADDC6F735F6EC03FA029426997456E4D81B70C7F3AAD924DDCC7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.9..fDecay=0.98..fVideoEchoZoom=1.16936..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.299999..fWaveScale=1.694..fWaveSmoothing=0.9..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=3.138..fZoomExponent=1..fShader=0..zoom=1.053..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.263..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.8..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..per_frame_1=wave_r = wave_r + 0.650( 0.60sin(1.437time) + 0.40sin(0.970time) );..per_frame_2=wave_g = wave_g + 0.650( 0.60sin(1.344time) + 0.40sin(0.841time) );..per_frame_3=wave_b = wave_b + 0.650*( 0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-KA8RB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2035
Entropy (8bit):	5.282480259186075
Encrypted:	false
SSDEEP:	48:SNdiRqun4HVGfHZpfoOkf6P+fpYv9eFuSCgnRvk:KIF41q5doOE6GfpYv9lSCgny
MD5:	DFC4726DB6F47F692B0ABFFC67020A11
SHA1:	1D871E2D5D1B9B53ED1BD0AA350E129F5BFF60D1
SHA-256:	84A9E2FB3CC3E0A902A1816EB05F686CBC0780C06F6371220CFD1B27AC866B7D
SHA-512:	D61924E93B012EC0C38BD0A21E2195265FFDDACCDFCDFCCBD4C0F63E85D7B6B79A2A001F7516435BD4A504BC61F02D46CFEC2725DE6D3694E36BDCEAD8472D23
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.994..fDecay=0.97..fVideoEchoZoom=2..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.499998..fWaveScale=1.524161..fWaveSmoothing=0.9..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=0.334695..fWarpScale=3.928016..fZoomExponent=2.1..fShader=0..zoom=0.961..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1.771011..sx=1..sy=1..wave_r=0.65..wave_g=0.65..wave_b=0.65..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=0.5..ib_size=0.0285..ib_r=0.34..ib_g=0.34..ib_b=0.34..ib_a=0.1..per_frame_1=wave_x = wave_x + 0.2900( 0.60sin(2.121time) + 0.40sin(1.621time) );..per_frame_2=wave_y = wave_y + 0.2900( 0.60sin(1.742time) + 0.40sin(2.322time) );..per_frame_3=wave_r

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-KTPSS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1428
Entropy (8bit):	5.297225528367111
Encrypted:	false
SSDEEP:	24:XIWNadgfeig4QCcGff6YC6uH3KKp6a+ZFZogGGFZZGMpFZzueCPx1Sv/ZvDvupys:nuiHs/hUaSfomfkkfymBvTuWi
MD5:	6205405FD6940579E0FAB747B31D89C6
SHA1:	CFFC0823650B46E6109C6B0D3E7A84CC24263BF0
SHA-256:	9AF5815D87171D8282C6FDC1BCE0B76F5CA1631A8C4C02D8E20D5941F7C7B1BE
SHA-512:	28FAD6DB12D854408B59AE3935B378E4E6512D0D38AA869D6CCE6AE1B98D931335D7F408B338C57A8C6FC0C656ED4DF66990DBBBCF3F67DEB4FB12527E1AFA5D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.8..fDecay=0.98..fVideoEchoZoom=1.289..fVideoEchoAlpha=0.4..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.794075..fWaveScale=0.387..fWaveSmoothing=0.4..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=3.4..fShader=0..zoom=1.042..rot=-0.02..cx=0.5..cy=0.5..dx=0..dy=-0.01..warp=0.122..sx=1..sy=1..wave_r=0.65..wave_g=0.65..wave_b=0.65..wave_x=0.5..wave_y=0.44..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=12..nMotionVectorsY=9..mv_dx=0..mv_dy=0..mv_l=0.9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=wave_r = wave_r + 0.350( 0.60sin(0.850time) + 0.40sin(1.007time) );..per_frame_2=wave_g = wave_g + 0.350( 0.60sin(0.705time) + 0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-KVO9A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6356
Entropy (8bit):	5.165525684825185
Encrypted:	false
SSDEEP:	96:8+eMxq2ZrRg5qiyhPSvlZDN/wHd9TtMPjXLBvuSV6x3KHL/tclJPSFnJcG9:rJrS5qiyTE1CaHL/tSqn99
MD5:	3EDB6BE2395AEA2B0F33EE0FE9E05C2A
SHA1:	2AB76EDDDC5BF2B58391872A250F5EB3BF8231AD
SHA-256:	EFA326DA63A27ED636C61109C3815FBCF6C7795FB408BA71EA3A3113E3C2D7C6
SHA-512:	B3BB63FB8DDEAB263714DF364153E2EA429928C223860ADC87BF23E6A3198537A655BF881724230C667ED9004312F097AC550ACAD3418F44F24FD4AE278F5E2B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.003..fWaveScale=2.911..fWaveSmoothing=0.9..fWaveParam=0.0..fModWaveAlphaStart=1.210..fModWaveAlphaEnd=1.590..fWarpAnimSpeed=1.0..fWarpScale=3.138..fZoomExponent=1.0..fShader=0.0..zoom=1.06300..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=-0.00500..warp=0.00054..sx=1.0..sy=1.0..wave_r=0.830..wave_g=0.8..wave_b=0.8..wave_x=0.5..wave_y=0.350..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-LBA1M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7496
Entropy (8bit):	5.245542171640505
Encrypted:	false
SSDEEP:	96:8+eMxruVtRg5qiyhPSvlZDN/wHd9TtMPjXLBvuSV6x3KHL/tb7wJOe9bhQTOyUbm:r9gS5qiyTE1CaHL/tg9XmOJA6z23t
MD5:	25BB9B2DCC9250A0F63E00EABCD8B0D3
SHA1:	828FC8D3F09D8BB977063E66572F4127C6A29C5D
SHA-256:	B47CB51F783DE9FF0D136D208733B5AF68F000E24FE42D638DD50C283A2CB928
SHA-512:	5F7F6AF67DB70540E0772A4C3D28B00CBFCD248DC7F58C21CF0F6EE4D80C078A6751ECCFA116416F8E24BE52991E24E506DB441F7FAE5E7D03552ADD7B66221D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.4..fWaveScale=3.235..fWaveSmoothing=0.729..fWaveParam=0.0..fModWaveAlphaStart=1.330..fModWaveAlphaEnd=1.410..fWarpAnimSpeed=1.0..fWarpScale=3.138..fZoomExponent=1.67769..fShader=0.0..zoom=1.24300..rot=-0.06000..cx=0.5..cy=0.5..dx=0.0..dy=-0.00500..warp=0.46911..sx=1.0..sy=1.0..wave_r=0.830..wave_g=0.8..wave_b=0.8..wave_x=0.5..wave_y=0.620..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-LNU6D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6645
Entropy (8bit):	5.169770870057684
Encrypted:	false
SSDEEP:	96:8+eMxk/WgwchPSvlZDN/wHd9TVLBvuiVKx3KH7ltK4JQq04jJ2xm:rcWXcTJFyaH7ltjLH2xm
MD5:	03D49064AB36F31EB15EDF8EC52B234D
SHA1:	1453F456CED3AEC8A79CE3BC5915EC71A769A3F4
SHA-256:	55AB79B2C0DE984AAC31682A60F4B9BAB29932D0952BEC63E4872B68200458AF
SHA-512:	00EB270BA4FBCF728B9976EB6C6537BF47C9F5D9A2097351C0208AED5260E5559AFC599AED03D5323CE3D70DF8F10FEBD9B5C6354C1DF7A01145AF99B600D888
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.9..fDecay=0.980000..fVideoEchoZoom=1.169360..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.0..fWaveScale=1.015009..fWaveSmoothing=0.522000..fWaveParam=0.0..fModWaveAlphaStart=0.830000..fModWaveAlphaEnd=1.310000..fWarpAnimSpeed=1.0..fWarpScale=3.138000..fZoomExponent=1.0..fShader=0.0..zoom=1.009006..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.000536..sx=1.0..sy=1.0..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.010000..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-MPI46.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6712
Entropy (8bit):	5.163039452183452
Encrypted:	false
SSDEEP:	96:8+eMxGoQkWgwdgs/ahPSvlZDN/wHd9TOD8E6uvTnjujXJfql41J2mapb:rXQkWXdgs/aTuLjA5ye2hpb
MD5:	76BE5F13DDFE07C30E29095113B7D02D
SHA1:	97A262E10768EF58D27F1AF24672FB92A0B41B4B
SHA-256:	5FC6FA7CC32741180EF1E30107DBF0A15141D3DDE462AE2147F945E431BD1D87
SHA-512:	7A4ACAE6D09FB768B2DA5E7C2C19BD75B85ED8BB09CD7D44E6CCD05E564B360B069F87A229C57F6643D8B72CD834F2FFB3440482316579255D123BFD72C5EB48
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.0..fDecay=1.0..fVideoEchoZoom=2.0..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.207218..fWaveScale=0.397108..fWaveSmoothing=0.0..fWaveParam=0.240000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=1.170000..fWarpAnimSpeed=0.451118..fWarpScale=3.039840..fZoomExponent=2.194764..fShader=0.0..zoom=1.029709..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.098617..sx=1.0..sy=1.0..wave_r=1.0..wave_g=0.999999..wave_b=1.0..wave_x=0.5..wave_y=0.5..ob_size=0.010000..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=64.0..nMotionVectorsY=48.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.0..mv_r=0.350000..mv_g=0.350000..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-NM2IH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7115
Entropy (8bit):	5.2201138733978025
Encrypted:	false
SSDEEP:	96:8+eMxLOJRg5qiyhXSqlnDN/wGd9TGHoavu8GZ3pHP2A2y4ut29Rl4CJ2en:rMJS5qiyD0fY5HP2A2yltkRl2e
MD5:	C836282807271C698EE77705B9F6C5F1
SHA1:	C0B4CAB867FDB93D77D92B3D541DFB7D1D39231B
SHA-256:	5826EE8B905B2995B6EE91AFCE651D592EC4E078760D9AB25C72050042FEA194
SHA-512:	374F831B793135AF38AD4820B43AC414FD163EBD722FA489834337029DCE56060A8025F0A2504432A286E405E5C78AD19A15ED538AB5EFACB2A0D5FF66FE978C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.3..fWaveScale=2.122..fWaveSmoothing=0.333..fWaveParam=0.0..fModWaveAlphaStart=0.990..fModWaveAlphaEnd=1.470..fWarpAnimSpeed=1.0..fWarpScale=1.503..fZoomExponent=0.13267..fShader=0.0..zoom=1.01489..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.04750..sx=1.0..sy=1.0..wave_r=0.710..wave_g=0.690..wave_b=0.680..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-V6G3D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5403
Entropy (8bit):	5.0810977592160915
Encrypted:	false
SSDEEP:	96:8+eMxsHCHWgwdgs/ahPSvlZDN/wHd9TOD8E6uvTnLJfnl92J234vT:rKHqWXdgs/aTuLlvTG20
MD5:	E0284BDA1C3D8112B5C64D30EFFF7EEE
SHA1:	030AAB40DABE1EF08401C9ECE2D750E5F8659062
SHA-256:	76E463CA84F4C2207BC7D05AF706527D5A6FE23012BC2B1E2E67D81D17D100CA
SHA-512:	1BC6B9718C9553B246F00D403DF7297BD37DC37691E80AC490526E98A85EA5417BEB850E65FB27611000C829E4E378A4C1614F5F4CDA574CB72F56088EBE91DD
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.0..fDecay=1.0..fVideoEchoZoom=2.0..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.0..fWaveScale=3.266313..fWaveSmoothing=0.207000..fWaveParam=0.0..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.0..fWarpScale=1.331000..fZoomExponent=1.0..fShader=0.0..zoom=0.999710..rot=0.0..cx=0.5..cy=0.5..dx=-0.005000..dy=0.0..warp=0.000001..sx=1.0..sy=1.0..wave_r=1.0..wave_g=0.999999..wave_b=1.0..wave_x=0.5..wave_y=0.5..ob_size=0.010000..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=64.0..nMotionVectorsY=48.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.0..mv_r=0.350000..mv_g=0.350000..mv_b=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Geiss\is-VF05A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7111
Entropy (8bit):	5.217854671548224
Encrypted:	false
SSDEEP:	96:8+eMxt7YJRg5qiyhXSqlnDN/wGd9TGJoavu8GZ3pHP2A2y4ut29Rl4CJ2en:rEJS5qiyD0pY5HP2A2yltkRl2e
MD5:	42987426C584FB926B310AE7D653FAC0
SHA1:	1F051FC36E739B740D9038E3C2AE6361851A56B8
SHA-256:	8BFDB9AA393A5BB569B05ABF368EC1E2E6C4A64A9CBCC0DB2D539F3A7F381A93
SHA-512:	BEB281D3B22B59EDA95F3E34DA13EDD32218F943C085A3A93924F4DD111A7AE985C22FE16F311598514B1A7977CF1BB5A75FBD340771285917FE0C9CD8DB27A0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.9..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.5..fWaveScale=2.122..fWaveSmoothing=0.783..fWaveParam=0.0..fModWaveAlphaStart=0.990..fModWaveAlphaEnd=1.410..fWarpAnimSpeed=1.0..fWarpScale=1.503..fZoomExponent=1.0..fShader=0.0..zoom=1.02300..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.04750..sx=1.0..sy=1.0..wave_r=0.710..wave_g=0.690..wave_b=0.680..wave_x=0.5..wave_y=0.5..ob_size=0.010..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..b3n

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-1L27E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5329
Entropy (8bit):	4.920324675528838
Encrypted:	false
SSDEEP:	96:8+eT6MgdocR5hV/3Vk910AOg29vDPhnbnv4qmYzmKlT1yB5ojlqhh:rPdoo5ze9yAOgwZnbXmYCKEqghh
MD5:	8B3BF2FFDB594108AC0CD0E879F81DC9
SHA1:	C5DAB32A08F427E8EC1470D8FFA55A0BDFDD8A43
SHA-256:	E9BD974E4DC3254F2941E283F1CD3876FFAA581742BE8531BF484C1CA45932EF
SHA-512:	68C0AD5E3BCA9D1479DA7745E1C3703BCFE08D2754CD966F73B9C2EBB8C7481E69F6E7AEBBAA3EB2E0AF7E64C0B2CD1E756B6B2A4563C679ABA1F25B6820C363
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000..fGammaAdj=2.001..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.029..fWaveScale=4.687..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.200..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.274..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99941..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.000..ib_a=1.000..nMotionVectorsX=12.800..nMotionVectorsY=14.400..mv_dx=0.000..mv_dy=0.000..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-64HVM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8747
Entropy (8bit):	5.121091786641399
Encrypted:	false
SSDEEP:	96:8+eMxu227kneprcK9piupp60np1JT9BOOa298qhnEq/NzYzAqP2Y0PCcJt78JJ2v:r42GkncmU60t9YOa6nHpYsyHyC0J8r2v
MD5:	AA18D3734D6D8BE79DB673D9B8CF69B8
SHA1:	26959E5693CE44F9ACF3008E439205EE807282DF
SHA-256:	13AB482830F7655E41B813753A6A7203CF1BED7BDE976530566F5C09701183B5
SHA-512:	C37E51C0E403F79F6A0B11649FB2248DC252E4CB2B783DA2495A502C0E9A86EF3925010DBB2589FCAF77AEDDF64214A039776E95BA806E3B22EFF3C5164432F6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=2.750..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.280..fWaveSmoothing=0.900..fWaveParam=0.060..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99980..fShader=0.000..zoom=1.00960..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.32545..sx=1.00000..sy=1.00170..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-667M8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5407
Entropy (8bit):	4.933811593786043
Encrypted:	false
SSDEEP:	96:8+eT6MgdocR5hV/3Vk910AOg29vDPhnbnv4qmYzmKlT0yB5Ialohh:rPdoo5ze9yAOgwZnbXmYCKtzuhh
MD5:	FF0991FEF0DE31CD757503D2B2D812B2
SHA1:	080D6E64F8D3E9DC641052A655A76AAD4C883679
SHA-256:	14E5DEF3E3DAC2DE052B396ADBD514413DD86B396009D9930C17475C34316EA8
SHA-512:	B125D19E8807D96AD95DF4BB6CD14F062B5A9FFAA42C80C2E02F70337317F69833C4965FED75FBC68BCA601480DC9086F0B9B47BC77BA45246EBFA0CCDD21457
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000..fGammaAdj=2.001..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.029..fWaveScale=4.687..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.200..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.274..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99941..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.000..ib_a=1.000..nMotionVectorsX=12.800..nMotionVectorsY=14.400..mv_dx=0.000..mv_dy=0.000..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-67UST.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5541
Entropy (8bit):	4.9633383283791295
Encrypted:	false
SSDEEP:	96:8+eT6O+h9fcf5dss50AOg29vDPhnbnv4qmYzmKlTJFvvz2J2BQK9:rs69fW5dnWAOgwZnbXmYCKlHzG2OK
MD5:	C23494098C2B5950B1DCDACCB330F622
SHA1:	9DF94F27769D016C7EAD7E28CC674D2AB352B4BB
SHA-256:	DBC45617945EDFBC6133E7BF70BCB70F95D27DFC627E77DD0B4EBC6D4A336304
SHA-512:	B3126481A474529803281A1D6A1999725F38F65A988C4BD183D315D7DA0530BA1B863AA4D08F00C59864D01736C7CC16E8A8716C8DE61BF7F59EB170B7BD4B2F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=1.000..fGammaAdj=2.001..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.059..fWaveScale=1.821..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.910..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.97980..rot=-0.06000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99990..sy=1.04050..wave_r=1.000..wave_g=0.940..wave_b=0.970..wave_x=0.500..wave_y=0.490..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.200..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-6T6CP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9514
Entropy (8bit):	5.184195306659753
Encrypted:	false
SSDEEP:	96:8+eMxhIyvdsYjlF29zp5/q31G0AOgcJ/luqhnWw0DEeJ7A6R30J23Cd0Fdv:rvI4dsYRIFpxIkOgcJdfnxqn7A622ya
MD5:	D3BEF90E5B14B84F4C91A9E8529209E9
SHA1:	41858A27BB17063CA81B7F5EF103BB8269C16590
SHA-256:	651E619F664EDBA834BB16181A8BECEA5B10EBB2D2FBD9FA68E91779FFF168B5
SHA-512:	EA251B185A62CF5A9F76C9629EC1AD2B5D4911B478B8CCC7E8C3CF13B2BB1133FD2951C429003FE62B8BF2024D2C179EB9AB30207689E12633931EE860BA0E9C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.188..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99990..fShader=0.000..zoom=1.01959..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00170..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-86O3P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10437
Entropy (8bit):	5.267524739159107
Encrypted:	false
SSDEEP:	192:rlI7O5qKmca354knboYCrPn/nupxXpjjWzkezU8Oe8M:rlcLp4knboYCTnu9HW6e8M
MD5:	AE2AE9F75BA6E981086D8CD4102226B2
SHA1:	B5D33B4A08E197F08E5ADEB3A74A42A8614267E6
SHA-256:	A0F00A4003DF0246F57B971777AA7333B7158B52BDB7346B70A0FCD234AEED1B
SHA-512:	ADD72BC2655D8C911578464F18DA73FC447DB2D8D26B42218771669651D83CFA984C94D56B241E226FF1B9960523D980412FED06F7D8DFBF7B5CA510DEEB7879
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000..fGammaAdj=1.980..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=5.552..fWaveSmoothing=0.504..fWaveParam=-1.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.459..fWarpScale=2.007..fZoomExponent=1.00000..fShader=0.000..zoom=0.99990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99990..sy=1.00000..wave_r=1.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-A0AHR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7926
Entropy (8bit):	4.998305707303892
Encrypted:	false
SSDEEP:	96:6e27kneprcK9piupp60np1J59HfO02o5luqhnWw0DEXPB+a:6eGkncmU60X9/O0XfnxqIBF
MD5:	2D6778501780C8F7A6314B91F4292433
SHA1:	1BDDBB5B89AD38819BA446AD07A9B2CBDBF93C7F
SHA-256:	F6E3B4957CC5FAEFB2482C881D72A38EEF03418AE54C5036906A81D70AC4E07C
SHA-512:	628919887A54491E6BF6D59621C886F32F9BD736EAC274EEC85B89DFC51084D7957029E875D2D4DAA86F740844175293EF6F935020A1607EE7BE070BD0FCFDCC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000..fGammaAdj=2.750..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.280..fWaveSmoothing=0.900..fWaveParam=0.060..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99980..fShader=0.000..zoom=1.00960..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.32545..sx=1.00000..sy=1.00170..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500..mv_r=0.350..mv_g=0.350..mv_b=0.350..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-A64E2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6684
Entropy (8bit):	4.932578101415287
Encrypted:	false
SSDEEP:	96:b7tdVEgXy/6CG9RMWVuYAdAOg4cAmihn7gXmYzmK2TSaMb+5:b5dVEgXA6T9RMWV4AOgcnmmYCKTB+5
MD5:	2D329A7CDB7C52B484677C2CDD82F4DF
SHA1:	91C7535BB886A069627FBA0B59CB9635957AF638
SHA-256:	87548B3B1CBA268A7DD0F77EA8DACE5292E6E637D19F76912D87F141F8D5CA1B
SHA-512:	2B7209A4964A4E632FCC59D9DAB3877912B5F92B5A371D5B3131E67D3FC9F370DA839BEF40520DAFC814EDFC6C155F73DD3DD767235E2302D45CB8F559F84C03
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=6.600..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=2..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=2.125..fWaveScale=0.600..fWaveSmoothing=0.000..fWaveParam=0.160..fModWaveAlphaStart=0.000..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=4.57482..fShader=0.000..zoom=1.00778..rot=0.02000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.800..wave_g=0.800..wave_b=0.600..wave_x=0.500..wave_y=0.500..ob_size=0.050..ob_r=1.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.500..mv_r=0.000..mv_g=0.000..mv_b=0.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-B9T9I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10540
Entropy (8bit):	5.270799127761893
Encrypted:	false
SSDEEP:	192:rlI7O5qKmca354knboYCrPn/nupJ9RVjGzmz0MkpvL:rlcLp4knboYCTnuPVmlpvL
MD5:	65EBF5820F7B92FA16209A5C58BC27F5
SHA1:	729072CA41001E1B9BD4C4A4CE15567571626ED5
SHA-256:	8B5B18B4A76CA0061934DCFDCCCFE7301DD0DAFC039F2A91BBF6975BDACA2F7C
SHA-512:	0C6FAF66CC416CE92DE0C7074D793A99121B5DC58E47E16207AE9F114E8445A88CFC7653CEF2C77FC69B375EA4CCFF3B71F9E4BB9E3044D73EE9CCB7FEB824AA
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000..fGammaAdj=1.980..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=5.552..fWaveSmoothing=0.504..fWaveParam=-1.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.459..fWarpScale=2.007..fZoomExponent=1.00000..fShader=0.000..zoom=0.99990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99990..sy=1.00000..wave_r=1.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-BQRNC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7416
Entropy (8bit):	5.156282233841066
Encrypted:	false
SSDEEP:	192:rEdoP5qH6nL9RdAOgwZnbXmYCKUx8PWsU2FRuCOy:rYoRL9RdAOgwZnbXmYC4PJKy
MD5:	1A62361937EFBCC6C3E00C24AB584FEA
SHA1:	2453119683308D539CAD760024F73C1DAC37BC8E
SHA-256:	13067C102EF314C4322B08D130ABE5C4E590186BB640A07E911F0763BFFA2ADF
SHA-512:	5001A54890892D6B16D2B007ECDF6E2470A12215C7537576B8B5DE592CD4532B27387ACF4DD4ACC7052CBCB047D51DFBAAC0DCD2576FC9829AAFA2D073AE756B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.925..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.591..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99950..rot=0.00000..cx=0.500..cy=0.500..dx=0.02000..dy=0.02000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=6.400..nMotionVectorsY=4.800..mv_dx=0.000..mv_dy=0.000..mv_l=5.000..m

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-C0552.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7825
Entropy (8bit):	5.095322714688388
Encrypted:	false
SSDEEP:	96:8+eMx2m2FadZ6eprcK9piupp60np1Al9HSOg3luqhnWw0DErJ3TlKJ2Mk/kY:rkmcadZ6cmU60W9yOg1fnxqA3TM2V/kY
MD5:	9235408E88FF2504E778DE0198E65400
SHA1:	61A4DE32CD8A9676FB84ED862F1EBFF99BF3E0EA
SHA-256:	1D61034E9AF944F9993E20C6628EDE5036DE882E621430B9193292074F019C4D
SHA-512:	3F04B496DF8196439681C9C59A03ADEA4DA8B2D0990F1AB8FF73CCB5C447AC6C1276E8918F4ABF5160415725D8E62D5829CD922F2AD472B93FE21287D3D315EC
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=2.400..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.280..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99817..fShader=0.000..zoom=0.86978..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00170..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.040..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-F2EP9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9225
Entropy (8bit):	5.157317513416978
Encrypted:	false
SSDEEP:	96:8+eMxhIwGTdsYeprcK9piupp60np1TsQw0XOJg/luqhnWw0DEGJf4J2IDIVBSl:rvIwYdsYcmU60l9OJgdfnxq9fY2iey
MD5:	DD90E5C5B816FE542252F66D169718C8
SHA1:	A33318D958041CDADF95E5A916FDB7EA7035E7C7
SHA-256:	83BE59CCA51DB3A4C2E822D3D06687E11A2BFB5B5A0E858B64FA85F0D4847749
SHA-512:	451B1E8F5B05EAF077BE4E683B42DBD4C231791D29B641B9C5AD99017CB4DB19503472C5604D208A9F072F1E8250723CDF0C77E6648E84036934943105A63AD9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.320..fWaveScale=1.521..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99990..fShader=0.000..zoom=1.00949..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00170..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-HVOV1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6754
Entropy (8bit):	5.07792180199865
Encrypted:	false
SSDEEP:	192:rOalXe5qqgnL9RdAOgwZnbXmYCKf7kT1J02tAF:rOalhL9RdAOgwZnbXmYCaoT/la
MD5:	32A9507DFA7C12D0574523934A808EE4
SHA1:	055BF8C88B9D9AFD62D8E5109DCA1C0D92359234
SHA-256:	4F262E5689E404E2041E30BDB2DAB2BABF51F651D95094852E4D80D4D20275AE
SHA-512:	7BFDAB8887480BD2EBCFE3C1F9A3534ADE379287DAAC131AC7A6EEFCA19597891003162CB77C5D54D289818CC3940D632ED9A2C7CB29F1B9D47DC65BB96CFD83
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.032..fWaveScale=4.778..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=1.01959..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00910..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.050..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.90

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-KRDRF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9220
Entropy (8bit):	5.165833799745463
Encrypted:	false
SSDEEP:	96:8+eMx6IwGTdsYeprcK9piupp60np1TsQw0XOJg/luqhnWw0DEu5hJBBJ2IDIVCtR:r0IwYdsYcmU60l9OJgdfnxqH5jBD2iDz
MD5:	39C56E9AEEFE92FDD6817EAED41D70F1
SHA1:	37041CE848B06B1C653CF89A913D26EFEE68F7B0
SHA-256:	597A40E413EE8479FC7E79C69CED2239000A14185F1E5AEEABDC1FB8E89A8529
SHA-512:	AEFCF936ED0307C32CE36D0A4666CD16489F63FBE913AFD2C1EF55F7856A523E6A18149C0C35776FD027177D30681B74419EBF48138F1D7590B68E1C19A82827
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.320..fWaveScale=1.521..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99990..fShader=0.000..zoom=1.00949..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00170..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-MKESN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9242
Entropy (8bit):	5.164750119845624
Encrypted:	false
SSDEEP:	96:8+eMxMIwGTdsYeprcK9piupp60np1TsQw0XOJg/luqhnWw0DErcJBzJ2IDIVCyCR:rCIwYdsYcmU60l9OJgdfnxqi0Bt2iDyC
MD5:	E855B622FDB9BECA5FD0DBBF1BD06115
SHA1:	2F8726AC5884B0FE0DC75753F63078B5A827B0F2
SHA-256:	AC849A7049AD6D2B73784CB520C021DFF3DC5A5CAAC6015C672286A8C50357CF
SHA-512:	D18CE09AB7B47F14DB817A50351E2EB69FB93F8C578AD429CA5FE0F498BA6F33E3C98C56710C7C1EA7960333F8F7A53F58F1616F91F2337539CBC788ABB262A8
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.320..fWaveScale=1.521..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99990..fShader=0.000..zoom=1.00949..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00170..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-O9B0K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6651
Entropy (8bit):	5.068419487934972
Encrypted:	false
SSDEEP:	192:rNalXe5qqgnL9RdAOgwZnbXmYCKf7kT1J02cn/f:rNalhL9RdAOgwZnbXmYCaoT/YX
MD5:	4B07500423CCC2C21A15E0EC8887F90A
SHA1:	28C86CD88A5234865D783077429E9687B002EFE1
SHA-256:	B625CF81E68BE794F898534C0AD1DD3061BE177EB562EA61358F7D5B3DC67926
SHA-512:	A9BCD4ECAF6C199C2FD80C7BE1266D44D4B4DD9B9B2F7BFF83BB0D9FB6B5A6CE336EC084EDD9A982ABEA6991C531201FEC0F57C296A8861E5E1DE64B0BC472A8
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.032..fWaveScale=4.778..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=1.01959..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00910..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.050..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-P87Q4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8626
Entropy (8bit):	5.137498486016261
Encrypted:	false
SSDEEP:	192:rSZ1doq5qbBCXL9LAXrkqJxnrYehbIcLylDEzSr28:rSZ7ojU9LA7kqJxnrY8TL8kS5
MD5:	9FA0ACAA018BC4136D2A6EBA04E4C50E
SHA1:	E098E0330DCC174191DC72E33B918DF856978D18
SHA-256:	B3A7102272978A2F3F951B399A10273585FB23E81AA304FDB99E9782DE0EEFF0
SHA-512:	EE76B137D13BD8A0CE6879B9E0882B4FB2D735973F3179AD3D401A6A1AD6074CF6546117C0CAB461D0C4E1C77862F740A1BA72244901352495CF374DCA865966
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=8.000..fDecay=0.950..fVideoEchoZoom=1.030..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=6.820..fWaveScale=0.826..fWaveSmoothing=0.900..fWaveParam=0.200..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=49.922..fWarpScale=11.001..fZoomExponent=1.38615..fShader=0.000..zoom=1.25486..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.050..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=10.880..nMotionVectorsY=11.520..mv_dx=0.000..mv_dy=0.000..mv_l=5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-STRIQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8879
Entropy (8bit):	5.162162808630246
Encrypted:	false
SSDEEP:	192:rPdon5q769RgpOgzqcZnbXmYCKid+NwY8Bizur2ez:rFo59RUOgXZnbXmYCx+uNmuvz
MD5:	6C96112A4FA0DA15231E57766DA134E0
SHA1:	2171EB11DFBA00D61DB0191FB079FD65387BEDFF
SHA-256:	C998821967811750944B0936CF6DD03A76A0019AD5DC6FB26D90AD832EBEE391
SHA-512:	9669DFB78BCB7A440F0967519411BC4AA8FAE5798172567E4BBC195E833DD6FF075CD6A45C789BF7D10CBE116741085794185E5A87A01D954755E56FA34C3A8F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=1.420..fDecay=1.000..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.998..fWaveScale=2.155..fWaveSmoothing=0.900..fWaveParam=-1.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=1.00950..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.500..ib_size=0.015..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.500..nMotionVectorsX=64.000..nMotionVectorsY=1.248..mv_dx=0.000..mv_dy=0.000..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Goody\is-TOI6P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9124
Entropy (8bit):	5.16152098724252
Encrypted:	false
SSDEEP:	96:8+eMxhIw1TSXprcK9piupp60np1TsQw0XOJg/luqhnWw0DEEHaJfNJ2/r4qMPv:rvIw1SzmU60l9OJgdfnxqtHif32/rXS
MD5:	F975ECBFC0E7C2DD1F0E7F6A48EB9B48
SHA1:	5C45CA640A19600F73B8DFD75D77C8F089AFDB8A
SHA-256:	13F3CEA10A9F97BA09F00A705FE3C9316F14204AB2BE62DB5F261CE72CCDC3C8
SHA-512:	CFAE53DFF925C465A407489ED75F10FB57BC8D2EAC4F75E398C5E0E7B9BEE11DF3A4E981EFCDA7042908E13BCF73EB869BAA41B9ABE7EA48EF3D365613AFD4CF
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=4..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.320..fWaveScale=1.521..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=2.599..fWarpScale=0.010..fZoomExponent=0.99990..fShader=0.000..zoom=1.00949..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99010..sy=1.00170..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.820..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-CP3G5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10121
Entropy (8bit):	5.181880802370594
Encrypted:	false
SSDEEP:	192:r10qlXMCnL9RdAOgwZnbXmYCKvGN6NMLrr2v6Rq:r1hl5L9RdAOgwZnbXmYCcKLr+6Rq
MD5:	CD5DD101DAC85F852B7D4AEBF3BD7E22
SHA1:	D655B9C825D7AB7920EE39026531EBDE69795383
SHA-256:	B74A8890F11B2EE870A7D19D0670D480EA449D2117D97D3FBD548364104BE0F2
SHA-512:	7BC0EFD6105173451A622F3CB7902C417608DBD0C3609C3BEDC35D0A33E3FB9CA01C19A8B32510558970616AB4F63DA173DAAB573526345BCD30046F54E0AD6F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.300..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=0.037..fWarpScale=0.015..fZoomExponent=1.22019..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.03300..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.050..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.300..ib_size=0.090..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-EN26K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8316
Entropy (8bit):	5.0843058019853915
Encrypted:	false
SSDEEP:	192:rfrAy5qBR9RfZOgVWnb+mgmYCKNMD+CTmSIygwQ:rfrAV9RfZOgVWnb+mgmYCnD+CKSlQ
MD5:	61782B4770FDE1AB77F399B74A5FE7B7
SHA1:	72511D55DD49EB2614645F97328C7724337C05D7
SHA-256:	B385B44403F91CF49CB16A360422CB2A94C9EEC46E677D16782EE21B69B54D18
SHA-512:	8090AA1611324B5998AD43B93BB9DD71EE2610EDE3FDADAF2CC06E69C0AE7AFBBD859BAE14035CA1590C0727B0487B5FE9DE8D71C918AD42A9F32F3D350C1EAA
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=2.988..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-JD4J5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7165
Entropy (8bit):	5.175204181136752
Encrypted:	false
SSDEEP:	192:rOmrkQ5qsnL9RdAOgwZnbXmYCKrIpULSheexg0CbtAFGHJ7:rOmrkKL9RdAOgwZnbXmYCPpULMeeBCb1
MD5:	65A1379D0443277D7A165CC306A5A6BC
SHA1:	2BBEAB77BE6B5D58D8BB1D675FE93B75B9066262
SHA-256:	D3B3668FEB853714B7B79579AA8A881BE41D090C59315799623BC1391DB88F31
SHA-512:	D71B3DA3185B26D3826E3ED9C5E90B182639ECB0B4315D7DCF4C3A3264362B88E68145945232BCB7B78CE97B5D4779452A5E1B9BF3D96D59AB34131D695A45D8
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=5.931..fWaveScale=1.959..fWaveSmoothing=0.900..fWaveParam=0.040..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=2.007..fWarpScale=1.341..fZoomExponent=4.40100..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.450..wave_g=0.650..wave_b=0.450..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.90

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-L6UB6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9577
Entropy (8bit):	5.1863944758851535
Encrypted:	false
SSDEEP:	192:r1adAI6nL9RdAOgwZnbXmYCKy7Ywr+cTp65q1pA+2ql:r1eAFL9RdAOgwZnbXmYCL7Ywr+cTp652
MD5:	88BB89B3B2FAB26DAC57581136DE7911
SHA1:	A844F59DE1629A561AA6EE8C5BE8E6AD619FD80C
SHA-256:	0823D4BC365CFFFF88B855B5200B4A97780D7A44D951194DA480E6D395DBA547
SHA-512:	D48D2DA199E617984E648994209E754EFBBD434051DF7A6759F566DBB367BF450C26B549705F67878B4BC6C5AD978F798FE959FA23E415C95D82827E7EDD8D92
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.940..fVideoEchoZoom=0.498..fVideoEchoAlpha=0.000..nVideoEchoOrientation=2..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000..fWaveScale=0.880..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.010..fWarpScale=1.766..fZoomExponent=1.00016..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00001..dy=0.00001..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.005..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.100..nMotionVectorsX=19.200..nMotionVectorsY=14.400..mv_dx=0.000..mv_dy=0.000..mv_l=0.05

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Hexcollie\is-R9IGR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9924
Entropy (8bit):	5.165388258720471
Encrypted:	false
SSDEEP:	192:r7rIryl69pHnbNVAOgGLOZnbTElmYCzyWqloiHx1GEEeb2RLB/m:r7rIJ9JnAOgGLOZnbTElmYCOWRcx1JZ5
MD5:	71D11F393573695A6C5BF6032E9A931C
SHA1:	EC0052FD63587E661E3718D4A7B56105B7173B7C
SHA-256:	4E7C4D0749B8BD80583A7125AD3A25A79F17E0828A25C51AABCBFB98929D3D7C
SHA-512:	2727517D4A90461E20A3AE38A0A64E30B7353DBDD4255550A0602AAFA36E49C2B04683CDFB6A827E2F85910AED240627C5AA2C74A470222059537AD475FEDB5F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.989..fVideoEchoZoom=1.168..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.100..fWaveScale=0.972..fWaveSmoothing=0.900..fWaveParam=0.094..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00016..fShader=0.000..zoom=1.00022..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=1.000..wave_y=0.500..ob_size=0.100..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.060..ib_size=0.035..ib_r=0.250..ib_g=0.450..ib_b=0.250..ib_a=0.290..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-02E1T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12235
Entropy (8bit):	5.180412197142837
Encrypted:	false
SSDEEP:	192:re3CB1ntz1CZXjY33WwPt5fEn20gK9MtEcvII3Nf6m3htCnSLiIEXzd8zFNvyFi7:rKCBJPt5fEn20gK9MtEcvII3Nf6yhtCm
MD5:	6787B3C313F1AC413D307940E36E7524
SHA1:	7224A325AC89CCEA1FB6D6A4B45819EC2D404005
SHA-256:	F82A37EC4B150D38E8406A7BB57C98A5965CA3068EACD0D080729D109AD93549
SHA-512:	244C257947090A02AAFD68E9FCD91C6837951E534ECACA30DC15E2959952F1EDE5BB1960357560F1404CA40A708BC1FFC4AB528CFCE19CF549FACA50EE2CD1DF
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.740724..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=0.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-05TPN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13602
Entropy (8bit):	5.2045781833457045
Encrypted:	false
SSDEEP:	384:r2UgHRMmi5lyXfqn2LtZKEMkF9zVICawKTELQ7hSLiIvud6lsvyFiGjKTBj6pA8s:r2jRMmiryXfqn2LtZKEMkF9zVICawKTz
MD5:	2D2804805101992157FE35BBBE2D6A76
SHA1:	4568939853DC96BB49C6621BAFD8916FBF9E0A22
SHA-256:	3542C72DBAD77A42B1FE282236307252D5CC6C1615A31114B7F74441761845FF
SHA-512:	F43F88F660858C7212BE7BD4DBB95C59DC1FE57228847A44FAD2D3674C35484813B30064B559737054804C7F4818E4A95C852D3B096881EDD700E7C9FD3C72D2
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.311600..fWaveScale=1.228910..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0CLRT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7137
Entropy (8bit):	4.969354714471732
Encrypted:	false
SSDEEP:	192:rFxYa0OWXVH771AtnfoOv91HFMtE9vqPIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrG:rESYbBAtnfoOv91HFMtE9v4IoYa4jj6w
MD5:	2EBA31AEB64C211EB6CC85138F49C0C1
SHA1:	5AF2259DA799A99F3797C0B4E1FA46C27BDB6A30
SHA-256:	27D6A980D5DAF2F3E7C2834FAEA2F698D054E45CFE5A658DE69264706738FB4B
SHA-512:	863B85C0C56D095DD79ADE6DA86FA51AC9104823DA48A1E588CDE03EA2C9AC90EB3A298CDDFCED1C46AEB6329408CE0A12F43B75DDB8A7E67E8AAEC41B2CB3D4
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.998000..fDecay=0.994000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.330640..fWaveScale=0.897961..fWaveSmoothing=0.108000..fWaveParam=0.100000..fModWaveAlphaStart=0.720000..fModWaveAlphaEnd=1.280000..fWarpAnimSpeed=0.010000..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.098609..rot=0.000000..cx=0.500000..cy=0.500000..dx=1.000000..dy=0.000000..warp=0.438652..sx=0.990096..sy=1.000000..wave_r=0.000000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.540000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0J4BD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8447
Entropy (8bit):	5.140673870019759
Encrypted:	false
SSDEEP:	192:rlIdo+5qOc49RhwLqdLOgSd3d7nbUHwfkmYCKJl+7nE7dqf20Tkz:rlkoq9RhwLqdLOgY3d7nbUHwfkmYCDFg
MD5:	D7352CC46B30AF2EF66E6AA1301BD8EA
SHA1:	2AE4EF96E81FA8291421C934887F83B10F02C7B8
SHA-256:	7E2BA6EF3A846A306E9BAC0F90D31007C8ECB6F0C3B1867D2C80A6E511413195
SHA-512:	FE25B0E9E4198CA5DA39F000DF97F8264020B746747DDFED7C62B556BB02AA2A18D4B6DF0FE6811503CB066C4CE591F21D99A9E24B901B5675136B8A152F772B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=2.000..fDecay=0.990..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000..fWaveScale=28.599..fWaveSmoothing=0.500..fWaveParam=-1.000..fModWaveAlphaStart=0.400..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=100.000..fWarpScale=4.142..fZoomExponent=4.32547..fShader=0.000..zoom=1.04010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=1

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0P975.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10452
Entropy (8bit):	5.123564589420113
Encrypted:	false
SSDEEP:	192:rjL3sJU2HqS1MtQ+nyt9gK9ttEcvYjA3tzQFLQ7nEBDqGv51Jzd8zFN5tyFiGjKe:rfsFMtQ+nyt9gK9ttEcvYjA3tzELQ7nA
MD5:	8B86EE0AF850DE8FEA17D2A656A00A61
SHA1:	FA40ACB742A8F368B221DC1545DB9E50F3EAF3E2
SHA-256:	8FF0D92ECA4C9F2DCB735B962BCCD84A121850760426E3B52695A8D4BD876D69
SHA-512:	680089BB26B5B37819F90EB0BFFC3D95F001195BED13EE8C4B0977A088A91775B5F527639AAEE6847CDB301FE10CBEC74EAE2D83FEFD0E6B8351B55539A587B2
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527429..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=0.442000..fWarpScale=0.498000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-0UG6V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9508
Entropy (8bit):	5.163498387036048
Encrypted:	false
SSDEEP:	192:rh63lsv1FtB+Oyt9gK9ttEcvHI9rjTrhtCnSLiI/Xzd8zFN5tyFiGDqzBsHtE6pN:rIlsFtB+Oyt9gK9ttEcvHI9rjTrhtCna
MD5:	70F49A0774FA50FC9DB46AC50FC6FC98
SHA1:	8056D2B3E97F265B2B7646899354A24CDAB9AF31
SHA-256:	A4E53BA4285F637EBB7C2B82B31F5878C80546314B5FA3FDF71AAEC42124DC9C
SHA-512:	272C965A724FF09D475BE43392BEDDCC8E471755B79D7AA83C5FA8194102D666776849FA6464D31FDB993DA773AC0DBD87553E52ACDA6F5955B13A978FD39867
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.002705..fWaveScale=1.291486..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-1825I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13078
Entropy (8bit):	5.182555119910268
Encrypted:	false
SSDEEP:	384:rXA0T0wjotisrw5ZKEMtEcv1ICawKTELQ7hSLiIpud6lsvyFiGjKTBj6pA84JyRM:rXnT0uotisrw5ZKEMtEcv1ICawKTELQ7
MD5:	5CD7658149D9F3DFA16746F30AA7E50A
SHA1:	4043330F54BBDC88808394696255181469E9044E
SHA-256:	3F3885C74D463E9B9BFDEE182424030C7D34066F21D9FB8D5CF9EB1E7669109C
SHA-512:	1E9F9FA29063E054D82B99A6D0B5ADFC475430FA5302C164CBC38E0C0446FDF1CFEF8FD5D3E26819788536F481A85DB627E0C2EF79A0672FBD2F4C4C8F5B629C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.038558..fWaveScale=0.372353..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.300000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-1MMCJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13311
Entropy (8bit):	5.213519107605779
Encrypted:	false
SSDEEP:	384:rGUyG0IfbOv90uFMPFcvcIeawKTELQ7CSLiInu/JNG7wtPdGjKTBBD/6TRRGBZAp:rG7G0IfbOv90uFMPFcvcIeawKTELQ7CI
MD5:	D65EA7691C96E8EB49D9FD410546CA75
SHA1:	78B09E57AF3357C28CFCBB7B95F13AD96979B362
SHA-256:	6DCBA34608135FDD4DCB72ED430A11E30B703890A79DA8DE035432326DD418DC
SHA-512:	66D0FD7A7E7AD1848F8F33362267A142003E04BD303ABE77087A0786262978A64C88200385FCE1B65FD62192AEE0BE1DD0FC717070CCA9B31A6A31D6C2703ED9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=5.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.167975..fWaveSmoothing=0.000000..fWaveParam=-0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-2A6J8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13781
Entropy (8bit):	5.16146085446593
Encrypted:	false
SSDEEP:	384:rPSBYtEf+nsfJu9atEe28Iea6KT0LQ7nSLiImPd6lsvyEiGjKTB8a6d4JwRGBgAZ:rPxtEf+nsfJu9atEe28Iea6KT0LQ7nSj
MD5:	9A9835915D98928C663010A36B153715
SHA1:	EFB3BBA6F6CD10BAACC3A9B8ED53F26AEE8241B0
SHA-256:	CDC65EECB82343BD9C4952D5B0D2AB36ADA0F907249F6C5277D70BD95330E3B5
SHA-512:	CD149CA42777C80537CA4F958FCA232FE81B2F9D973AD1595340549A343CADB8E926AEC1F1601EC449768FF6B4BF737A585F99F7646308D1F7CE1827FC37A804
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.952379..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.005428..fWaveScale=3.782626..fWaveSmoothing=0.810000..fWaveParam=-1.000000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.450000..wave_g=0.400000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-2E4TP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13166
Entropy (8bit):	5.220901469456274
Encrypted:	false
SSDEEP:	384:rRr+ltEf+n2fzJotMFcveIqOa6KT0LQ7nSLiIERyd6ls2yEilDKTwaea6FJ4SA/g:rRqtEf+n2fzJotMFcveIqOa6KT0LQ7nA
MD5:	2CF9BE7C4F48E465BB6D511809AE676A
SHA1:	D87715B1974FBD4DCECC776ED5C48AAE5ED2DD81
SHA-256:	249C0FF3FE721FBAC7F872B8353A4C6FA122B8D382CC60C5BEA550BBC84BC9E5
SHA-512:	C88DE85B8A04697850A0707EEDDD7C092F5B9D002EDFD4F69B1D412087C4EEF9A9901D46CCE8D353F12585098EA81A300C502BE34F84609DA53772725D172CBA
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=5.098400..fWaveSmoothing=0.810000..fWaveParam=0.000000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=0.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-2FVHD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7886
Entropy (8bit):	5.0509255698815885
Encrypted:	false
SSDEEP:	192:rO3rB1ntxfAn2Lt0HE7ttE9vlpIxeKTQLQ7OyrCI5vtvcd58yNvrEbGDqzBOAaoY:r6r/ntxfAn2Lt0HE7ttE9vlpIxeKTQL3
MD5:	96E3CADDCD77343CFCADB584FD1B0AAE
SHA1:	BE775EFC05F948162CD9ABC593BDDDD02406B82C
SHA-256:	4799C83D70E3E167C12B5C85E3EABAB7A808239D94BD9D7E1A273761AE22D272
SHA-512:	F53A4D4E4809145C40A7B65E0BC14F33EE685E9062F77DAAE091B4326F7A424EEF8AD4E9B17BBEBCA6BEEB0E7756C637E53A0063041EDD73542CF39E8C00DE5F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=5.552000..fWaveSmoothing=0.504000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=0.442000..fWarpScale=0.498000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-3R7R1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10885
Entropy (8bit):	5.147188169099244
Encrypted:	false
SSDEEP:	192:rg03s3RX2HqS1FtQ+nyt9gK9ttEcvXjAaWtzSStWEEBDIkmBzd8zFN5tyFiGjKTH:rVsUFtQ+nyt9gK9ttEcvXjAaWtzSStWr
MD5:	631BEF7B3EC48927EF148F4E86E941C0
SHA1:	B69ED8EDE721695BD25ED30C5C63F9A655C546AC
SHA-256:	0CAA6CF9570C4BF0B65EFAABE2C40BD6D812A51AD3E22E27A23EA1D731DC0408
SHA-512:	0EEE06648B9720DF5738815CE56FF81D7ADC8DE461AC989DC6F481283AC81EE8476B7A33D559D23A6E86DED1685ADC2188A719BA7666C22B25C0B57B54A81DA9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527429..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-40PGV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11046
Entropy (8bit):	5.2436900937808995
Encrypted:	false
SSDEEP:	192:r7v3sdM1HqS1ztGfKn2IgK94tEcvWjAaWtzQStWCEBDc7Xzd8zFN5tyFiGjKzBCo:rjsWfztGfKn2IgK94tEcvWjAaWtzQSts
MD5:	45024639899D36A95A0F0AE779CFF610
SHA1:	BCA3D193D1BFE339A744A1A4E5D9D5B170247B85
SHA-256:	15A64AB3392DFD321E9505497EF2CE5E73138ACB422911AC4DBCF3BABFE02EBA
SHA-512:	4D5C7B7053745C127E3F4FEFC1803367ECF9A2682480CE806FB92999824FB2DA60DC792E3AAA80D1118E225170F6F4894A97FC5253B917BF746D937F23BB879D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527400..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-58R27.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14690
Entropy (8bit):	5.288525959399511
Encrypted:	false
SSDEEP:	384:rZUZktlEn2f0HEMtEcvSIhaAKTItShCnSLiILud6lsvyFiGjKTBF1S8J+R14wRGJ:rZ1tlEn2f0HEMtEcvSIhaAKTItShCnSQ
MD5:	C250FFA1533EC136D44DDCA18BB67780
SHA1:	F019A771ABF31E49E2D1442C6EE5F425AA187BE1
SHA-256:	6EB15B28BC591D1FFD5C071D71FCB7135BC39E09A18D0AE9442F954F80EA5CD1
SHA-512:	3538B955A059A83A6F71BCBA0E3BD95B173FDDE73DCE285817B84F6AC0D8B923C5BA2CB35A395B17CAF81965A5FA77FD2F91CEBB29ACE970F145473950A87010
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=2..PSVERSION_COMP=3..[preset00]..fRating=5.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.103075..fWaveSmoothing=0.540000..fWaveParam=0.380000..fModWaveAlphaStart=0.810000..fModWaveAlphaEnd=1.400000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.300000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-5COKO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12453
Entropy (8bit):	5.177735010272969
Encrypted:	false
SSDEEP:	384:rHpuPvw1f4n290YFttEcvdI9rjTrhtCnSLiI0zd8BN5tyFiGjKTBQ6pA84JyRGBC:rHpmvw1f4n290YFttEcvdI9rjTrhtCno
MD5:	7B3FC626D32C501988A408E278E22A0C
SHA1:	F1A698A22C9AE9228C3C841FF168CD52A9940B6C
SHA-256:	576CFAC7633C6B9FB1765EED6B5ACCFD3A0330D24AEC9AFB9D35A4A7771380EF
SHA-512:	6C4C318A3B278C748AB06551AA9F0EA4FED41051466871B154277888F7BBC04C55C985A2618D26805620533A7D6A374F79D5E614FFA862C2F7819BD53D88B3E1
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.159809..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.900000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-67EPV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12379
Entropy (8bit):	5.196622598205777
Encrypted:	false
SSDEEP:	384:rJeUbyMqMCxPztTRn251u/MtEcv5IP9j6QLQ7ESLiIHud6lsvyFiGjKTBj6pA848:rJeUeDPztTRn251u/MtEcv5IP9j6QLQD
MD5:	1596A4E40B287D0E967C39ECE9F2FE9F
SHA1:	D97EAB3E4D9D7D7EA19C09223B02ED425A95AD6E
SHA-256:	3C1E6E224E3E952F32967ED3ECADA9DE23E42FA505F87996969E867DF070B5EE
SHA-512:	D4A17E18A27B9651C72CE5621D8248B610DE594767FFA861415BD8ACBC3AC2814983CEE43523CBA8C21BF940FFE6CFD015EB81BE80700360BA2882A7B9A3032D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.232543..fWaveSmoothing=0.810000..fWaveParam=0.280000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.900000..wave_g=1.000000..wave_b=0.900000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-707GD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11048
Entropy (8bit):	5.140916623400524
Encrypted:	false
SSDEEP:	192:rZ3lDFqpAIIE1Gt1FVv91uFttEcvmI4aIjTQLQCOSL7TxzXzd8zFN5tyFiGDqzBa:rplEGt1FVv91uFttEcvmI4aIjTQLQCO6
MD5:	C49C79B9CC2F03B1FBB0B7A579FE5966
SHA1:	CC8431CC3808B3AB75151C64353A8E752C82227F
SHA-256:	1C624FED0E6FE8F49824A0F58B7101EB5B6AABFEE12B619D17D58366449BEE51
SHA-512:	BACCB59BA76FB6D5BAF863ED40254996AFE08BD9467A7D3DC52EC9CA17895AAA0C33F09A8CB6F59FE36C2A89640DD67BDBB30B008057AABC8C40EB3CAFDE7520
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=20.944651..fWaveSmoothing=0.000000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-72CON.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10126
Entropy (8bit):	5.112875613688392
Encrypted:	false
SSDEEP:	192:rI03sfX2HqS1FtQ+nyt9gK9ttEcvtjAaWtzQStWCEBDqGpzd8zFN5tyFiGjKTBCT:rNsyFtQ+nyt9gK9ttEcvtjAaWtzQStW3
MD5:	C2A5C0C49860DA1B7364D8AC8FC22A64
SHA1:	0A8DB63D99766AFA47BC9F872171F5832CE83FA3
SHA-256:	5130D2A8C0FACAB071319A901120526A042BA94DA4408D80B3A9214BD30F25E5
SHA-512:	641A023373934D1FB09AFB5B374546BC22D3A52665B04F48264FEE6C8FF431C8426C19848C454115F330E90AF34AED5E2063CB8775C3A36B5609DC9E644763A9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527429..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-7D1B0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8655
Entropy (8bit):	5.103411727067723
Encrypted:	false
SSDEEP:	192:rf3r81Bztwfv2n290HEttE9vlpIxeKTQLQ7OyrCI5vtvcd58yNvrEbGDqzBOAaoI:rvrSBztwfen290HEttE9vlpIxeKTQLQM
MD5:	A9F56A9DAF3182A36CD455F7510E5FAB
SHA1:	81FA821E005503349C64937929580B3A6625EDF6
SHA-256:	FFE772BCCD5BE401C8FD5292FD44959E74D12A14543E39AD4CC4D51B406D34B7
SHA-512:	317761A6E2B7A251AE05F4D96433D4220599DB154F98470C200F5043BBF308A846C87B1CE38C22F9ACF5C2790B300501ADB9A558929F1F54C5396F871BED9243
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.780001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=5.552000..fWaveSmoothing=0.504000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.060000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-7MBOC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1111
Entropy (8bit):	5.2309616818080835
Encrypted:	false
SSDEEP:	24:XkngjW9Q4zghGgDsnoZdtL16uzKp6nv4HHgFoR:0d93MfUoZdBsUnK
MD5:	DF61EFC3E3982C3A65530A49BC5BBC34
SHA1:	7F70AA3FB73386123CD3EAEEFB7C80A7509DFFBC
SHA-256:	3BA1C61DF616D4C6F88DA52390760A232576036AFAF5A057AE35DA6636C88CCE
SHA-512:	11A5DE3A00FA64D27CEA96D42FE0403A9F3CC4EFC8F4BD09B8422297A02B7B8E9A791307AF93B89921DA84386CE1115A621E233C9B9D4541C6F9E89DA62BD2B8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.63..fDecay=0.925..fVideoEchoZoom=1..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.306781..fWaveSmoothing=0..fWaveParam=0..fModWaveAlphaStart=0.71..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0..wave_g=0..wave_b=0..wave_x=0.5..wave_y=0.5..ob_size=0.5..ob_r=0.01..ob_g=0..ob_b=0..ob_a=0..ib_size=0.26..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=3.615999..nMotionVectorsY=3.720001..mv_dx=0..mv_dy=0..mv_l=0.35..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=wave_r=abs(sin(time7));..per_frame_2=wave_g=abs(sin(time7.1));..per_frame_3=wave_b=abs(sin(time7.2));..per_frame_4=cx=sin(time1.234);..per_fr

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-8DO5A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12454
Entropy (8bit):	5.169809547437707
Encrypted:	false
SSDEEP:	384:rVfnpMTxlyJt5Nvw5ZKEMtEcvdRICawKTELQ7hSLiIpud6lsvyFiGjKTBj6pA840:rlMl6t5Nvw5ZKEMtEcvdRICawKTELQ7u
MD5:	0C55DC29103EB378389652562A8B40EE
SHA1:	2F2F2829162E9E38A5351D4BE2E6F858A39F531E
SHA-256:	AD2866DCA36DC6145E35D7EC031F24F578BD823DE6C03540D2C053C75CE27BBE
SHA-512:	932C59CE1EAC61B53B8DF7E135301A481E567B0DB4731FBDE093AFEE99E2BEA804ED9EC5A548CBB5512FA0DC19B3158008ACFB23877EB885B9DA5EE2C3031AC6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.780001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.068667..fWaveScale=1.007143..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.300000..fModWaveAlphaEnd=1.280000..fWarpAnimSpeed=0.442000..fWarpScale=0.498000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.299900..wave_g=0.299900..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-8J4NS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.276646393340867
Encrypted:	false
SSDEEP:	24:XAYpaew9Q4XWoGgDsvFw67zKp6nGgozpuCT:wYI93/E0Unszp/T
MD5:	8D1CF59710E3C66EC196C54F28163CC5
SHA1:	E479C43F030817C7310DE2BC0AC0E15A0D7F7D52
SHA-256:	CEEF9A0338125AEF4C22C11481B85946F451584A4760DACBE74CD60BD9DC5AF9
SHA-512:	F496FA8B2C2C63C6CB8AB2395BE95B35E9C0332FE62C9D2A374A9F9BEFDC17D18CF3707234E5BCF4A5B595A118DBEC1CD77E1FC043A7E30DECE7B9F4CD96CAD8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.998..fVideoEchoZoom=7.113829..fVideoEchoAlpha=0.470001..nVideoEchoOrientation=2..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=3.985613..fWaveSmoothing=0..fWaveParam=0..fModWaveAlphaStart=0.09..fModWaveAlphaEnd=0.82..fWarpAnimSpeed=1..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.65..wave_g=0.65..wave_b=0.65..wave_x=0.5..wave_y=0.5..ob_size=0.04..ob_r=0.01..ob_g=0..ob_b=0..ob_a=0.2..ib_size=0.0035..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.7..nMotionVectorsX=3.615999..nMotionVectorsY=3.720001..mv_dx=0..mv_dy=0..mv_l=0.35..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=wave_r=sin(time2.345);..per_frame_2=wave_g=sin(time1.456);..per_frame_3=wave_b=sin(time*1.789);..per_pixel_1=zoom=z

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-8MVBT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10801
Entropy (8bit):	5.160026031206407
Encrypted:	false
SSDEEP:	192:r53UnncHqS184t13nv91uFttEcvaGhACI9rjTrhtCnSLiI0zd8zFN5tyFiGjKTBF:rJUM84t13nv91uFttEcvaaI9rjTrhtCm
MD5:	F52C3A05CC30F4258819FE9C964EDBE1
SHA1:	DBBB904FAD8DCA33D17B13F2D2160D3F3B875379
SHA-256:	FFB2C775DDC0AC7DF50DBBBB904EE9EFF90A168B7BEF2D5473D2546125C42E2E
SHA-512:	153F263DEAC2416A34B76BDD02BD857B96DF3836C3266989CEA1EB6BBDE58B257D9A1F5CDF32D73C50A44C3078A8F8EB037E3549F743310097A15504171A41F3
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.391314..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=0.442000..fWarpScale=0.498000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-90H8N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10007
Entropy (8bit):	5.099864623576387
Encrypted:	false
SSDEEP:	192:rr3lFii1AIIE1npQfyOv91uKttEcvrIda4j6QShCwrLiIW53TddkN2rEb/DqzBBP:rjlPnpQfyOv91uKttEcvrIda4j6QShCt
MD5:	74C157D190B2427898FA9D5030B0CAB9
SHA1:	AE773E856C3A5CE8BB72B1AD495439C2A8016C3D
SHA-256:	7C059407B635E83C6207BAA75055547EA57E4C4AB8953F77D88B1E4191AFE3BB
SHA-512:	0E2557C16B44BD170C55872F3CDD50092010639F3234CE3ABC114679E9A4C9B2A08DFFD9173F550D91DF7B7C58898B0ACE7B4FEAD82005344B37D94082011941
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=20.944651..fWaveSmoothing=0.000000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-92AUV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13917
Entropy (8bit):	5.197287144099381
Encrypted:	false
SSDEEP:	192:rpptp5qaUZtSeA3IapY33WwDOOhn18KSZnb0Q8vGZ92kpglaAh:rprkDOOhn11SZISFC
MD5:	40EDDAF6829B92FA0D7BB24156201914
SHA1:	E09F99D968F71459279D85CB86122337A531B45F
SHA-256:	E743F7670D1DFC8E48CBD9FF88A7FDB82BA6C54B80ECBE49518FDBD9B570134C
SHA-512:	10483AE62BF0E2E42366CD7313AEA48E9A29CB2A62014464C76B119FB88052F61C1106FFC8728B187E4003D7F10EF4B073ED2A1B52EB156AD301E8BEF4867346
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=3.196..fWaveScale=2.103..fWaveSmoothing=0.540..fWaveParam=0.380..fModWaveAlphaStart=0.810..fModWaveAlphaEnd=1.400..fWarpAnimSpeed=1.459..fWarpScale=2.007..fZoomExponent=1.00000..fShader=0.000..zoom=0.99990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99990..sy=1.00000..wave_r=1.000..wave_g=0.300..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-9C96P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11639
Entropy (8bit):	5.162513751808515
Encrypted:	false
SSDEEP:	192:rgZ3s9UwiAIq8IE1etQ/n29gK9MtEcvHjAaWtzQStWCEBDc7Xzd8zFN5tyFiGjKf:rosIetQ/n29gK9MtEcvHjAaWtzQStWCu
MD5:	EB9420A5EDBCC2F1F94621BA3A119C5C
SHA1:	18EB4891D9FAC4A0D79D571BBBB63CFB681DF15A
SHA-256:	ED978EE61309DE59ABBA2541689225D912516E725C8F8C6C97E495CE6E4FF7FB
SHA-512:	191B3272F8FB71CDAA73708F833E2200A480F337D4B84BD4903C9364B6429B6FEA754AC6D270043668548F553C89C6E181A507FDBB4AB6B07EBF79BD548AE5C8
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527400..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-ANU65.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8963
Entropy (8bit):	5.151169217953714
Encrypted:	false
SSDEEP:	192:rp063AWXOJm0OtWfLn2q0HEMtEct/I4PKTtLQ7CFSLivpud6lsvyFiGjKTBj6pAp:rbAxOtWfLn2q0HEMtEct/I4PKTtLQ7Sc
MD5:	751B76A232863EE5E7975858916D92D4
SHA1:	98070EFFE9A1361A4422FDB477DCC0B0931F969B
SHA-256:	9F5A324661A32F0ADF9BEFBF17B815C20FB54160B0B05F1A714E9689851F84FC
SHA-512:	8E9C0B4ACB8F1BAFAEC9475FBC02003614327BF960BEE980A6BE91A6B102DF27C5C20EA00E437FC59FAAC37AE33880C9A91436574F4750C0E54E970F3F7FB6A5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.232543..fWaveSmoothing=0.810000..fWaveParam=0.280000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=0.010000..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.001832..rot=0.000000..cx=0.500000..cy=0.500000..dx=1.000000..dy=0.000000..warp=0.010000..sx=0.999997..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-BGFST.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10145
Entropy (8bit):	5.149135322077738
Encrypted:	false
SSDEEP:	192:rG3lgMFq+HqS1Ct6anyt9gK9ttEcudI9rjTrhtCnSLiInzd8zFN5tyFiGjKTBCzM:rSlVCt6anyt9gK9ttEcudI9rjTrhtCnd
MD5:	7B535F9C8B557F6BA2726F2F336B1136
SHA1:	67F8E300D8C6E1D7BD13C07AA403BBF67D982C5F
SHA-256:	36F79C2735E6AAAA3FCE3472F2BA19B9AC15E77BDA85F162723539D61F49E931
SHA-512:	EF2F420533062795250EC29F38D2A0A2EA09BF635AE632FFD5724BA381732D8BA210B89A5C52D8425186269704336C1848128129041AF9383FB13812B54B871C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=10.437056..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-BMHCC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14052
Entropy (8bit):	5.185589451199833
Encrypted:	false
SSDEEP:	384:r4rTsthfMOn91uFpPFc2H/IVawKTQLQ7TSLiZnulNG7wtPdGjKTBBD/6TRRGBZA/:r4cthfMOn91uFpPFc2H/IVawKTQLQ7TH
MD5:	CAEA9F5279F81C271AAA503AD551CDD0
SHA1:	798E917E1416709A4B3F2D68E15EE2DCE1CE2926
SHA-256:	9AAAA25CF84019520A8CD857BCBB2BD616B9444F09092025CA883DC15BD27AD5
SHA-512:	F81D21DE05A59AD28BDBA1C7A92D0E0FC3224BE94765D20BF9939ABC76D35E8C35BB11F72F00AD33DC49E0A514DBCDD481E63A5ACE9292778EAA81F262876841
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=1.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.952379..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.354492..fWaveScale=5.466675..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-BNKEA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9480
Entropy (8bit):	5.198129370240135
Encrypted:	false
SSDEEP:	192:rT3U63gbm1G0Nfbnv7F0uFMPFcv2IhaBKTQSmCOyLiIzu6NGJFwtPdGjKTBED/6J:rLUoG0Nfbnv50uFMPFcv2IhaBKTQSmC9
MD5:	B2E026352CF2A65BFDF1C94959A1F644
SHA1:	30C7FA7E85608278D04A6085CF4D91321C91BF8B
SHA-256:	72AD8315B98A33DACB9B20C2F3E0B5B4EB179FB5BC9F3006A9280D735554F3E7
SHA-512:	3D2933995BCB4F5FDD202F21133EE2DBA1E62C24B62C4B68D9DAF657D7503426268417D8BABF24116EC1CE72AF5A7FDACC756DFC25C268FB4A2E23A196C2BBF1
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=2..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.167975..fWaveSmoothing=0.000000..fWaveParam=-0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-C3M4B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10419
Entropy (8bit):	5.193566144717419
Encrypted:	false
SSDEEP:	192:rG3rWJ+9tGjnuqctRtETtE9vCjV+jTQLQ7OyrCIzvtvcd58GHvrEbGDqaBdaoAWz:rSrbtGjnuqctRtETtE9vCjV+jTQLQ7Op
MD5:	800E8990C75ED708FC1F7F0069215E0D
SHA1:	88C94B2F109B2AEC1AFEB7475F676C8BC5B083C4
SHA-256:	078EE8686339F90C691FF920EF072A674319D453C51C5ED8CD1D6FAABF65F0C7
SHA-512:	C35E1056B1C34C3DB42EEB5E7DF03A5FB310093A57BF13751D10DD046A152E342E4976899A3AC6FFF8DFA50FCE594199A5CD9F1C45CF53F2F0D389A8375A1531
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=5.552000..fWaveSmoothing=0.504000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-D97I9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12024
Entropy (8bit):	5.148592883953207
Encrypted:	false
SSDEEP:	192:rp3lWwFqUjAIquIE1FtB+Oyt9gK9ttEcvHI9rjTrhtCnSLiIFzd8zFN5tyFiGjKf:r5lfFtB+Oyt9gK9ttEcvHI9rjTrhtCn7
MD5:	65FF254E8A31FCF951753E454226E9A4
SHA1:	033B7F3B7144E92A2EF8CA90A6C9D8AD139F5560
SHA-256:	46529C36444C4E61D181C2D10C232E50FE26155029FED471ECE75C47ED592260
SHA-512:	0BE77A04E25AAD074EB5398D0D938984DA3B552EFE860BF2425BF2FE5769F5FE8CA78DB759C2633C921B5533F072F3F09B1A8B6DBD6206D4418BEE2BDB0E3C10
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=10.437056..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DAAN6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12510
Entropy (8bit):	5.162697073095602
Encrypted:	false
SSDEEP:	384:rVr2At3xnytDgK9MtEcvzI4PKTtLQ7SSLiv6ud6lsvyFiGjKTBj6pA84JyRGBZA6:rVaAt3xnytDgK9MtEcvzI4PKTtLQ7SS6
MD5:	FBA410181E9FCA7BAE2439750FF8A0FC
SHA1:	EB5AB7E37F2CDDE08B1A83A91384E61E0BAF7420
SHA-256:	E037FBEF812F13EE3AB8E6398709648F34159A74B033CB920CF488530B4FC637
SHA-512:	639EFF569A70D525BCE342BA93FF72A3BA820F0E10A53D1066DBAF66C128D7A9A117EF4E3D8FEAD2805898B579D7B2092ADAFB0AB352B4F350B7D1305C93F984
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.195131..fWaveScale=2.540833..fWaveSmoothing=0.810000..fWaveParam=0.140000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DDGT2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12373
Entropy (8bit):	5.136612105900518
Encrypted:	false
SSDEEP:	384:rplzFtQ+nyt9gK9ttEcvaKqIeaXtzktCnSLiI3zd8BN5tyFiGjKTBVo6pA84JyRD:rphFtQ+nyt9gK9ttEcvaPIeaXtzktCnt
MD5:	2BCC5A02174ACA76622EEC32B9E0AED9
SHA1:	0497BD493E7E1BBD19EF911312CE0965E87BBF94
SHA-256:	C2F56CAD25A9040386EDB87D8CA09D0A8F89883B0C9A3257FCB378FB09A1E051
SHA-512:	513DC6742E3B4D3669A01926C2679F9916F752E49A79E411C0D605D750C76E254A26C907A05F6DEA739933C73E169191D4AB013840BA5DDE2EC9966FCBAEDE40
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.058430..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DG40Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12343
Entropy (8bit):	5.167500041625709
Encrypted:	false
SSDEEP:	384:rAUhDFi5lMXfqn25ZKEMkF9vUICawKTELQ7hSLiIhud6lsvyFiGjKTBj6pA84Jyz:rA0FirMXfqn25ZKEMkF9vUICawKTELQA
MD5:	F48DEA83F61C6FD284C47DEF310FECB4
SHA1:	8209B770C918D1E1D99FC8E1052A3E14FD9159EE
SHA-256:	7C1F9D3502911BD4B041360FDA7FDAB2FFFAE7A5AB787F9AF0BEF0BCB71A8AAF
SHA-512:	559A48C3E564ECEF5D24A33F5666D13DDE5AD5D2CD9FE6759579F15AD5135697DD706E983ED09A72185E2D238500A4B75317AB492DF41569345E418C9C35C4F3
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.780001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.311600..fWaveScale=1.228910..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.399900..ob_g=0.000000..ob_b=0.500000..ob_a=0.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DREMP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10266
Entropy (8bit):	5.158983545294322
Encrypted:	false
SSDEEP:	192:rB3lgMFq+HqS1Ct6anyt9gK9ttEcudI9rjTrhtCnSLiInzd8zFN5tyFiGjKTBCza:rxlVCt6anyt9gK9ttEcudI9rjTrhtCnp
MD5:	1844CA8471ACDFF0A25B479C1E3751B6
SHA1:	ED30FF480FF29E8EA10014EDAD9F574DA14D2593
SHA-256:	F2ACE3AA1BC9A77A61ABC480E418CA761132B726A9A6F285FD3D70DA631D02AE
SHA-512:	D2C505A413269DB335A13272EA85F78E4CE4A7ED303B68D6B1F94CE31F596FCA79C429340B7CC3EA4C25CBAA2BEC10824349EA707FCD7DFA6FFEECC0CD93D192
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=10.437056..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-DVENQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11969
Entropy (8bit):	5.21071099468528
Encrypted:	false
SSDEEP:	192:rl3UWnBJmjY33WwLtH4fvaw00uEMtEcvqeyvKTnLQ7uSLiIXud6ls9yFiGqqzBCf:r9USdLtYfvaw00uEMtEcvqeyvKTnLQ7+
MD5:	967353A720994D60BBF7F33D9B79488E
SHA1:	CDB02D659FE9A2E157FE048ACFB26B0BE0A95F7C
SHA-256:	DF5548F9A03297C131F15F86A1A6425570F4CCFBF57DC4325B08929D9A81E6F5
SHA-512:	18BCAD78175E5A2D7CC355290991F00A36C98B6AC76D4376D101337E77A341858AF4A52270CCFC0D62346DC2CAC96D27413CDA3E6F98A8B9A6C72B3FFD269873
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=3.749209..fWaveScale=2.466119..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.110000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-E2CQ1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11271
Entropy (8bit):	5.15225468399269
Encrypted:	false
SSDEEP:	192:r603sWGX2HqS1FtQ+nyt9gK9ttEcvhjAaWtzQStWCEBDI8+zd8zFN5tyFiGjKTB7:rTsmFtQ+nyt9gK9ttEcvhjAaWtzQStW1
MD5:	4B61D711978C2C9BC8350BB9F0B6FF0B
SHA1:	03DD9FBEEE337AD163C7EA3F758F06B5128D2DBA
SHA-256:	DD31EBD1EEF10F71DFCE9341842A0D4EF769CBEA73288CD87D028D2CDBCF1879
SHA-512:	F9C18F0E15C62E02C32811C116A52C19DF02C0F3CC22AF8BD91929BDE83DD891003660CC17E587416E0C4A94158A54F20F04CAA8DBB3C46E99BBD54D0B5CA571
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.780001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527429..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.399900..ob_g=0.000000..ob_b=0.500000..ob_a=0.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-F1SLU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8789
Entropy (8bit):	4.99987985634947
Encrypted:	false
SSDEEP:	192:jXgp1Ht+n290HEttE9v7RHa4jKTiSQ7/yrCIvJd58lsvyFbGDqzBeZi03Z4aSyRa:rgnHt+n290HEttE9v7RHa4jKTiSQ7/yA
MD5:	E919A283AE6C4631124FE0B6FF0A5AAE
SHA1:	4E86373F2B6B68B4CFED8D521D47D43E55D97B90
SHA-256:	3EF23A21FD1761B834646EC95DFA8F85949C75C3449425818FC87C148349F208
SHA-512:	D5FA8D721AF922A76849DCA06C48014149F33E7AB5D6B368115F27FAB7B950DA271F9EE4C6EB4AD1F035F59E2755B6DD0CCED7F56FFD0C0D40CE33DE93D647EE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.988999..fVideoEchoZoom=1.168096..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.003300..fWaveScale=0.572643..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.240000..fModWaveAlphaEnd=1.300001..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999998..fShader=0.000000..zoom=1.000509..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000022..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.340000..ob_g=0.340000..ob_b=0.340000..ob_a=1.000000..ib_size=0.000000..ib_r=0.340000..ib_g=0.340000..ib_b=0.340000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-FLAFH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11451
Entropy (8bit):	5.189747974212557
Encrypted:	false
SSDEEP:	192:rP3yGin9A3XjY33Ww8tJnytJgK9utEc2II3Nf6m3htCnSLiIRSd8lsxyFiGjKTBo:rfJHu8tJnytJgK9utEc2II3Nf6yhtCnI
MD5:	394B111C8D4B541FC3C7A00A0CB97EDF
SHA1:	907BDA15320AF9FC5502C701EBE9871A88C82F0C
SHA-256:	9A913DA28B3F637802C5BA04959E1B85A32BF5E7EE2F8ADF0671A570C233834A
SHA-512:	994B75ED946D6A90B2B6E1002E49203CF2DCFFD21A8C51448F83881083DCE1B1BCBF70BB8CB8C5E1C3815AAC40CBC00A11ADBF77AFE1DA9A7B35EF007190B0FF
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=2..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.740853..fWaveSmoothing=0.810000..fWaveParam=0.000000..fModWaveAlphaStart=0.370000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.590000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-GAL2Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11441
Entropy (8bit):	5.135882304392308
Encrypted:	false
SSDEEP:	192:rb3lIii1AIIE1npQfypu91uKttEcvrIdaO5YSShCnrLiISNYB53TddkN2rEb/DqL:rTlinpQfypu91uKttEcvrIdaO5YSShCV
MD5:	9C13A2FFEA64B22224974387FDDD483E
SHA1:	7D982122C218571D25BDCAF9218E8064210AC9E4
SHA-256:	4028DE60AE5D4BBCFFA1E646E300DEBF9121CB17B3FFAF91B967DF823B85BC30
SHA-512:	E87AABA8FA979E0FBC539AD1BE76550BFF888F5C2A2141702601E1E6AD89F062CC1C5F944B7DD18EFA3518ABDAB8681B4742C63D3C2884126C4E96E169321911
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=20.944651..fWaveSmoothing=0.000000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-GUR2I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15592
Entropy (8bit):	5.2835051889861315
Encrypted:	false
SSDEEP:	384:rZUpI2rtlEn2f0HEMtEcvJIhaAKTItShCnSLiILud6lsvyFiGjKTBF1S1J+R14wb:rZ2IOtlEn2f0HEMtEcvJIhaAKTItShCb
MD5:	BE56EC5A529CB97791C7CDFF07D995A3
SHA1:	B8F02FC666987C8DA1AAA7D8431E308193EAD71D
SHA-256:	2A38A30528168D6D4990EACDEF3E8A4E45453584715053114F7F5739BD0418DC
SHA-512:	02E7960F09F49055E3BE51033A03A376611D199D0545269F266C6A8D00DAF3B5FB34F517C73CCEA8256B40FCFF2BA23C187D4B80A7BBC1187571ACE793CD8924
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=2..PSVERSION_COMP=3..[preset00]..fRating=5.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.103075..fWaveSmoothing=0.540000..fWaveParam=0.380000..fModWaveAlphaStart=0.810000..fModWaveAlphaEnd=1.400000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.300000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-HJPL6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	5.118303184347319
Encrypted:	false
SSDEEP:	192:rG3l+Fq+jAIquIE1MtQ+nyt9gK9ttEcvmRI9rjTrhtCnSLiIFzd8zFN5tyFiGjKu:rSlgMtQ+nyt9gK9ttEcvmRI9rjTrhtCC
MD5:	D84134868A70E3799E7D63C7B63537E6
SHA1:	DE79CD351E96A9EA67C51A29735274DA83ACF2A6
SHA-256:	78DA27B0977031454A2F56AA78F5A2770EFE1DB9FF386C496654D88364C801B7
SHA-512:	A418D91817FBE5E55DB1F9346336C825AD4025752ABFCC1185F8396A678DF8C12EB1F77E1F8987DB4C675A5DFE5096F74641EFA0D5B1AF73C2B568D3FE7025E1
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=10.437056..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-HT3RH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12712
Entropy (8bit):	5.171927399619761
Encrypted:	false
SSDEEP:	384:rwsZetQ/n29gK9MtEcvHjAaWtzQStWCEBDc7Xzd8BN5tyFiGjKzB2CPA84JyRGBx:rwMetQ/n29gK9MtEcvHjAaWtzQStWCEG
MD5:	036A0E836FE893C515DCB4BAA4054B66
SHA1:	90DF3EEDFBCDC8FD44C77A4D89D04D08246CA3D0
SHA-256:	D39C2576B2D14456F69155AD0FA4D599CFD5CDEAA9DC674E370D07B78565111F
SHA-512:	7B5871D6168FF4294543A908C58FD52454F6D46C44B3129AF5341C28556587C07C370C7ED9504C86150AAB5BFC1FC2457813480DCE0E2ABA1A611C3D7337EBB2
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527400..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-HVMOR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19233
Entropy (8bit):	5.303969974600402
Encrypted:	false
SSDEEP:	192:rxj+65qWpY33WwDwOvySdn18KSCC2Ki/P7IVn+DF3okGlbkYSB8GGuq3WAIq392:rxylDwOHn11SCz7Ck5Y2XPC3M
MD5:	B28E153119B3939F05C33CEA75A8D811
SHA1:	F0F51DD4550D2910A71A54151E06C4E4B4E4BD04
SHA-256:	AF54A94FDE91A31DAED10B989D3A218E44BE84AE554D6A916E5C1AD8F39617ED
SHA-512:	D13F4BB723B1A7021F00820AE094D4F93FDC1C8D604F4BC9AD1B5D8822F3BDEEA006C4562B2EEBBB434EE8E501B4DD9FA1A503605BC0FB18BBFB50C72D616342
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=4.000000..fGammaAdj=1.980..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.158..fWaveSmoothing=0.090..fWaveParam=0.380..fModWaveAlphaStart=0.810..fModWaveAlphaEnd=1.400..fWarpAnimSpeed=1.459..fWarpScale=2.007..fZoomExponent=1.00000..fShader=0.000..zoom=0.99990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99990..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=0.600..ob_b=0.000..ob_a=0.000..ib_size=0.110..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-I4OK5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10941
Entropy (8bit):	5.125847185807125
Encrypted:	false
SSDEEP:	192:rQ3lPnciAIq8IE1MtQ+nyt9gK9ttEcvaKiI9rjTrhtCnSLiIFzd8zFN5tyFiGjKT:r0lzMtQ+nyt9gK9ttEcvaKiI9rjTrht2
MD5:	6CB25A1FFE7375D681A2D2915852C300
SHA1:	3C4EA222EFB854C756CDFB6154E637AB9067B186
SHA-256:	DAB3666C62B81A646C884EA99EAF6F28EA89456DF4B399B15D265BFCCD40EF42
SHA-512:	C36A19D0B7925DA0C54EC5F4653FBAB2B2961A58555FE462E908552880CFBCBE4DCB669CD340A6DFB133ECAC8C35E30DA5818FFAE76A8BD5256ADF266D0D28E5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.346238..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=0.442000..fWarpScale=0.498000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-IJ3QF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10754
Entropy (8bit):	5.12757375046969
Encrypted:	false
SSDEEP:	192:rN3lWIFqpAIIE1Gt2FVv91uFOtEcvUBIFupKTQoz7OSL7I7zdzzFNvyFiNDqzBXw:rllUGt2FVv91uFOtEcvUBIFqKTQoz7Ob
MD5:	E69073F5454116633808C29C8CE28A5D
SHA1:	FB5AE5F387A9B18F9A7EC9D91BCD32EED3B9CB7A
SHA-256:	AE4AB05E68080111F2F92212D9D30E1CD8D2B7476A138017ACEBFF7BDFED62F6
SHA-512:	73E45620718FB4EEC7D4675E1F1BAC0D6AEA145FEEDA11939487FC76B0301B83E1C4724CBA23A1C6759B3CEC4489F8A0D0BF241535662B3EAFE09FBF6E6A840B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.169162..fWaveSmoothing=0.000000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-IJLMN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12489
Entropy (8bit):	5.1631424122623555
Encrypted:	false
SSDEEP:	384:rlldGt1FVv91uFttEcv4QbBIFaObKzQLQ7OSL7lizdzBNvyFiNDqzBX6pA84JyRu:rlPGt1FVv91uFttEcv4QBIFaqKzQLQ7L
MD5:	081E4F39632BAC79A869F423886BD5F3
SHA1:	02908B43E1098513556D561F2EC7992D1B10F397
SHA-256:	D13C822BEECB024390465B146862BC4C4CCD2099225BC0B0A0ECC478BBD728A5
SHA-512:	5A67BAFE62C1B388C2F30C3B8B4F8543DAD473821B3C3B70E50C726EBC3917D7B2247671511F9AEE9FFDA2D0C017E0650489E1F95A731619BAC22F01E59EBC83
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.169162..fWaveSmoothing=0.000000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-J6TNG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4761
Entropy (8bit):	5.28875988399498
Encrypted:	false
SSDEEP:	48:azExueMXNVEo/q3MD4vwTOZTM3KRZdBGtVaPFECqQ2wL+Afq27d9V732wGAc7Am+:thjoC3MDkh3WraPFECqpUxB9RGwDPV
MD5:	FB9EFAEB68D59947ABED1314F1DCC8F6
SHA1:	FCFB4EC25085C36B43F7F4148C085DE2ADAAB710
SHA-256:	9DB945FE135BB06DA34E4FC9E1277216DD7B3F69D2D89A620485E62D1F622A43
SHA-512:	31DD0C934C884FEAE6A8972175549FEEA6A77D7A0FF7234D013AE5C621FA04A87176E9A8BA2C83E6D224056203E09662C24BF641FCEA43CF05D8623F92353134
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.980001..fDecay=0.99..fVideoEchoZoom=2..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.179297..fWaveScale=0.491915..fWaveSmoothing=0.216..fWaveParam=-0.42..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=2.853..fZoomExponent=1..fShader=0..zoom=1.001829..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=0.999005..sy=0.999005..wave_r=0.77..wave_g=0.6..wave_b=0.6..wave_x=0.42..wave_y=0.5..ob_size=0.02..ob_r=0..ob_g=0..ob_b=0..ob_a=0.250001..ib_size=0.155..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.27..nMotionVectorsX=30.079998..nMotionVectorsY=0..mv_dx=0.32..mv_dy=0.42..mv_l=3.199998..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp = 0;..per_frame_2=wave_r = min(1,max(0,0.3*bass));..per_frame_3=wave_g = min(1,max(0,0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-JGJBF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9086
Entropy (8bit):	5.173558978511873
Encrypted:	false
SSDEEP:	192:rp063AWXOJm0CtGfSOvc0FRF/PMFcv/I4PKTtLQ7CFSLivpud6lsvyFiGjKTBj6F:rbAxCtGfSOvcYz/PMFcv/I4PKTtLQ7SN
MD5:	8F6791C1820903D79FB5478CA783D63D
SHA1:	DAC83A5954B65C243AA876E9002700A0E46B8DC5
SHA-256:	414DD8D88F3552905E9E8B4C1714032A4A2E6ADF5EDE65B08F59A7E3E120630B
SHA-512:	BA1C751E65B899942148CCFD6E7E3428FD22F96C9B56FE8509FB1FECC72A3B1E091E91E175045640C46FF4447641089C1E923914EB7D38C2F818354136102525
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.232543..fWaveSmoothing=0.810000..fWaveParam=0.280000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=0.010000..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.001832..rot=0.000000..cx=0.500000..cy=0.500000..dx=1.000000..dy=0.000000..warp=0.010000..sx=0.999997..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-K1V72.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12345
Entropy (8bit):	5.1799478959837355
Encrypted:	false
SSDEEP:	384:rws2xtR/pYl1OZMtEcvWjAaWtzQStWCEBDc7Xzd8BN5tyFiGjKzB2CPA84JyRGBd:rwTxtR/pYl1OZMtEcvWjAaWtzQStWCEK
MD5:	D3A1C2D0868BBC0386B0BFF8833989D5
SHA1:	1925C8D77348EDBB350A36E005EEC656DE9DE183
SHA-256:	B3EC88DFDEA5E1D0D7D6524E2988E148A055174FB440892874147AB2E10060FC
SHA-512:	CE14212D2EE0BD2A8A3A2AAFD9EEF1A01B1BDF6C46B0D0C0B9C8C813CC4E35CAC89D5D0535A8AB845A9631EF71030A6C1A81E064C4D59008ADEC3368C1DCE62C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527400..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-L1SII.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10205
Entropy (8bit):	5.124137662494303
Encrypted:	false
SSDEEP:	192:rj03smX2HqS1FtQ+nyt9gK9ttEcvtjAaWtzQStWCEBDq6xpzd8zFN5tyFiGjKTBV:r8slFtQ+nyt9gK9ttEcvtjAaWtzQStWK
MD5:	63D304992051DDFD99F520D6D85BD6F5
SHA1:	619007C3415EE74A4DC4BCE644A4BB24E83A3F08
SHA-256:	1A83FCAE91E608BA2A5441B7B2F4E3E33FE32856DF546BDEFE24467A9B1A56B3
SHA-512:	C27AC0B9643808C323830C8208B7A5178951FBECF03047BAEDBEBAA7E4B2FB81EAA0FCC965ADBD33A1CA91EAE3B5CFC4BEEEF473B8985C853AEB4D7790133CC5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527429..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-L4HPC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15896
Entropy (8bit):	5.306787975512823
Encrypted:	false
SSDEEP:	384:rZU/T3rtlEn2f0HEMtEcvJIhaAKTItShCnSLiILud6lsvyFiGjKTBF1S1J+R14wS:rZ4TbtlEn2f0HEMtEcvJIhaAKTItShCS
MD5:	22D8082B3D9BE9D43D6D063E19525203
SHA1:	BB5A69E514BF49CFBA234F8A5CE89D471C75A5D8
SHA-256:	D2628BFCA243B9590E35FC6FF6922048339CC5E5807CAFAD0EB28FF765F8178A
SHA-512:	C1D961D962DE6B8612B0EE7A0F1C989B30BF96B13A4AC6183CF414E01718B392785698D531DC6F1FD57AE386727CF5BFE23D123E6C0D806FDBFFF2F945FE524F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=2..PSVERSION_COMP=3..[preset00]..fRating=5.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.103075..fWaveSmoothing=0.540000..fWaveParam=0.380000..fModWaveAlphaStart=0.810000..fModWaveAlphaEnd=1.400000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.300000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-LT28S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12841
Entropy (8bit):	5.142699262255667
Encrypted:	false
SSDEEP:	384:1J5AnFKA3PD5YX+2D9fUPu9YHPZttE9LWLLa9lYQEnvbrCB5ukd58kNvrFbGDqzE:1JsEOPDp2D9fUPu9YHPZttE9LWLLa9lg
MD5:	8AC6D5CD66AFF9F2D1CDE5CEE47E6380
SHA1:	9F48157AC7C1C5DD43E6A89C51C1BC3793330CC5
SHA-256:	45BE5CB27FBFB0ADB1D0E1F15AB4BB99D87C68B4215486F934BBD9BE848AEBD7
SHA-512:	E2446F2DB340225432B7019B873D23DCB10D5905B3BB66EB141C7CD5F578FBB697BD4DCCCAF86A5FA30385E0BB121D6ECE0F08F2DC981A0A1E60F907AB27DEEC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=0.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=1.000000..wave_y=1.000000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.300000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=3.000000..nMotionVectorsY=2.000000..mv_dx=0.02

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-M3UJJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15366
Entropy (8bit):	5.179383116133497
Encrypted:	false
SSDEEP:	384:r8eUbLc8p4i3yztBn4JIoJKMtEczvIRPKTtLQ7SSLiIPud6lsvyFiGjKTBj6pA8Y:r8eUPF4iiztBn4JIoJKMtEczvIRPKTtl
MD5:	D5C3B95DAAD8DFA8973E86758882F6E0
SHA1:	50D6A5EF44A9307C1D6648BCCD68EF3C161B655A
SHA-256:	1BBBFCADBA73549EC9800B91CD0EBAFDCC13D111370CE2986DFFFB204F6273D3
SHA-512:	62789F6E3045E8F77DAD48A6963FC5566D534777D2F4E9AF38CF207E026D381E3481F7C67638697E843E795604729767F436629891BA86666ECB3414C6E8241F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.232543..fWaveSmoothing=0.810000..fWaveParam=0.280000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=0.442000..fWarpScale=0.498000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.900000..wave_g=1.000000..wave_b=0.900000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-M41I0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12127
Entropy (8bit):	5.207490865399767
Encrypted:	false
SSDEEP:	192:rhN3UPAiAIIE1Nt2+nyt9gK9TtEcvexIGaKJKTMQ7rSLiIs53Td8zFN5tyFiGjKl:rDUPNt2+nyt9gK9TtEcvexIGaAKTMQ7k
MD5:	CE9A5899FC8B6397A4B481BEC450FE47
SHA1:	414F92D7ED23BF73B1080C994B26FF76ED45356E
SHA-256:	780BAF41272220E2DA986A39140617E6B55D324BD2FC21A9264535898381C554
SHA-512:	D6E9DB6E30C644083EA8365FEFD4CEC17E63FD876356D28864E72AF20A0E57A805DDA8A617D68938CF5D4FF543872AD15DA3CC9EDCD3AC85198BAF0E2B1035DB
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.058430..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.110000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-N6J7I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13007
Entropy (8bit):	5.184149780304945
Encrypted:	false
SSDEEP:	384:rtSZmtEf+nsfJu9atEe1IIea6KT0LQ7nSLiImPd6lsvyEiGjKTBBa6d4JSRGBZA7:rtPtEf+nsfJu9atEe1IIea6KT0LQ7nSp
MD5:	3BBD51FC8AB22D3535545FC9D75800B8
SHA1:	DFA3DACBC11A329526C87B01F7A0395754F252E6
SHA-256:	46017F17ADD5BA8A8A6FBCAAC049F1D2BDB25C7D452B142425219328CAA571DE
SHA-512:	F85F6A2E30993BF9E92DE97770CC585917E7AAFD92F1031879979B6B60F8CF6F3A4C67398B9B081606A0A711E8A00FB50CCBA4348689253A087989ABE17415C5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.005428..fWaveScale=3.782626..fWaveSmoothing=0.810000..fWaveParam=-1.000000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.450000..wave_g=0.400000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.060000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-N7ECH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12500
Entropy (8bit):	5.189746081488784
Encrypted:	false
SSDEEP:	384:rK1QFtQ+nyt9gK9ttEcv5jAaWtzQStWCEBDIxqozd8BN5tyFiGjKTBNaUiAdJ4yL:rKWFtQ+nyt9gK9ttEcv5jAaWtzQStWC6
MD5:	8A3344CE65A329DAF9869C00EC29DCC1
SHA1:	3BCF8B9FF5800D64CA308F224D855E467F4653A5
SHA-256:	51FBB2E5D346B97FDB70FA6E788C0657D1ADAFD8172ABA514DBE27EDEE11F08C
SHA-512:	839559A09E770786C4DCA3F6BCBC96F2A978BDDFE377B7E495866A56A7F70B6332122C815C7D9A9FFA8D3AD1933FD0CAB01493F44B14E2C20BB3769EB3156C69
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=2.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.958178..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.399900..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-NJB1I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13956
Entropy (8bit):	5.241878972364739
Encrypted:	false
SSDEEP:	384:rZUAv52fvn2f0HEttEcvnIhaAKTItShCnSLiILud6lsvyFiGjKTBF1S1J+R14wRy:rZ352fvn2f0HEttEcvnIhaAKTItShCn4
MD5:	3D38E40BF012836F686EA1016BD33542
SHA1:	B2A8159CDFB7562465A04EDBE9607B0BA23A23D6
SHA-256:	5BC1E3C6DF04773C875F24A76265FA70E5C9EF8C1F86656BCA929B19DB71B9A8
SHA-512:	3440A864CBED39B3B974B883F8E6B977FE40F647EBBAD1BEB08384832B220F3931F43752B275B70350A2C30F911A67DAFFECAFE5166B0C9B7883BA1E4387011B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=2..PSVERSION_COMP=3..[preset00]..fRating=5.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.103075..fWaveSmoothing=0.540000..fWaveParam=0.380000..fModWaveAlphaStart=0.810000..fModWaveAlphaEnd=1.400000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.300000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-O59DM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12431
Entropy (8bit):	5.183172951685709
Encrypted:	false
SSDEEP:	384:rLrAiTWfpnu9ctRtEttE9vTjV+jTQLQ7OyrCIWvtvcd58GHvrEbGDqaBDaoAWI7E:rL8iTWfpnu9ctRtEttE9vTjV+jTQLQ79
MD5:	FB95CFA89F6DBF8A7FE9D801946C1E89
SHA1:	42CC4B7AE0E899507E30B336E53653352CF546A0
SHA-256:	514F306FF489FAFCA619CF29D7CD0DAA2C29DA9802F310F659B0C24768A20256
SHA-512:	09023C647B3C83314319059BA7634B0FF33CA73D91C9BE817D69C51CF63676C53B55045423B5EE15A39FFFD8DCD4A7CD816B08041C099BF7B116F3E70191C88F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=1.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=5.552000..fWaveSmoothing=0.504000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-OC963.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12848
Entropy (8bit):	5.158427370188612
Encrypted:	false
SSDEEP:	384:rGSkltEf+nsfzuiTFqvzSIea6KT0LQ7nSLiImPd6lsvyEiGjKTB3a6FJJSRGBZAs:rGxtEf+nsfzuiTFqvWIea6KT0LQ7nSLh
MD5:	9BD245426CB158E809D50A0A41E90E66
SHA1:	3B851EFD7E5B8737AF23F4F0278E2CFC63404EB5
SHA-256:	747012580E88BB9468A9076F80D09F1B9E14F519369F428A1E6321C4662CA596
SHA-512:	8D9E1F11EFA7548DF1F8215D63EC8975528EA20ABD5B8ED883AB52AB2D8625550AA770FEAD3A48AA7A1440EE5EE2EC451D2CED5C7CE30822ABDF9845D41E8D91
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=4.615516..fWaveSmoothing=0.810000..fWaveParam=0.000000..fModWaveAlphaStart=0.470000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.450000..wave_g=0.400000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.060000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-OE4BK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12398
Entropy (8bit):	5.133435724976038
Encrypted:	false
SSDEEP:	384:r5lBFtQ+nyt9gK9ttEcvmYI9rjTrhtCnSLiI5zd8BN5tyFiGjKTBpaqAL4JetRGX:r5/FtQ+nyt9gK9ttEcvZI9rjTrhtCnSa
MD5:	C8F672473534739F35B86EB881B46BF3
SHA1:	F794A732AE045C11B2DC3C8B4FE2505105083B35
SHA-256:	8C1635C6E1BC740E588EBC4A4583342A445EFD2282DC95476566073C9B5657BE
SHA-512:	04C0243D1192541AF42F4386AF1F6D9F0C4527444D689C89B6690D90C03605DA9F2E7A5D8270C6E1AB9E9450614ED5C65E58C9A27BA23BAC345758EF8662246E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=10.437056..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-OUNOH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10578
Entropy (8bit):	5.133929099914835
Encrypted:	false
SSDEEP:	192:rr3lDFqpAIIE1Tte+Os91uFtMEcvhI9rjTrhtCnSLiIovTdFlsAyFi9qzBz6pA8z:rjlETte+Os91uFtMEcvhI9rjTrhtCnSE
MD5:	9BC71CEAFF8B4554703D365D94685FFA
SHA1:	CFD46F28D4EC77595F2F82997C663170B6C70123
SHA-256:	9DA8DFDE34A01DEC669CBE884005310F9985A8082E4CCB00346E5E5699DDD6E5
SHA-512:	6FDE7552C46A53F7EECFB179B4719BFE441118818CC25F8E86FEFE3AEE333316B065AE9BDFFA3DBE86F61E5A3645B4C50C928C90BF2E7803CBF84E4D1229A6DC
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=20.944651..fWaveSmoothing=0.000000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-PRE4L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11359
Entropy (8bit):	5.163534579159742
Encrypted:	false
SSDEEP:	192:rIZ3sWbUwiAIq8IE1etQ/n29gK9MtEcvHjAaWtzQStWCEBDc7Xzd8zFN5tyFiGj4:rwsLetQ/n29gK9MtEcvHjAaWtzQStWC6
MD5:	D5EDD8AD5ED9F3F93E164FA5C5457792
SHA1:	6FFF46A9022548186925972BA38CEF82FE6CB876
SHA-256:	7CDBE8BB65C8E42B286F1CEFFDA7247DCA47BFA8392F4946BCFA7F0230A77E21
SHA-512:	C23B34834B24D94516877E738D0C44F53DEBD0B2DF3B288A6E81DD8B53009E8236B610CE4902685E41E1196AEF473B5FA411EBD5AFA8512C3BB4E1AFC06E0159
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.527400..fWaveSmoothing=0.450000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.800000..wave_g=0.490000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.110000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-QTOCM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11509
Entropy (8bit):	5.1245655694114705
Encrypted:	false
SSDEEP:	192:rG3lFjAIquIE1BtUsn2c1HEttEcvMYxI9rjTrhtCnSLiI0zd8zFN5tyFiGjKTBCz:rSlVBtUsn2c1HEttEcvMYxI9rjTrhtCl
MD5:	9EB4AFE0402E45D3AE9047297B30E4D1
SHA1:	8DCA834D4B001DCA55EC90F8852E59E321BE8B0D
SHA-256:	D9C469FC9A41A1D9BF3290B0F02F0A7DEE673EA5F7F37A6D37B123145CE5A446
SHA-512:	94AFC5E6DE57435E218FFE58C58EDBEBA3A6505070B8394B53B3FAA508B1649C5C254DECF25484517A9E9457890727ACA9F703D960D068635A86336C78647123
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.980001..fDecay=0.500000..fVideoEchoZoom=0.999998..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=10.437056..fWaveSmoothing=0.450000..fWaveParam=0.080000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.320000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.990000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Martin\is-UOROP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12482
Entropy (8bit):	5.181999329509543
Encrypted:	false
SSDEEP:	384:rja9m0DOv90uFMMFcvx5FYaJjKThLQ7nry7IhuzTdodkN2rEbGqDaBUTTiAPIJ4n:rj+m0DOv90uFMMFcvx5FYaJjKThLQ7n4
MD5:	534210DD7401BFC7D09654ADEEDA5335
SHA1:	CA761F5070FA7B429BFA54B31ABF8F8D42F9F21A
SHA-256:	188520106F2298A002A0DCB177BB23B8DBB3DAFCB0EE4C417F3F26ED85AAB97C
SHA-512:	3DBB190E5B6E799601EDE2FB0DC03747D3F5B6774C243F79D6C021FE9A8D6FD5B94DBDA4F75E0C92414A7C3B72A1CF99C8A9A9006C1E3BB42D31FD582CFD2E83
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=5.000000..fGammaAdj=1.000000..fDecay=0.000000..fVideoEchoZoom=0.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.000000..fWaveScale=0.000000..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.459500..fWarpScale=2.006700..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.000000..wave_y=0.000000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-4JK3H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15683
Entropy (8bit):	5.219144576238237
Encrypted:	false
SSDEEP:	384:rBFElWwEZ4J9n9KwOj/8nbR5EmYCYdFS5Ralk:r/eWwEZu9n9KwOj/8nbR5EmYCYd0/uk
MD5:	CB663EEA0932F76C99A8BF7B30EE3034
SHA1:	64D8457E9613D239B80751DEBAF9032FFBBE2975
SHA-256:	CDB15884D312F6F6783E85AA8D7FA556546DA82AA12F7F2465FA5ACF77E6766E
SHA-512:	93818F47A3AE750A90B11F15D92C4864774427F165AAA9560BDD1A17F7F5FEA17A94067892C183E8083B468CC34C35B24692B2D5D6F1306368C50EC6DF64800E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.002..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-18.84024..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.100..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.200..ib_g=0.100..ib_b=0.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.95

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-4T0RG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8057
Entropy (8bit):	5.154801978875
Encrypted:	false
SSDEEP:	192:rP8xy5qqmu9reOY2XZnbDxmYCKPsRHT4R+2PFWT:rP8x49CODXZnbNmYCkeHTyTU
MD5:	291FD0C6F1E6EF4336EB09FD7ACB8196
SHA1:	85250A2CD0883607E73D0D9AF64743ED0B1447E5
SHA-256:	EC782321A7A685BC04EE79E9A56CB7029E49C97C72C679C985BC5137AEA921FF
SHA-512:	1895D78B9EB18D104222B73EA33A404BB330D049A93FF8DFC1CBB69C2735ECCC715E4C3F68F03F9ACEA30A77609BAF6613B16CA39980E8048116D42170174F91
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=2.007..fWarpScale=3.749..fZoomExponent=1.07410..fShader=0.000..zoom=1.00040..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=38.61310..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.400..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-5TV9E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26856
Entropy (8bit):	5.18383922718235
Encrypted:	false
SSDEEP:	768:ryrtL656deOI6H4hrWTsrikwEZu9ut+fSnve1uFOtE96KIVaXjTnShChyrCZQkvB:+BrShBt+fSnve1uFOtE96KIVaXjTnShc
MD5:	849F03156A439A1287D385605F1AAA6F
SHA1:	5F09F89579A8BC12338516C5477AA5786E5E8BA9
SHA-256:	1E8DB439C1487E058879C14E81E1E86919210A2E2FCF1320241406017A8C64A2
SHA-512:	6EA0CEBD1E26260B8EEFE856808223D29640A7A9EDB8C74EAE2C492BAFE8258E14F071474FBCF377DE9EBB44674921A094D3E5D9B3E0EF549FA33605CC35B768
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.900000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.960000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000521..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-6RHN6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6906
Entropy (8bit):	5.087426676958767
Encrypted:	false
SSDEEP:	192:r+8xy5qqmu9reOY2XZnbDxmYCK+BKRHT4E+2nFg:r+8x49CODXZnbNmYCmHTpDg
MD5:	4916938B762D6CDDDBCD6175777CE54C
SHA1:	B7F7E0DD14B23CFE366B9299DF3C4A98C56E2308
SHA-256:	74141CC75D3F66364E7A6D52417FFBE34DC459A881C4B99580EAC272663822D8
SHA-512:	A198BF96C66B9861CEC1A15FFF7EF146BE417694946874CC319055373E8461E8EB66572E35D85165BF1445D2164322F393F2EA03604FCE32FAC85DEFF1D53115
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=2.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=2.007..fWarpScale=3.749..fZoomExponent=1.07410..fShader=0.000..zoom=1.00040..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=38.61310..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.400..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-7RV08.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17009
Entropy (8bit):	5.1674286255123665
Encrypted:	false
SSDEEP:	384:zlrcse1v/psyzxp379RlAOgwZnbXmYCGh:z5de1v/psyzxp379RlAOgwZnbXmYCGh
MD5:	4AC53CDEAABE5B1D5A9E0E3A0F6F44C9
SHA1:	6D185AEFB20AFF94CE45A2758D853DAB7A1D7AE5
SHA-256:	9B5B1B466CE72203D02E1A9C45F4710D418C62A461EF32FCEA29558F28552E29
SHA-512:	BCA4C1EC5CC213841E145D7D88A445296F2EC8055761DD74AFDDA5AF4BA7EE6A5F5192B88F237D56CAE46B1F2738D379542A9365002C9CF409BA3FDDABA2B3F8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-82167.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7038
Entropy (8bit):	4.963556101769895
Encrypted:	false
SSDEEP:	192:rK3J9WX7I1nt+fOn200HE4tE96FdIOaTKTS6Q7yPyrCHFHvdFTd58kNvyFFBDqzX:ruJ90Wnt+fOn200HE4tE96dIOaTKTS6l
MD5:	2DFEA4FB97F202E0691BCB4F5EC529F4
SHA1:	B92503209B04FA7DE6D68DFCC8C83A88F64AFD77
SHA-256:	563686D05D7BD8F1BDD8B788C723AD8942DB12E7EDF8101C37FB130D9817C959
SHA-512:	B855009A4967D534319042C2A74FD2A0198D099088E04C5ED1DDA6DDA0E7EC53EF50F88633876A1EDE80124B1A71087A9007D9C46436B27EA54359A524AE1EB6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.500000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.400000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-8BJV6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26403
Entropy (8bit):	5.202218270076274
Encrypted:	false
SSDEEP:	768:rd5656de6I6H4hpWTsri8wEZu9n99OnWZnbXmYCCNQk:p5Pg1M99OWZnbXmYCCNQk
MD5:	3ABAF4B01E8949327877FE84977DF700
SHA1:	943570F1772A9DDB61567395DDFABB8E876E411F
SHA-256:	1BB3980BE4E2E67C90AB1FA905733F41C9D8A2576F9593BA70135196AB1ED08C
SHA-512:	E2C46DBA1528F1A72FA8BA16FF20C626825FACBE8BE5875709227C4DCA2BFCDA2AE364A32CB30A52C844E3DCFD05F200A0F27476F6ABD2327C3FDC93BD0D97B8
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-98CEA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10630
Entropy (8bit):	5.137086615313917
Encrypted:	false
SSDEEP:	192:dl35qSvTk8xL9uwOsVnj2YCJnBT51etcv8Hbe:dlPTr95O0nqYCdh8Hq
MD5:	C7B59455EF45F4BB167ED1CCCCE721F7
SHA1:	55B188B7858391308804993C1D2CE018C52847FC
SHA-256:	74644EC4123B1B7B077EFF9264DD0E74E7F5B4234F9EEECFB04F00E2356BE7C1
SHA-512:	C3A63198C9B0492D6048432AFA6C0D68463F583BFF5F6E6523EC29BF446177FFA5AC05133758EDEE2AB48087D8CD40AC8F902361B68D73135D66BD0FBE373761
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.950..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.200..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=4.800..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-9GHVL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14787
Entropy (8bit):	5.224982680726416
Encrypted:	false
SSDEEP:	384:rB9oCwEZ4J9n9KwOj/8nbR5EmYCYdFaq8M:rXHwEZu9n9KwOj/8nbR5EmYCYdUqD
MD5:	1C10925D9DE1CC541669CBB3DC6F9345
SHA1:	0312A3CDFF16F1D05D1D8E38652741BF41E5FE5B
SHA-256:	737DF0E276C82BA0DEF0E7C632F383B82126923C3D9DA3BEE8F1C9CDA0B334A4
SHA-512:	C74E1AAFEDD60ED633B069C9E8FE4A084809DE68B33B9E1E9FF207FCFE2B5BFB3EAB2595846DE0164892E5433284810C4521BCB7E86F58D6554F758FE3616E40
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-18.84024..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.900..ob_g=0.500..ob_b=0.400..ob_a=0.200..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.95

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-B4DN6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13966
Entropy (8bit):	5.19098679391307
Encrypted:	false
SSDEEP:	192:rFl/5qqfUPxpC/k6V9ROOg5gnbELYCzQnAmBlgBuur2H:rFlgp87V9ROOgunbELYCMnxpuQ
MD5:	EB11838F102A7620FFF11430596518F9
SHA1:	5004E7B5D8309639D05A9948F67E9B66194FE5A6
SHA-256:	21F7F761C1633DEAF1D4F11CCAE34ED2A8BBEBF74819AF845018752FBC6282F2
SHA-512:	176B94B4BEF9025EFDC249A639A02D2237DFEEF6F749DA3C604E9EA9B992D03B1D1A115D3EDA757DB7CEC033F8B671C529AD922048D74B75D70B6886B3271074
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.97000..rot=-6.27999..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-BQG9D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11906
Entropy (8bit):	5.149908618540152
Encrypted:	false
SSDEEP:	192:ktl/5qSguBTk8x59IQOsZZnbXmYCKEoMC1uuEtN/i:ktl4uBTZ9jOwZnbXmYCUqK
MD5:	36EF607CE4EF6A7CC923EAE113B9F7A7
SHA1:	6C5DBB4F1580DDC64A6017422B489209677B82B2
SHA-256:	F2354377F4622F4D13CF4FD996CA1413E64E630ABB5A689C44BFC25676337544
SHA-512:	259EF143AF179E4319595D248F8A85105323F89BFC86954D84B312030B6583C80DA491EF0A712CB3EF3AC67D6535C2FC18877437ACC7DBF3DFB7B972D2991397
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.950..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=4.800..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-C6PQT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14452
Entropy (8bit):	5.215125013028822
Encrypted:	false
SSDEEP:	192:rBYlSsBuC6wEZ4JjFi1Un9KWPOjyYpOnbROmbYmYCzcdhrq/Umg9Mh9:rBYl+wEZ4J9n9KwOj/8nbR5EmYCYdFpq
MD5:	882E5D49978DA0A4BEA57D7ED8239794
SHA1:	9C93E15506666C6097175C566ACD4F222457BC58
SHA-256:	383802790187AFB1240AB2B41A35A49B32237AB62B199D712E81E50049035EB7
SHA-512:	B0331A3FAB4DB861EAEDD22E65EBC04DD83FE99C4FEACBE2B4BF8D89AC195C0DD821AD8A5027788DB9A6416F8BB6453055C3FDF14F52514E220F151E7AC0DAA9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-18.84024..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=0.900..ob_a=0.000..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.600..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.95

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-E74LD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6910
Entropy (8bit):	5.07850025962943
Encrypted:	false
SSDEEP:	192:r+hdxy5qqmu9reOY2XZnbWmYCK4BBRSrIEl2VIG:r+vx49CODXZnbWmYC1Sr5PG
MD5:	B3352E0ED98AB37DAFDE282DE8AE2ACC
SHA1:	34F83500344A174CA3707A59F00AF2C179CE9715
SHA-256:	F47E16F5B0F59EEF04BFA068BC15F93E8A55C4282095934861041E46A3054FB8
SHA-512:	3B1EA32C463BE0D0C751D659179973D737F84D2C991C5EDA4E8998B8DC81D5766F193A863014EC237C4CC3CE90160B34B0F1EC0A3E950F88F039366F09652620
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=2.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.400..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.90

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-EIJT3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15638
Entropy (8bit):	5.134057674934308
Encrypted:	false
SSDEEP:	384:8xh2sdNgSa9LWNnfgJ9KhROsJ7nhQ1YPXXi:8PgSJnfgJ9KvOsxnhQ1YPXXi
MD5:	E70BCE6AEDF234C9E5920AED6D83CCF5
SHA1:	C02FD23B2C125B0ECFBB6E60773B662A6729FE2B
SHA-256:	7240DCCC732BF19C38815F1F1B397BEBF56A9282C3E2D394620987DB3320C61F
SHA-512:	DD4D58E367840BE2F7D45BDBD1264951108C1D74BF7246A6367C5FD9054124A16B1FA88E097B1F0D2EF0D28B8502E224AA20C6C8E1A45B8258C33B80FD34CDA2
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=0.325..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=-0.18000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.400..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.200..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=44.800..nMotionVectorsY=24.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-G97BD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14626
Entropy (8bit):	5.170842908033614
Encrypted:	false
SSDEEP:	384:ryvhJqwEZ4J9ut+fSnvu1uFPtE96Hct5GaXjTQShCOyrCIF/6uKd58kNvrFb/DqB:ryvjqwEZu9ut+fSnvu1uFPtE96Hct5GR
MD5:	F39F47E04C3E3F009E617FA73FCCDD5A
SHA1:	EA475D2BE37315CEF3A7D7A43EFC18EBED439602
SHA-256:	EB1590A4774BAF284FE200E597E49B41D78D74E90440FB0C14DFC6DE3E2B7DAB
SHA-512:	A3D881D9589C0BA3E26FB5A5A2D9C71C86D83F8ED6D2418893804A49AE1B3DEED053DFF08C81E438B835042C93C46682FCC3A088DF58A83737931AFADB61BB38
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.900000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.960000..rot=-18.840240..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000521..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.900000..ob_g=0.500000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.000000..ib_g=0.000000..ib_b=0.00000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-GUCO9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13504
Entropy (8bit):	5.219377391255701
Encrypted:	false
SSDEEP:	384:rBYl2wEZ4J9n9KwOj/8nbR5EmYCYdFDpH+:rKgwEZu9n9KwOj/8nbR5EmYCYdJpH+
MD5:	36DE7CF48ED8D9FBDA0D44FFD05C7AF7
SHA1:	E62FF0EA3930DF917F979D895EB1EA67096D7E20
SHA-256:	4BFEC7FD2DE7920E189FB7C6DD61DAD34373C3C4D1699BBB796276D64F13190B
SHA-512:	3AC72ED07EE5DCDB3AA4EA1CFD97CB667A0A462B5EEF7800425455546EDEDF04C4FC8E64FDE9A1691B4A152E3E2871EA67EABEAEBBF4666ED867027B067924F8
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-18.84024..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.400..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.100..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.95

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-H7TIC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13017
Entropy (8bit):	5.155327588242214
Encrypted:	false
SSDEEP:	384:ryXhJfwEZ4J9ut0fonvu1uFPtE96Tt5SaijTQShCOyrCIeuUd58kNvrFb/DqzB46:ryXjfwEZu9ut0fonvu1uFPtE96Tt5SaT
MD5:	3D1DD023B8B11AD05025EADBA2D40EEE
SHA1:	F28805A94C73D1F61AF92BFAC983A2E08E2F0196
SHA-256:	6A400357DD9AC69CF66AFF38692E3D26A8EDEFEE48AF11B3F7101A7468D7AB3D
SHA-512:	9CDA97A658BC98F03E464969CDFB9CA5AF9F81D73A02E0A3A13C2BBF40E0C6D7E6A010C2DAEE67C682F90715FA4493069AD74AA53CC9F3B18EB9F4CB6BAC9D6B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.900000..fVideoEchoZoom=1.007000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.960000..rot=-18.840240..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000520..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.900000..ob_g=0.500000..ob_b=0.000000..ob_a=0.100000..ib_size=0.010000..ib_r=0.000000..ib_g=0.000000..ib_b=0.00000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-H9NQU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11676
Entropy (8bit):	5.116712773907358
Encrypted:	false
SSDEEP:	192:rPkdxy5qqdcMt+/lA9UO9ZnbrVmYCK94+EXQ1+2UFm:rP4xlo+NA9UO9ZnbrVmYCeNwQ16m
MD5:	B6D516612F35FE3D7921F2324D2357EB
SHA1:	125EF4C84C4868FACF73009D20E471022CF36927
SHA-256:	BCDEB0659EEE8BDA3536F5684C64C94649FB7E1954676843C81EB568B6D6DE32
SHA-512:	1F19B891C9993128945EFA5AEF0B730F3BACCBB268BCBA1056774CD11806922CE92AED518C16EFCD53852B863258352A47117A820EA4C33CFA85C8D41A754699
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=-0.28000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.400..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-IGSR8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16429
Entropy (8bit):	5.215310956257295
Encrypted:	false
SSDEEP:	384:rmtlS4RwEZ4J9+9KNOK7nb2omYCcdFyzMwVm:rAM4RwEZu9+9KNOK7nb2omYCcdIwqm
MD5:	FFFC56F93E2121CA9387A445DF41AD71
SHA1:	A4BBE04F5FC9ABFC87B68E640CB3E236C1E32281
SHA-256:	5F6A994FF357E856082989346FB1D30939DB1224ADEA77A300CBAA277B260810
SHA-512:	EFD55FE03A457ECDCB4BCE2955E3286A07FEC65CF4700CD4B1A765C68F0F873DD58FBB62E9258BE00BB0C746E037D19A45C8AD7585DE321EAF7F4C3482FFD8C5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-6.27999..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.950

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-INUBD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9927
Entropy (8bit):	5.199292427207434
Encrypted:	false
SSDEEP:	192:r82l/5qqB6491lOsInbCmYCzv8S8tp5TzsBAl2heCjAT:r82lFF9POlnbCmYCbdR+WeCjS
MD5:	411F2AFB2EF098A02CCD2E36490DB4F4
SHA1:	2570F56239284A56C1A5D0E8EF2798C9C5F9361B
SHA-256:	40A8BC7C4E52B49784CC56226F78D5A1F71685764B7E221813E117BC68B53448
SHA-512:	BD99C8CE6E773982CA0A66BFF8E0E3E62F4C0F3D5957EBE7611AD6B2570DD0452842CCBC19240ECC62DB0D1A36F828A3C3DCB69BC2D64FCF82CE444E6E1306A0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=2.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=0.267..fZoomExponent=1.00000..fShader=0.000..zoom=1.16000..rot=-0.04000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-J7GUF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7035
Entropy (8bit):	4.959794510336239
Encrypted:	false
SSDEEP:	192:rK3J9WX7I1nt+fOn200HE4tE96FdIOaTKTS6Q7yPyrCHFHvdFTd58kNvyFbGDqzk:ruJ90Wnt+fOn200HE4tE96dIOaTKTS6l
MD5:	C61C79A8DF9AF30130D3CF94051AC6A1
SHA1:	6EE71373596FF58B414100C667C1F9C6DD9C8B90
SHA-256:	05BB212F2823B4C181B9A7B9BDEF1DE0CD0C9F7FBA5A1D1487E802A8BBA35A24
SHA-512:	9684CF6084CE776E6D21DE79BFFA81D422AC4A0910D2156EC0497C3126218C9D367C40E8704253DC74BA069493CDE59684A0233D13B3A701CFE11FD247EA4FF1
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.500000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.400000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-KMDUN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9276
Entropy (8bit):	5.206182210276092
Encrypted:	false
SSDEEP:	96:8+eMxljWQQcV0nkBQ1q7K1BG4jZfN/QOH8KoG1S8tPSYT7JS05S3hgzsfJALJ2Zz:rjWQjSWE/RI38S8tp5TzsBAl2ZMvxc
MD5:	AE6799366826E6946A7FE1608CF91DA0
SHA1:	254A344DEC4C99A9D39E2F7C800E1731926168D5
SHA-256:	C154FCD892F80DFF5BDBA94A453858D32427C40AD86F041A985AC1F7303E92F0
SHA-512:	E6FF4116E039D81325CD11D78B3D609FA1E65BC5C7844C19720BB3DC8965E8DCA22713085489A409DCDA5F3537BA9D4F59428FAADC098564D2BB49060EA2BC07
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=2.0..fDecay=1.0..fVideoEchoZoom=0.999600..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=1.0..fWaveSmoothing=0.750000..fWaveParam=0.0..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.0..fWarpScale=0.266718..fZoomExponent=1.0..fShader=0.0..zoom=1.160000..rot=-0.040000..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.000521..sx=1.0..sy=1.0..wave_r=0.0..wave_g=0.0..wave_b=0.0..wave_x=0.5..wave_y=0.5..ob_size=0.010000..ob_r=1.0..ob_g=1.0..ob_b=1.0..ob_a=0.0..ib_size=0.010000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-MKC65.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13396
Entropy (8bit):	5.175840927040486
Encrypted:	false
SSDEEP:	384:rBYl+oBXgUg+bIsbUX8/oUEPaW69KwOj/8nbR5EmYCYdFlvvMD:rKwoBXgUg+ksbUX8/oUEiW69KwOj/8nr
MD5:	E11D0391A83E371DA61DF0506EAC8B95
SHA1:	A751E290EDC5C45F793E5620AF382A61AE99D7C6
SHA-256:	24A0921C7B1C280A8EA62F71061E0992CC27E3D5640D9E9F5D2218D7B44BF551
SHA-512:	2B1289B7515FD26189D13A260F90282717FE03849036CB74199C79B9D402C82D7F018FDB3B7A74AAD2DFC92298F51D0A0DEAB0EBA29334864134A535971F80C7
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-18.84024..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.900..ob_g=0.500..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.100..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.95

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-N9GUE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16517
Entropy (8bit):	5.253569917491031
Encrypted:	false
SSDEEP:	192:r6WQGc9B1Md0cLxRDe/ct5JcSCNHlbxpOCGl3b+dvRmlHr2H/7Nog:r6t9B1MdVLxRDe0t5JcDjxp3q4R2H0p3
MD5:	681F12EDC2813D696740DD7BEE6A5AFE
SHA1:	99E8725FE1195391D3C5EF9C24CD436C2D056306
SHA-256:	A1D4E11A098E2FB917A76F90A17FA7285C2E6642E0F117554426DE4C09F5377E
SHA-512:	4427BF7B99FEBF194A8C61B0AB868CB49F52FCED41BA7020B27EE3D8D5A5D8B1924F17421234387CE1D05E2511DDD4B56BD5DC1F872F8199743D65E964225391
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.0..fDecay=1.0..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.5..nVideoEchoOrientation=2..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.0..fWaveSmoothing=0.750000..fWaveParam=0.0..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.0..fWarpScale=1.0..fZoomExponent=1.0..fShader=0.0..zoom=0.960000..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.000521..sx=1.0..sy=1.0..wave_r=0.0..wave_g=0.0..wave_b=0.0..wave_x=0.5..wave_y=0.5..ob_size=0.010000..ob_r=1.0..ob_g=1.0..ob_b=1.0..ob_a=0.0..ib_size=0.010000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-ORRVC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11701
Entropy (8bit):	5.102568001668464
Encrypted:	false
SSDEEP:	96:8qBdlZPMBSFVb1CG7FVcTIgtVUUvqN0MVdq1VV9OqIeOr4hmWhnn4YzmzqLF3Ydy:8qdlZPdoZqMf9ZlOs5n4YCzGYc0QbtP
MD5:	90A63567796953C876D3A2A64A54B923
SHA1:	06AAA7E149C0B9E802CB65B1DD7C8A79708F494C
SHA-256:	BAF9653AA1AE27873E78E4286E327B8DE154AF96A3AD3CAC25939515F3013EA3
SHA-512:	1A59055BAF9F1C232F9FDE0E492464FF24629E9CC667647817994DE595F9F962A3B1E20952EED9F543D52404424F56704A0F3101F43EA3F04E2C171C71B0F822
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.950..fVideoEchoZoom=1.071..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=100.000..fWarpScale=0.010..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000..mv_r=0.800..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-PO5E9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12610
Entropy (8bit):	5.152967546662936
Encrypted:	false
SSDEEP:	192:Zl/5qqlzaBaTvM2L9RdAOgwZnbXmYCKV3b+1sV:ZlJIj2L9RdAOgwZnbXmYCG1V
MD5:	2038F84096A2562F98A674F21B8EA735
SHA1:	E710A13EEFE016D8A007B3FCC08BEC6DFE40365E
SHA-256:	2CA8262064C8BA4644A579EB794A54A68BF492DC654AA599BD5C5C065735ED82
SHA-512:	8D394EB76E07147E4696C4A7C8C7468CD510B6663E566B467E5E74FC9B5D80CE9A780A42B9437B97F8EAAD43D7D7CE0A384CBC1DA9A4311423E27F19B49E6326
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-PR2N9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12513
Entropy (8bit):	5.160905736142771
Encrypted:	false
SSDEEP:	384:rBYl57BXgUg+bIsbUX8/pUEPaW69KwOj/8nbR5EmYCYdFrYgD:rKj7BXgUg+ksbUX8/pUEiW69KwOj/8nK
MD5:	F18BC17D4B4185F55C6CA76119F9F00C
SHA1:	90997B5E850EEF9E0C7A3005970C7F662018B718
SHA-256:	DDD3E3955387EA362758C8365B8684DE05583712C81FB441157585042CBCFA78
SHA-512:	788D87925DD29C5445DD5FEF49544AA59FBD6E8070742D24455E0D90929281111A06FD0E55B068E1CF447FCA39F5FE2E353C864B65133EABDD7CABC2095288EC
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.900..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.96000..rot=-18.84024..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00052..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.900..ob_g=0.500..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.100..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=4.95

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-RVGPI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7359
Entropy (8bit):	5.080349845821474
Encrypted:	false
SSDEEP:	192:rPhdxy5qq6u9XDi9gFZnbPz9JHmYCKSPjqlp5ok9J9IEl2Iq7:rPvxU9zg8Znb79JHmYCtjW9J95m7
MD5:	9E816996F5A3BF35465466AA1562910B
SHA1:	85B14778734800C3923B469FA7D0EF063338465E
SHA-256:	E7E647162C0A445A8C630EA0050B5FB9A9BB42A953B7618F33A06D2C8D489BD1
SHA-512:	D3F53BFAFFC3D158DDC6C39FA6302B1AABE08B5E947F040385BFA2810B055CA58C4C41B5EBE152625A8AD903FD329BE35A579560C20022510CF7F62A431F1D9E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.400..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Orb\is-UEDLJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10766
Entropy (8bit):	5.136105213469229
Encrypted:	false
SSDEEP:	192:rbhWq7bW1qELfkn290HEMMF9vHtna2KTQLQ7nryCIYvBd58kNvrFbGDqzw6auFin:rbhXbsqELfkn290HEMMF9vHtna2KTQLF
MD5:	D1264F313A5E6FC76B5536C25E2B98CA
SHA1:	F1C3C8123A9B1405732ED31349001793894BF9FD
SHA-256:	1F6F276D76816731D54CDBC91784D98F4D48F24E1D5DCC784071D182A5A30B5D
SHA-512:	704E04DAD9005A05BC25FB15EFC57C750A7CE24F1A5F31612E56C73E922952BF283904CE3350BEC14074CA0CEB3BEF12D0A94BC4CAE880D0BCA3ED658BDE7724
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=0.999600..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=0.266718..fZoomExponent=1.000000..fShader=0.000000..zoom=1.160000..rot=-0.040000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000521..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-0BFVS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2473
Entropy (8bit):	5.232968435769525
Encrypted:	false
SSDEEP:	48:en3K523JqSu3AAE9Z86SgRoaznq52N9gUHY5nEhe89skP/hf:aD3Jx9RoaznP9/HY5qHP/F
MD5:	9A4A92BEBE6D7249DECEDF481A649E05
SHA1:	F37697472EFBB12093E1741C2BE5F29A0285F851
SHA-256:	1B6809BE83E46430BA6CA9A71C8956C2600D4ECEA24095C373F8CE248E10E2BA
SHA-512:	148B4FD319EF56B94E34748672902F343AD4C898F05FCA40A231E43156DA8B9EA1C6BB1B2146C85A97F7E0978FFB4213B63C43331F25ED96AF262FC174A2757E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.970000..fVideoEchoZoom=0.999608..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.781784..fWaveSmoothing=0.630000..fWaveParam=-0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000494..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.600000..wave_b=0.300000..wave_x=0.500000..wave_y=0.500000..ob_size=0.025000..ob_r=0.010000..ob_g=1.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.015000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=1.248000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-0OQ6O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4811
Entropy (8bit):	5.318003840477295
Encrypted:	false
SSDEEP:	96:JK3J4Vhe0vWEEbuXj3/NDnZa132oSQSWhSuSr1GUiGL/WXGtwtTZF3:g3JYNvbkuz3aSvWoB1WtTZF3
MD5:	7698DFF9577E17358488AB8DFF5F1B01
SHA1:	24A52DD0BDCC95DE61C50549CE5404B639D3B004
SHA-256:	955F79CA14A57959753671B05309E0AD891A4C7B43FDCCFBCC7654BB39B57920
SHA-512:	3AFBFAC9473DE5956A7A0A154A47B41BD5D2E0C05A619EF06140E79D82923B8FDE53C3CDF0E6B5A5DEA70431A28A8024E8C32147F6B7A86FF383E1CBC7EF3436
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.001830..fShader=0.000000..zoom=1.001507..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=4.480000..nMotionVectorsY=3.720000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-0UHSA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11104
Entropy (8bit):	5.086703244960655
Encrypted:	false
SSDEEP:	192:wZtgJYR+7nGQVtSf7mnu90HPFMtE96FEKIYYa4Kj6QShCOyrCHF0vIllNvyFi/Dc:wMJYR+7tVtSf7mnu90HPFMtE96EKIYYq
MD5:	A619E10A83A11E6C751CDF1194015FEB
SHA1:	A055415DCD2F8EF35BEAA9A1213A9A7995E4D296
SHA-256:	93CEF94C2BE87C07F0313F2069E591461BC5BB4BC1656C0A7E69D1269F42981C
SHA-512:	DF6CDFA2E563CAE856B60FA063D1B18933A44038F76F8342F40CD4858B3C6C3DA3A357301A0B93B11E27AAF3E6A558AABCF29A00730A986BE7E01F11EAD3C555
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.700000..fDecay=1.000000..fVideoEchoZoom=0.999999..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.334693..fWaveSmoothing=0.750000..fWaveParam=-0.219900..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999900..rot=0.100000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.400000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-12QRN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3550
Entropy (8bit):	5.191963080521924
Encrypted:	false
SSDEEP:	48:zUf9Bx2/s63+Id3aAM02o+MWS4sisZlvcscv+sALG2siZonLcKIZ6f3wf0MTRzd6:Qf97O3+lTSHTVcvrP2MGJTRzdW9ABA
MD5:	EC3A24755892B5A8CBE870B294C41E60
SHA1:	6BA3B7297A44D6881C800B4FB966A0ACB1D09DE6
SHA-256:	EC05999E7058DBDD6933C431B1534F68B9FE982472D2940252E0ACBDB27A8494
SHA-512:	0316776372975B7829149EFFAEA16A147D5F0D5BA6E3CECA0D86ED7650F842DD825DF325EB5C99696F1FB875AF8E18F7D1C8D4ADB0CC334B8CD4373EBCFCC629
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000100..fShader=0.000000..zoom=0.905500..rot=0.000000..cx=0.530000..cy=0.470000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=0.999904..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=1.000000..ob_size=0.049900..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.100000..ib_size=0.055000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=1.280000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-1BSIT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3024
Entropy (8bit):	5.208222951144093
Encrypted:	false
SSDEEP:	48:pAUBg9FKA5LqKd3aAE3ddyNMjyZdDBoTdbyKtaBvQrYa:pNg9F1gNdadNsmKtaBvQrYa
MD5:	04B9F0E734034D05D78383F4C4DC77F0
SHA1:	C5BA4D31C5E562C3CC05279DD45F7E6FB5E009AB
SHA-256:	EB88CC233272F5345ED70CD48F5AEEF4BDA507F37A65C5327AE62417DF72D970
SHA-512:	B856F698B73DDCFFD1AA159920D5DF773B3DAA566CAD9502130DF9C9AE3ACCA28885C667AEF297F0521B9BBCDA6EB88B33793FF5D9D27ECC0A880EC920E2E988
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.700001..fDecay=1.000000..fVideoEchoZoom=0.999991..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.997938..fWaveScale=0.010000..fWaveSmoothing=0.900000..fWaveParam=0.400000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=10.572172..fWarpScale=4.108018..fZoomExponent=1.196128..fShader=1.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=1.011847..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.070000..ob_g=1.000000..ob_b=0.070000..ob_a=0.000000..ib_size=0.010000..ib_r=0.070000..ib_g=0.070000..ib_b=1.000000..ib_a=1.000000..nMotionVectorsX=1.920000..nMotionVectorsY=1.440000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-1MMTO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4090
Entropy (8bit):	5.312946833594868
Encrypted:	false
SSDEEP:	48:DhrBsEY65x3JqbaAMhdGjxNnDouYrN5x5E4uaqdaNXHFEGGMRN3+lYjoJwZACvfy:DLsk3JHinJYrN5xya0GHpGMRN+O9WCv6
MD5:	FCF2C7019DD617C7490F75E06BCDFEE6
SHA1:	D66402DE18012C5D825D071BC2A13FC9DCA20FC3
SHA-256:	7A103417AA1C41FFE4E8295D3A71F0DC4315EB2DEF01A5803E6B66BDF91C8348
SHA-512:	2FE3F01D04AA5D7D28F937434E3C273134391F2A06D95A3E2C871D8147469FF21FCDF54EC3F8C4719E0F11B3E215E1D8F459DF93409E2951B498F7B4300672AB
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=4.990001..fDecay=1.000000..fVideoEchoZoom=10.784553..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.997938..fWaveScale=1.990516..fWaveSmoothing=0.000000..fWaveParam=-1.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=0.999998..fZoomExponent=0.999985..fShader=1.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.400001..wave_g=0.400000..wave_b=1.000000..wave_x=0.500000..wave_y=1.000000..ob_size=0.000000..ob_r=0.300001..ob_g=1.000000..ob_b=0.300000..ob_a=0.100001..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.500000..nMotionVectorsX=8.960042..nMotionVectorsY=12.960033..mv_dx=-

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-1U1RV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.291023640382494
Encrypted:	false
SSDEEP:	24:8xs9AugfcH3uAc29E4QCcGmADsHYC6f1X/pmMR/bG/1e:D9JK29DEOu8hm+/bJ
MD5:	6B21E4805184CCA6500CCBFE11F41A5F
SHA1:	20480C5312C7D5A9E641CB4B596A6F60390AAB58
SHA-256:	DA273AE38502C33DC5FC3A09F1979A55DE4F772F67001B64AA26C50A6AAFDAA8
SHA-512:	C7ECD2A41338B9F2A9E948C067476659F70C0E39F8D91D46CD6B7B7F300CADB11E59A080F3C6B360CF8FA9A9F7A933C233EBC5366C1907F0F4107CFA0327CD02
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2..fDecay=0.95..fVideoEchoZoom=3.007504..fVideoEchoAlpha=0..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.880224..fWaveSmoothing=0..fWaveParam=-0.5..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1.074097..fShader=1..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..per_frame_1=warp = 0;..per_frame_2=wave_r = wave_r + .5sin(time333) + bass.3;..per_frame_3=wave_g = wave_g + .5sin(time222) + treb.3;..per_frame_4=wave_b = wave_b + .5sin(time111) + mid.3;..per_frame_5=rot = .4s

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-267QE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8864
Entropy (8bit):	5.053785355769239
Encrypted:	false
SSDEEP:	192:H3JCWm/1htwfkn290HEttE9vxIv2KTQLQ7OyrCIQtvdFTd58lsvyFi/DqzwFMaJE:XJC7htwfkn290HEttE9vxIv2KTQLQ7OC
MD5:	0D55469656D7D17B8267CC96C01501E7
SHA1:	FE341FA048D5FB48B82B2BBF003CBA57C8D48999
SHA-256:	9AF9F395DC7156578C66BA303518E7F2B76AEF6CE2945133D67C4155E91A3D47
SHA-512:	CFDCDCEB23D51799A51EBBF2443C67375A3CE7C53601D0EE2663C0D5CC5C67D178940B315583F03B472BF63EAFAFAE9E4FAF018B2401257C6A41959E578E933D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006500..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-2CRQK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6724
Entropy (8bit):	4.640257312908337
Encrypted:	false
SSDEEP:	192:wfQQJY/VoCot9fTmn290HEMMFcvOInYaGKTQLQ7nry7IXvITdf8ls6yFi/DqzB/s:wfQQJYrot9fTmn290HEMMFcvOInYaGKP
MD5:	0CD233056D5A1EE047349EDC635F55DE
SHA1:	A855492AF3D29F2BBBB832CF7A87574A66E512B1
SHA-256:	327FA6BD4DFF13BEB8D673C6743049523B217929476436B28A81246F437C2BA6
SHA-512:	8D69F5B36F66E9495036802520F39FEDA758B03C36B26719044AB1981F7E00199F1BD36C8AB53C99BF46EF8D36D596BBE21F677736F0882C718C2DD2FE028574
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.420000..fDecay=0.500000..fVideoEchoZoom=0.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.900000..fWaveScale=0.030000..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.900000..fModWaveAlphaEnd=2.000000..fWarpAnimSpeed=0.900000..fWarpScale=1.000000..fZoomExponent=0.389000..fShader=0.000000..zoom=0.200000..rot=1.000000..cx=0.000000..cy=0.000000..dx=0.000000..dy=0.000000..warp=0.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=27.640000..nMotionVectorsY=20.800000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-2F0HH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2809
Entropy (8bit):	5.23418171442591
Encrypted:	false
SSDEEP:	48:pfBRWC9tYJ2z5h3Jqu9+AEqMINKaEX6oxiLVfoFZlPZl2VrXDbCpV/Lurh7:pOC9q2/3JgqMhaf6MoFZlPZl4/bmV/Lq
MD5:	C73C862F2E91A5E18C46916C7BB11EEE
SHA1:	C1FC05EB400E4AF51FC12BB50224E43922BB0EA4
SHA-256:	FD864825A85F1CD457DBC9C4CC49FB4D83D89A1EBE2AA222B2CFEEB6806BB7A1
SHA-512:	05BCFC2CD58EDFEDFA51E1C6F4831A16A2925D96760F4CF30AC655C54BDE9972AE3B30D8E069125D68C2E4612A7B751BD0D62492E961304E65EE7FDB563F3D46
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.700000..fDecay=0.970000..fVideoEchoZoom=3.503422..fVideoEchoAlpha=0.460000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=4.583206..fWarpScale=3.194907..fZoomExponent=1.000000..fShader=0.010000..zoom=32.544483..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.950000..ib_g=0.850000..ib_b=0.650000..ib_a=1.000000..nMotionVectorsX=24.959995..nMotionVectorsY=15.239994..mv_d

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-2G1N3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2741
Entropy (8bit):	5.218370099603735
Encrypted:	false
SSDEEP:	48:Wi2qz523+dSl4V3AEDYK8nqchOz3mis6nVdhKFD7x6d5g0Njfu:z2P3+FVhDhfchOqHmVdh2SO0Vu
MD5:	782D60CB89C04AA46E3E3815DBA24ACD
SHA1:	D27E8C587DE20A5F831EF2F9233A010226D5633F
SHA-256:	3694A4826982908E000E25500BE9496C241AF4ED8DA45978B07367A784B797DA
SHA-512:	FB73FE9BD629F43A31478FE5B97F183E7F33EBB931941D1ECB1F727BB021F26AEADC123210EFD59F11A0E677130A762C28ED08B7B1EE324474CF7FEAE19E0E8E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.995000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.241456..fWaveSmoothing=0.090000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.550448..fShader=0.000000..zoom=0.550449..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=0.999900..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.400000..ob_a=0.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.300000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=6.400000..nMotionVectorsY=1.440001..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-3LEOQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10518
Entropy (8bit):	5.073302101650722
Encrypted:	false
SSDEEP:	192:Eahp1nt5mP2q1uFMtE9va8l8s3HleQHKTQLQ7nryCIlXS4ShbYYlsvyFiGDqaB86:Eahnnt5mP2q1uFMtE9vXHleQHKTQLQ7T
MD5:	749B8C9BE6AD8B11CE9204B27ACF44CD
SHA1:	DF5B964B9FBD4D4838BAD70BC919969E07C81020
SHA-256:	5EC0647B163B500940D1EC1E302BCF7FC0E6E989133625831D3240B56424F362
SHA-512:	4893566F3513471588790B7C688E19177D2E12D71F3C7D2E9EC7662E1ED1910096F5B71C9E80C3705939E713E7D6455EA1490CD3DC01D24F0726DCF0DD41770E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.900000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.311600..fWaveScale=1.228910..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459526..fWarpScale=2.006761..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.460478..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.006500..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-3TQNR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8663
Entropy (8bit):	5.039754364289072
Encrypted:	false
SSDEEP:	192:l3JCWm/1htwfkn290HEttE9vxIv2KTQLQ7OyrCINtvdFTd58lsvyFi/DqzwFBauZ:9JC7htwfkn290HEttE9vxIv2KTQLQ7Oy
MD5:	6700D5F92D4D0DED997A0B321C027105
SHA1:	92B8E38590C03C01FBE14991E9F961A25748D8A7
SHA-256:	BEE216F595AFEEE2D65624F9EE3868C609F85BC94CB8AF782F524C904B963D94
SHA-512:	34F28CB57CCB195D3B8A7D40EEFBCF7760D398FA9009032713ABCDA5B50AB8A2203193E54BFA1370A408FD271FA640B13E833C1ED56A872FA5B0064A41DA9A44
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006500..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-427R2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2382
Entropy (8bit):	5.062234454706885
Encrypted:	false
SSDEEP:	24:XYfugjLSvqK4JuSRN5JI3Jqu9+AEd8K0xkx+Rhi0lUE2AKDs3I7w7jZhhgow7eZw:of9Svq1FN523Jqu9+AEd8+MrDNkz
MD5:	A578018AEDBA2FE727BE3DF640FC3F67
SHA1:	DDF900CDCBEEFE6943B676B435731586AF10D35E
SHA-256:	B8EBB41C29FD4A7319B1FAD2890399E8F80C01249E239CA32568C888E2AF5145
SHA-512:	389C0F51209200F1AA5F3F7740DB82D1A83A7BC2DE39D73F6C0CC144B7A9A172E1F26DC7E389981997AA6697B56FE7FB9AEF3B3A53C8F8B57D612882F8A4951B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=0.010000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.793875..fWaveScale=1.074093..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=1.000001..fModWaveAlphaEnd=0.000000..fWarpAnimSpeed=1.000000..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.001837..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.300000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.025000..ib_r=0.000000..ib_g=0.000000..ib_b=1.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-58QSO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18949
Entropy (8bit):	5.229150597812309
Encrypted:	false
SSDEEP:	384:9s+6MttfEtg9S5y1tO/e2GI1aWj6Q/MvOry7ZAnmv5d5tUdvAnc1/qDaweK7FAWm:9s0ttfEtg9S5itO/e2GI1aWj6Q/MvOr1
MD5:	01885028C4D1F4DDEBF17FF0548324CF
SHA1:	C922713FE3973292165A5FF94A0E7F9081B4ED4D
SHA-256:	0F032124246D93BFA03B13E6A57DC79BC111EF34CC806CB3255E6F9C01834897
SHA-512:	AA41231BEC79573D50609B21760AF4A1DE4E96E177F7216A336533123A0C01FD5D02926DC18E07C5A42982116ABD894F85AE29A10867B87EC1B0D4CD0DEBEFE9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.350000..fDecay=0.960000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.001775..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.880200..fShader=1.000000..zoom=0.999800..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=0.999800..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.300000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-5C2I8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7845
Entropy (8bit):	4.89331790285674
Encrypted:	false
SSDEEP:	192:d373ccm1YtofUn290HEtMFcvbqIcaOKTQLQ7Ory7IYlvCd5dkNvrEb/qDaBGs6UK:Bc1YtofUn290HEtMFcvbqIcaOKTQLQ73
MD5:	7DE214B59C0424AEF8E231DD27DF518D
SHA1:	674F377B631D8325D0335073CA44728818DDF08C
SHA-256:	F6CFB927255F529C923115A3E929DDD7369F5C6E9F751BA949F86C4979061A43
SHA-512:	DBC07F00B77C4DD806D42830C148CAD0B7262AF2B160F47D2D03DBB0D0AF5DBBE9A39B17F22C14BEC6940133D24820B5CF74C0D8A750609403580E1FFC1CCCD4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.955900..fVideoEchoZoom=2.003071..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.535239..fWaveSmoothing=0.000000..fWaveParam=-0.480000..fModWaveAlphaStart=1.000000..fModWaveAlphaEnd=1.100000..fWarpAnimSpeed=1.000000..fWarpScale=0.010000..fZoomExponent=1.008148..fShader=0.000000..zoom=1.001800..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.001829..sy=1.008151..wave_r=1.000000..wave_g=0.650000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=6.400000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-5GVHK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18389
Entropy (8bit):	5.142780814818417
Encrypted:	false
SSDEEP:	384:yCJCtTsmRHsPHm4CdsgtJpf7mn291uEMtE9vPyuibIoYa4jKTQSh7nyrCIB3vVlw:yCJIswsGdsgtJpf7mn291uEMtE9v4Iop
MD5:	D423D48FF1FE452A15A59A5AB2B44F86
SHA1:	9BA88D1F994B8F7A74942062CDDA36D5792F0514
SHA-256:	01C14FBEB830E4DBFB5284045068E3EB7CC00415C9CF5B11DEC210B903CA359A
SHA-512:	26D06108FD3192000B28F7FE831F26CD41D5B7323FB8D0C67A10B514D3D19F9B4866EE2E081DD97C2104C587BD8166D998E21381ABE7AEDB6C6DE63D721E34C0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.490000..fDecay=0.990000..fVideoEchoZoom=0.999993..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.016446..fShader=1.000000..zoom=0.999999..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-5ID8O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5656
Entropy (8bit):	4.915325481810256
Encrypted:	false
SSDEEP:	96:8+eMxk2arlBA5qq6sf49Ij0AOg29vDPhnbnv4qmYzmKlTE0o1Kzl18HJPoJ282U:r+jrly5qq679XAOgwZnbXmYCK2GlIQ2M
MD5:	6756AA4D36425AEF927C1C0EF4827334
SHA1:	AEE016A0409284E8A6CA170ABD55D9139372190F
SHA-256:	438F7D4141456E543E7427BAF834308B011DCAA23418CABC69BCAD5DE56C8517
SHA-512:	7D457A0EF7E1FFB2C61DF84E7FB561DA50F29EA549EEAF3D18DEB76C6CD0A172D091BFCA808CC46E742743FBB2224E1329606E0A161730B2555279D3D0A10533
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.800..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.33450..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-5LBTM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	20942
Entropy (8bit):	5.264775044879436
Encrypted:	false
SSDEEP:	384:rDlVWSvCH39HLROhsYCx46vWY7Oo41IBux:rDetLROhsYCb7Oo4+Bux
MD5:	31C8DC6FBC11B05D9F181B6BB656DB3C
SHA1:	793C90A01ABB42141EECC412F3C75EA473AA2740
SHA-256:	C7EDC5B443A0ADB1248679AAFFB00CFF7C20BADB754BB2617F5074E3CA35D417
SHA-512:	71974B6DE518555D382E058B0BF527FBA90CF1B71D4E16CB1151B10C55C2F903E1FEBAAA11AFF171772FB7FBC6372C86EE7FA7820EC4A3E906FBA0B7B0B4E829
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.030..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.549..fWarpScale=2.940..fZoomExponent=0.02049..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.45984..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-6GC28.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6145
Entropy (8bit):	5.033037676906472
Encrypted:	false
SSDEEP:	96:8+eMxeRDOdlRXUlg7yk+BaOg288mnhn7R0mzqwtjJI4g4SJ2Q:rAOdllig7ynaOgHxnNFz/tdyh2Q
MD5:	A87C687C1A46218EFAC458AE935CA595
SHA1:	9760387289AE2672B1D86BD8D42341981307E005
SHA-256:	A450842E68DE37850BB96F051237F9D7347EF4AFB5722A669D917FDD73F6CC2A
SHA-512:	EFB442D235CD1782CB63B9AF5A1E326E4C2E6812FC89E5EC4A0E559A0BF2A167E2E7645F3D3A35DD5F28C4A2114CF9A6AEC596B58E7F441841B90B525E46C719
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.925..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.177..fWaveScale=0.194..fWaveSmoothing=0.000..fWaveParam=-0.400..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=11.882..fZoomExponent=1.07409..fShader=0.000..zoom=1.02530..rot=1.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.065..ob_r=0.400..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.500..nMotionVectorsX=64.000..nMotionVectorsY=25.248..mv_dx=0.000..mv_dy=0.000..mv_l=5.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-79HJV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	23978
Entropy (8bit):	5.258071908114705
Encrypted:	false
SSDEEP:	192:UdN+5qxjdYm/Ju4Wpz6XkudhtRIM171EWrlo2G/X9CbYm9d3/USFinONZnbXmYCg:INym/2/udJGWrg1m9D4ONZnbXmYCg
MD5:	6080A15E49862793612C42A39371B350
SHA1:	8BBFE9B89A0041CBD8EE0DBF44A2DD9762757B1E
SHA-256:	36FFC73B7402AD2DDC45B3D25C2DD80DDDA015EA22A47E0712A0795C27C42253
SHA-512:	356FCA4235CFBFE2D1FD76FE2CE49C31C9335AF89D265D8F2781A6FA8CCBEEB35BCB01CDD95A6D0268FF7102120BA2C20361E96B10CBC0B23F6087134A4432BF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=0.000000..fGammaAdj=1.000..fDecay=0.950..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.219..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-79KHP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10949
Entropy (8bit):	5.06630210311352
Encrypted:	false
SSDEEP:	192:kqgJYWB+7nGQVtYf7mnu90HPFMtE96FEKIYYa4Kj6QShCOyrCHFmvdFTd58kNvro:EJYy+7tVtYf7mnu90HPFMtE96EKIYYa0
MD5:	C98BBA9E629251B604A5CDCC0953E4FF
SHA1:	6B1B665DC4F875DFD9AF05F67EAFC93DA8549A5F
SHA-256:	B0530C10B52980E7EDC265BC325A339741639F12860202E0DB2783B55FE53582
SHA-512:	EC6E11498672010C71F368720FCC056D34BE0811799E55EF93E9D437A3353F17832BEC4953CB6713F2FA8CF84EC381646BB6B65E2E987797D2DD59F0974AEA5B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.334693..fWaveSmoothing=0.750000..fWaveParam=-0.219900..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.300000..zoom=0.999900..rot=0.100000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.800000..ib_size=0.005000..ib_r=0.400000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-8LHJ7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2285
Entropy (8bit):	5.1108801587720345
Encrypted:	false
SSDEEP:	48:w0EsW5Q3Jqbu3rAJWWEf63JaNKhkQSss4/Yft/wHf4:rEA3J+WWv1kQXsWkxl
MD5:	916BCA6828FE60F36E1475B09D0243A0
SHA1:	CCB3344D85E9F39A86B24B6999BCB515EC6B1617
SHA-256:	4621D69CE3FBD0FBDCC9A777CC2018075B155C248A44E41151FC8FEE3F143A7E
SHA-512:	EEC74FF4EDD2EBA9BB924AA4E82D4B1833B9D63056A0A5C52DA409AC945A3E13B51C0D7FB7274E30FB544F760F7EAFFEF526749538711CCBDC01FD352E7CD29C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.463937..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.600000..wave_g=0.600000..wave_b=0.600000..wave_x=0.500000..wave_y=0.100000..ob_size=0.010000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.015000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-8Q31O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6853
Entropy (8bit):	5.124962767727879
Encrypted:	false
SSDEEP:	192:r7fdo+5qk6nL9RdAOgwZnbXmYCKwuHaVngHGh26MgSO:rJoHL9RdAOgwZnbXmYCDWHGVMgSO
MD5:	9058DAF67FCDA7C5F7A5B69219E827C3
SHA1:	DC487D400C527DC7FD517216C97EEB47F3A8DFD3
SHA-256:	5D358C10F41D0D0D2001911CCFDDB76F15817E545AF94A92A24991DB93AFBA2C
SHA-512:	F2472F7F6328182D3E6D9C68D49A74CA1B82CD38E85E41EF448811C28E15FF285902DE4B2A8E380D4A108BC84D1AF45F4D716DC77C954BD92A48D46FC3D48DCA
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.925..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.818..fWaveScale=1.002..fWaveSmoothing=0.648..fWaveParam=-0.900..fModWaveAlphaStart=0.410..fModWaveAlphaEnd=0.900..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.04909..fShader=0.000..zoom=1.02970..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-927IS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8244
Entropy (8bit):	5.0447853560812534
Encrypted:	false
SSDEEP:	192:Mv/wy1Yt7fKn290uEttE9vmIMasKTQLh7OyrCItvdFTd58kNvrFbGDqzwFDauFin:Mv/wQYt7fKn290uEttE9vmIMasKTQLhV
MD5:	26F2B2B2DBD20BB72473509519E1CBC6
SHA1:	4226575E63162A21131E81A0539F98141A7E3BE1
SHA-256:	7C90234FD8DB256078CE70BE92305A910579DBDEA64E017200A015C20276E8F0
SHA-512:	FB834FF62AA66865762665ED77DE9A2EB4F1117DA5D48A64389F4B0AF157500B823CE422D83388B0099F1E2320CC5AD6EC276C280C7BFCD2D7200A0A3F885AAB
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=3.679999..fDecay=0.900000..fVideoEchoZoom=1.000747..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.999974..fWaveScale=0.000009..fWaveSmoothing=0.900000..fWaveParam=0.173490..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.350000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.039900..rot=0.180000..cx=0.500000..cy=0.500000..dx=-0.059000..dy=0.000000..warp=1.508800..sx=0.999900..sy=0.999900..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.448434..wave_y=0.121660..ob_size=0.008955..ob_r=1.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.045734..ib_size=0.003418..ib_r=1.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.732955..nMotionVectorsX=1.000000..nMotionVectorsY=1.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-98LMK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2209
Entropy (8bit):	5.298081313223728
Encrypted:	false
SSDEEP:	48:2SQT5O/+X5UWLAJY+ZAVusjvyZE+kbjR0Vpf:3Ec+X5r6js7bLd/c
MD5:	06AE015ED35333E9FEA90F146B148A6A
SHA1:	10A67CD17D311F8D56EE1A686975CF686B15511F
SHA-256:	83D9CCC7AB49E2D138246E0BA808FBF347ACA2EF9A833757BC4499C25F2BAB5B
SHA-512:	83789F75D71DEBC1AD29D1ECED777C546BFA95108340F2873C7B0212D44CDBD3B513D7E77173DFB01479C8779021899234C1A5FE7A35F7F17F8972089B0BA09D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3..fGammaAdj=1..fDecay=1..fVideoEchoZoom=1..fVideoEchoAlpha=0..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.535234..fWaveSmoothing=0.5..fWaveParam=-0.5..fModWaveAlphaStart=0.5..fModWaveAlphaEnd=1..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=1..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0.00001..dy=0.00001..warp=0.01..sx=1..sy=1..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0.4..ob_g=0.3..ob_b=0..ob_a=1..ib_size=0.01..ib_r=1..ib_g=0.6..ib_b=0..ib_a=1..nMotionVectorsX=64..nMotionVectorsY=2..mv_dx=0..mv_dy=-0.1..mv_l=5..mv_r=0.2..mv_g=1..mv_b=1..mv_a=0.5..per_frame_1=warp = 0;..per_frame_2=wave_r = 0.5 + 0.3sin(time0.894);..per_frame_3=wave_g = 0.53 + 0.33sin(time1.14);..per_frame_4=wave_b = 0.4 + 0.1*(1-bass);..per_frame_5=thres

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-99VPG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2391
Entropy (8bit):	5.178919923301878
Encrypted:	false
SSDEEP:	48:a/3yvN3523Jq1CFAEJMVLcaNgswP4UlihGXq:uyvm3JhJoLcfQUlUSq
MD5:	3ACF43743707B65474A357D86F0AE832
SHA1:	47908AFA089F9619B6C44B86695052091C33B273
SHA-256:	EBF017DB037C17704366D9C34F7AC41D62BE24BCBEEFA89CC71EE515C97D1502
SHA-512:	516A146819BD9511648C301E04C506114EB077D13C6EBF1EBFE1F847F08FA02FB6B2401C2536B8E9FDD350E44B11D2F00B4E4FD631730D2326E22DA53B3A83C3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=1.175613..fWaveSmoothing=0.306000..fWaveParam=-0.460000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.854653..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.190000..ob_g=0.120000..ob_b=0.000000..ob_a=0.000000..ib_size=0.015000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=7.679999..nMotionVectorsY=11.519997..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-9HO2L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2315
Entropy (8bit):	5.13673987274682
Encrypted:	false
SSDEEP:	48:aqOCEPYzwz5K51CFAEcKn+Sr04vTudgnis8M0jywijPTM:vWYzUcW04vT3H8MYywyQ
MD5:	97CCD3AE6BACB9E2B7EB3F4828094059
SHA1:	F0D99352C4B451A6E3F32C8137A5D152D2CBE550
SHA-256:	C55663C33544A4695152AD4882A8860049EC64BE80858BB70360D1785813B293
SHA-512:	FB05F831ECC157CB96A860156F9EAD8AB4432823D406C27B4EFBBAD623200A3BCBB2429048130A847E30E5AED1E58DD11CF3A4FCAB15BA0A0D5C61DBC6BC5481
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.980000..fVideoEchoZoom=1.006489..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.968100..fWaveScale=0.861900..fWaveSmoothing=0.126000..fWaveParam=0.000000..fModWaveAlphaStart=0.550000..fModWaveAlphaEnd=1.150000..fWarpAnimSpeed=1.530000..fWarpScale=100.000000..fZoomExponent=1.208145..fShader=1.000000..zoom=0.020642..rot=0.040000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.263000..sx=1.000000..sy=1.020100..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.050000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000..ib_a=0.260000..nMotionVectorsX=8.000000..nMotionVectorsY=1.920000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-9P4KH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6727
Entropy (8bit):	4.654587573862994
Encrypted:	false
SSDEEP:	192:kfKJY/ADCotvpfTmn2Y0HEMMFcvGI/Yalj2tThLIt7Ory7IAvpOYlsGyFiWDqzB7:kfKJYZotvpfTmn2Y0HEMMFcvGI/YaljD
MD5:	7EAA5A7DD9D3F3BFBE59D04F0EB17E6D
SHA1:	7DFDA0B0BCEFB2C719474EC5B524963524E34A7C
SHA-256:	7C040E6EBDFBBE90225F61008C5A0C0FB9D16D735F13E0B463AE42AB934E3182
SHA-512:	456EF081513F27EDC9676726C9E254DB92C6D99AE8C6B722C8701DC495AE42B07C52D0A6C507B6AC64F757467E61ED170BF448E3F8F03F87AEB7CE3ADF667419
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.995000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.900000..fWaveScale=0.030000..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.900000..fModWaveAlphaEnd=2.000000..fWarpAnimSpeed=0.550000..fWarpScale=100.000000..fZoomExponent=1.338000..fShader=0.000000..zoom=1.030000..rot=0.000000..cx=0.000000..cy=0.000000..dx=0.000000..dy=0.000000..warp=0.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.100000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=27.640000..nMotionVectorsY=20.800000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-9PT80.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6862
Entropy (8bit):	5.009863831092467
Encrypted:	false
SSDEEP:	192:fJ7oiySqtLFpmOv91HFMtE96FuI8Yjj6QFSQCnyrCcxJxTvdFT8kNvrFbGDqzw9v:fJ7ouqtJpmOv91HFMtE96uI8Yjj6ESQ2
MD5:	3CF57F356E61F57A8B51D0E52EC2553F
SHA1:	C9BFE80B33E6D06773041463D8F1A1C991091727
SHA-256:	C23E09625E5C7183172ED2633840FDDBFD0190C99257F3D6F352EF0707E9E3B9
SHA-512:	6941A36785BC707203AEF6B88D53F38A3A81C4D9733116775FFA3356EFB2C539904FDB3C918250BC9BF417C954F17A50BA985E5F4382B2D8844144F41BE626B7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.000000..fDecay=0.960000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.224562..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.199900..wave_b=0.700000..wave_x=0.600000..wave_y=0.500000..ob_size=0.500000..ob_r=0.030000..ob_g=0.150000..ob_b=0.250000..ob_a=0.020000..ib_size=0.500000..ib_r=0.100000..ib_g=0.500000..ib_b=0.500000..ib_a=0.010000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-9RFMM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6378
Entropy (8bit):	5.074069649673158
Encrypted:	false
SSDEEP:	192:rFndo+5qk6nL9RdAOgwZnbXmYCKwuHai5nnx2zH2X:rboHL9RdAOgwZnbXmYCDEnnqH2X
MD5:	96764D07A3B1748A65F7880B8F1B7F75
SHA1:	8DE93A06C363E9DBC1247CF405654F8C3FD49B9E
SHA-256:	895A5D3B64006F14A9907FB5E5517F4B2391B1DF8322C3FC462FD460EB89845C
SHA-512:	BE6B0CC613275BB2D0FEB2467DC189868C4D7DF288B93E6F8CF24C34FCE667ED0542E73BE1A4FAF206C5C00AF6F0FE0FD99DD5F38C8BDE00E55BB058182851C0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.925..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.818..fWaveScale=2.365..fWaveSmoothing=0.648..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=75.68355..fShader=0.000..zoom=1.02978..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-APM1Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7293
Entropy (8bit):	5.075132437480112
Encrypted:	false
SSDEEP:	192:8dA5z65L9RzAOgSZnbXmYCKdp7zqrGsSiG2Uq:wA5aL9RzAOgSZnbXmYCepCrGs5D
MD5:	EB69010D1FEE7B5D9C24AB7FF09710CE
SHA1:	FD392E35C6A662ECEAFA8230888FC4F1A06D0DBC
SHA-256:	B5139B830071973751FDDDD553039D8FC35933A125B8C866279BCA74CE845C50
SHA-512:	01280B107FF52528CF2651FC14A0605CF20884A405451C6E9CC22272D45706E38F114198EC364F0996F9A0BFB36D372730E34D68E12A1C1704BA6E56DD3FCCA2
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.312..fWaveScale=0.972..fWaveSmoothing=0.500..fWaveParam=0.000..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00001..dy=0.00001..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.005..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.000..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-AQALU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4068
Entropy (8bit):	5.279016577325094
Encrypted:	false
SSDEEP:	96:a9WN30kVhaJYIVc9pMB0CXyVB9xSHi4Sxjt7dygAqMB:aa308eYpMBtiVNASRt7daqMB
MD5:	900D223648E8A17C04983DE321672C3F
SHA1:	2ECE117BD741229BC39EEE3EA2957EE394F59A87
SHA-256:	C0719D90857125831ADEDB05168607FA36E38FFE31081828BCB8A364C7329570
SHA-512:	36AC6E3CEC78934F95DFA4FD990F16D70A944580A6438FEBFCD4E53B2BF11C3B7481E96253902A56AE7829B08A9171F8657E2C83988A9A1AEB8B749E50A50FA2
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.643970..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=7.014853..fWaveScale=0.010000..fWaveSmoothing=0.810000..fWaveParam=-0.400000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.998400..rot=0.002000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.051010..sy=0.999998..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.500000..ib_g=0.900000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-AS2N8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8655
Entropy (8bit):	5.074050179023473
Encrypted:	false
SSDEEP:	192:jNYpL1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqX:jNY/FtJpf7mOv91HFMtE96XIoYa4jj63
MD5:	0B7C423AAF6D36725A17FA6E0A49CC28
SHA1:	D7E9A4545186338150C54631B30E136FB35EC9DF
SHA-256:	DD09D148DCDC6CD0E7EAE6EFF07448A011744B1D730C3115487A23A1650D5DE1
SHA-512:	19AE86D060F2BD86E3E7BDB6CDA7FBFA51CB247DE6202E79553EDA3F73F326E18EC8B774FC2C49901F33C263A4DBDADA40498620DCB5BCE60102AD3D6FAB9F03
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=2.050001..fDecay=0.975000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=1.005319..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=2.000000..fModWaveAlphaEnd=2.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.078303..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-B0OU6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1444
Entropy (8bit):	4.975584727251619
Encrypted:	false
SSDEEP:	24:85zgfRr7H4M+OS5VdVy38fZMl5OURcxmo28szQVKcBxVNGgM9mw8:MCr7YF/VdQ38fZWcUDQVKSvg8
MD5:	68CFD1D5B758905589F5595FB65F808A
SHA1:	2D503EC049BD562258DC8A05D1A0449866B977CE
SHA-256:	84B8303A4B65350F3C69412951A474B9FC9CD4609FF6F0C508E634945B471F7F
SHA-512:	AF1128E21B0D9A110B5ABF29B2A11556F3E0A0F34820EAE8D2C1E15C575718DCEC228721B6556F7C7F67A9A87DA7D5F90390752AAE8555357A0461FD30174DE8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.006593..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.501036..fWaveSmoothing=0.360000..fWaveParam=-1.000000..fModWaveAlphaStart=0.870000..fModWaveAlphaEnd=1.289900..fWarpAnimSpeed=1.000000..fWarpScale=2.853000..fZoomExponent=0.972362..fShader=0.300000..zoom=1.002336..rot=0.100000..cx=0.320000..cy=0.470000..dx=0.000000..dy=0.020000..warp=0.010000..sx=0.861349..sy=1.000000..wave_r=0.110000..wave_g=0.250000..wave_b=0.360001..wave_x=0.080001..wave_y=0.280000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.630000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=8.639999..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-B16P7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12263
Entropy (8bit):	5.1571806352337335
Encrypted:	false
SSDEEP:	192:dN3+6328Jj2cKtDf7mns90mFMtE9vtSI/+FTrL2WnyrCIEvMNLirEbODqzBuaXAu:dl+63StDf7mns90mFMtE9vsI/eTrL2W+
MD5:	36AF7A5423339E3CE2AD37EC41715AE5
SHA1:	A73DE40CD91F8581E7EC7B16F1A259BFCF199D1E
SHA-256:	C66A0EEFEA03AB5BAAD3F37E0A3EA78AD367226E8B58505CBB13372A113C42A9
SHA-512:	9222BA4DE1FBF5F56B653946D73B82EBE0C2DED7329BC66791705A04892666BC082C42538BDBBFF4F5EADBE4EE925D69A37373203B51046B6B3EF029FD05AE66
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.280000..fDecay=0.800000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.001775..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.321288..fWarpScale=1.986883..fZoomExponent=0.880200..fShader=0.000000..zoom=0.999800..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=0.999800..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=1.000000..ob_b=0.500000..ob_a=1.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.300000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000001..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-BG4EC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8186
Entropy (8bit):	4.906145574108739
Encrypted:	false
SSDEEP:	192:E3JhY4NQptLFpf7mn290HEttE96FmIEFYa4jKTQLQ7OyrCHF4vXd58lsvyFi/Dqr:QJhY4NqtJpf7mn290HEttE96mIoYa4jJ
MD5:	63BEF6DF06CEBD1333DAA72B2C505060
SHA1:	984BA0055CB489C1CA50B7F6368E0E84CB4D9A57
SHA-256:	AD8152C5B1433D0A7E26DD5084C05AC073DB21D19D97F8335CA7DE1F6F1DE420
SHA-512:	ED9BD91B930FDAF28BCA7A1A464BAD398EC7CC15AC105537376BF8E4718DC0DF79FAB8A3949C4217DECF8EECF51E21473211906C0B531DA3B5EFE38CB016EDAE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.500000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-BSGP9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1289
Entropy (8bit):	5.355831124220517
Encrypted:	false
SSDEEP:	24:81mgScH3VmF+4HcnFYDsRxsdX6jNtaGH3RZEc29gaFNy:+X4FxSWixsqNtxh2A
MD5:	1B4268C4067D1D975139C245E0F0C0E3
SHA1:	EA2A51B54F8728A359D760E07A1796FE7CD293C5
SHA-256:	D31834146EAA52E895717C16545EF52285913576477E23F132A9C1BD14279471
SHA-512:	B2A61D6AB0D0CF2C5F4A93017BC55D6A84F57BA1AAF84E5EDBCDAF2B8F571F37B3F6ADA8BFA680D4198EC21C73729D1358A6F314EF27DC7ED2A84729D3225F38
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1..fDecay=0.98..fVideoEchoZoom=0.999607..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=5.053452..fWaveScale=0.811409..fWaveSmoothing=0.72..fWaveParam=-0.4..fModWaveAlphaStart=0..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=0.608037..fWarpScale=1.220618..fZoomExponent=1..fShader=0..zoom=1.00952..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.591235..sx=0.97059..sy=1..wave_r=0.7..wave_g=0.1..wave_b=0..wave_x=0.5..wave_y=0.24..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..per_frame_1=vol = (bass5 + mid 3 + treb2)/20;..per_frame_2=wave_g = wave_g + vol/10 + 0.1sin(3.21*time);..per_frame_3=wave_r = wave_r + vol/10;..per_frame_4=wave_b = vol/10;..per_frame_5=d

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-C862A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7738
Entropy (8bit):	4.875833886658181
Encrypted:	false
SSDEEP:	192:c373c2Z1YtofUn290HEtMFcvbPIcaOKTQLQ7Ory7IYXvCd5dkNvrEbGqDaBGs6Pd:icYYtofUn290HEtMFcvbPIcaOKTQLQ7k
MD5:	A51BB11ACCFC3BB3F30DDFABE25FBADF
SHA1:	6BA6EB262C2BBBC96E190FE735A700116AEC20A8
SHA-256:	B4372EA03DAD690F1327D4E36821FFA3D9EC9336E7D67BB8DBBC2CE27FB2A967
SHA-512:	71ED491B553018CCD8E6B58ACBC87FA76763BDD2302942E2A0B82344C5A1AA5E99C5C61A8278AFB9A6F8CF7E8646CE116679445DA6326B209420B234003EE20F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.905900..fVideoEchoZoom=2.003071..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.924157..fWaveScale=0.653091..fWaveSmoothing=0.000000..fWaveParam=-0.480000..fModWaveAlphaStart=0.800000..fModWaveAlphaEnd=1.100000..fWarpAnimSpeed=1.000000..fWarpScale=0.010000..fZoomExponent=1.008148..fShader=0.000000..zoom=1.001800..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.001829..sy=1.008151..wave_r=1.000000..wave_g=0.650000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=31.999994..nMotionVectorsY=24.000004..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-CQJU9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3685
Entropy (8bit):	5.263585748464259
Encrypted:	false
SSDEEP:	96:HL2EVN4kcODHRB0CXyVB9xS/Z+jaW7cqsm9QocK:HCsNJcsRBtiVNE4D
MD5:	3838C583B8A033220667376BC001501A
SHA1:	83872AD5357BACF17B5920C9BCA80116E0509D39
SHA-256:	8DC276F08B2C145D6A6ACDB8C4647508DEFB1CF2E9414AD1A0C8ECDC8E53A50F
SHA-512:	5B96F18CB8C2C45BD47DFE5EF482406E640B50F968C9AEFB938A2EBE1B02D4399D3E1B69B987A62164787DB5F14BDC62EA9AE0F71C45CC07B280AC441BD45710
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.983..fVideoEchoZoom=0.998169..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=7.74..fWaveScale=0.372036..fWaveSmoothing=0.387..fWaveParam=-0.36..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1.334503..fWarpScale=1.327831..fZoomExponent=1.026514..fShader=1..zoom=1.374512..rot=0.02..cx=0.17..cy=0.830001..dx=0..dy=0..warp=1.779457..sx=0.990099..sy=1..wave_r=0.27..wave_g=0.27..wave_b=0.27..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0.36..ob_g=0.36..ob_b=0.36..ob_a=0.58..ib_size=0.01..ib_r=0.45..ib_g=0.450001..ib_b=0.4499..ib_a=0.53..per_frame_1=warp=0;..per_frame_2=old_bass_flop=bass_flop;..per_frame_3=old_treb_flop=treb_flop;..per_frame_4=old_mid_flop=mid_flop;..per_fram

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-CU50C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6771
Entropy (8bit):	4.968370631067521
Encrypted:	false
SSDEEP:	192:I3JCqV1ntmfSn290HEtV8lvXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqzwFD:MJCIntmfSn290HEtV8lvXIoYa4jj6QSK
MD5:	3913AC41B674C7BAEDA57EC5C78E8F8F
SHA1:	6CFE5029C69FB79EC06E20836649D54BD9E08FCF
SHA-256:	E973A114D9B8AC8DE631EFE265F57ED45B6FBA63DAE9000B0DFE78087C99587F
SHA-512:	054DC01C9C6C5A8CAC6CC4BCECE950944342F0A8FA899C3706E2739BD5B9DEC15337A2675048BFBE828DF83CBDBCBB81342533D6E768BEC1CC51EB79E5366795
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006500..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=1.000000..ib_g=0.250000..ib_b=1.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=1.440000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-DL8B0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3034
Entropy (8bit):	5.2025837595032876
Encrypted:	false
SSDEEP:	48:80qdrV5gJqSl4V3AEWmhRMrSphOBXHTp3feKZlQjXPOWbrDqKcP+JHT0V+Rl5B:Zq5gJ4VhWmnphOBXpeKZlkXTbrmFAB
MD5:	64DCE6501CD595142DCFEB7BA178EA54
SHA1:	396DCB9FCB5444E993D059B4974C08D2C3538968
SHA-256:	27F84D50A14532C25DA3FB9E675B6DE2708E0612381432155AADFC1B3CCBAF9F
SHA-512:	75803E17DF5D414F044B36C2D4161BEE17AAE51B90C7A56A8F1B9F0AA9D6503B028280BE3AD90EFC890AB33121C1CDD37F53981B3C9463DF4E18807E3557F5FE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.993998..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.334693..fWaveSmoothing=0.750000..fWaveParam=-0.219900..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999900..rot=0.100000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.400000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-E2OEC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6340
Entropy (8bit):	4.954738539112355
Encrypted:	false
SSDEEP:	96:wt4doT15qq6Mm9R7l+9qSOg6Vdx55X34hnbawqBD7YzmzqgoD:g4doh5qq6r9RxaOgMunbabYCzNK
MD5:	6DB7177B9A0C1D6F43492CCB0A1D79B7
SHA1:	DC1EF36F47D35CF998FDC90D649F3708126C70EA
SHA-256:	C680C5CFCE273B25D7181CB8C24219832EA907C46A86C1DE94E2639644E791A7
SHA-512:	315A410815A0599297DD94F6206D011FB5ABDE8ED92A37676A2538D148D9BDC7C7FA983048AE1F77605BBD4B50D3B963A166A79B64D66FBA9900C972798E5CBD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=3.520..fDecay=0.955..fVideoEchoZoom=2.000..fVideoEchoAlpha=1.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=1.059..fWaveScale=0.706..fWaveSmoothing=0.126..fWaveParam=-0.280..fModWaveAlphaStart=0.810..fModWaveAlphaEnd=1.350..fWarpAnimSpeed=5.278..fWarpScale=0.010..fZoomExponent=2.00673..fShader=1.000..zoom=1.12682..rot=-0.02000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-F7Q6E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1893
Entropy (8bit):	5.352744382525446
Encrypted:	false
SSDEEP:	24:XoddFLx4zghCi5fDi0LwPHL8JdeF1TzkK61z3kgwc2MjdI3ouVsiIyUyyq:YpWMjricIr+efTzAkRMjdrisDQ
MD5:	CB6D9A2129A563261BEF9BCF9F258417
SHA1:	FA08C974FC872D81DEAC195AA36DDD72A05F94F8
SHA-256:	B79758123CD1A30156DE02B3ABB699E2A1099411DB8D34E86F6F7A5E544D907A
SHA-512:	6EC260BF0CB7828672A00C197500A3FF1FC52B9709B8B9385035D53D1D121DEB6E8274E1844AE2556D35F138BD44956F1009AD5AAE9B55EE39CB19E9F1793F78
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000001..fDecay=0.999..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.5..nVideoEchoOrientation=2..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.254857..fWaveSmoothing=0.63..fWaveParam=0..fModWaveAlphaStart=0.71..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=2.448629..fWarpScale=67.165291..fZoomExponent=0.132909..fShader=1..zoom=0.97059..rot=0..cx=2..cy=0.5..dx=0.02..dy=0..warp=0.0298..sx=1..sy=1.01..wave_r=0.65..wave_g=0.65..wave_b=0.65..wave_x=1..wave_y=0.5..ob_size=0.3..ob_r=0.01..ob_g=0..ob_b=0..ob_a=0..ib_size=0.26..ib_r=1..ib_g=0..ib_b=1..ib_a=0..nMotionVectorsX=8..nMotionVectorsY=1.92..mv_l=5..mv_r=0..mv_g=1..mv_b=0..mv_a=0.5..per_frame_1=dx =dx -0.0005;..per_frame_2=dy = dy-0.0035;..per_frame_3=mv_l = 3000;..per_frame_4=mv_r = 0.5 + 0.499sin(time1.12);..per_frame_4=mv_g = 0.5 +

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-FCSNI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15371
Entropy (8bit):	5.203628522859225
Encrypted:	false
SSDEEP:	384:oJy5uaqo/Zn290HEMMFcv/IxahKTELQ7OyrCIdvGLlsvyFi/qDawYFa6cJ4rA/wy:oJyuaqo/Zn290HEMMFcv/IxahKTELQ78
MD5:	CB0C68BFD66B0CFBAF1EB3CE992909DE
SHA1:	5DBE040ACA6697203BCCD4FE1AFEDEE094112081
SHA-256:	70026A5F2C5433F45A8F9A4EB5526377A7C947D79E70485EEFD02019289DC432
SHA-512:	AE31602705DBA3679C3C72994662923599D73923519D925847C9EA2DFCE5B20528EA4AF36759DA2E3F2A5A9B546057A65F3DA97E32CCB70FE5BEC351E0D3055A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.510000..fVideoEchoZoom=1.008150..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.010000..wave_y=0.500000..ob_size=0.015000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000..ib_a=0.050000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-FEUQD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7069
Entropy (8bit):	5.107884447959068
Encrypted:	false
SSDEEP:	96:8+eMx/IhVDTjUs/pRqP3aOgrAAqhnbnGO/8YzmJl3isJHxw4vJ21l:rOfXUshR/OgmnbGfYCJ7H121l
MD5:	53B2DC146E1D537254C6DF6407D375C4
SHA1:	575FFD1CF32A5DFA0C2A6AD7A7A4D2BA97A643F5
SHA-256:	EC86C759B66309D2707286EFF86F1A074767D756217F7F58D7BBBF33924C3497
SHA-512:	CAF169B9D6FAE4DB4A6C2BE7BEF8AE599F71EED059220DBB7E649E813DF0CF04AE8DA4475AFB7346EEDCD81BE21D864ABC266BC5AA3CEBF33DD95BF8C4DA21CB
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.140..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.170..fWaveScale=0.797..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=0.99950..fShader=0.000..zoom=0.99980..rot=0.02000..cx=0.500..cy=0.500..dx=0.00000..dy=-0.00800..warp=0.01000..sx=1.00980..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.900..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.800..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=44.800..nMotionVectorsY=38.400..mv_dx=0.000..mv_dy=0.000..mv_l=5.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-FEVA9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16054
Entropy (8bit):	5.226022576988375
Encrypted:	false
SSDEEP:	384:hIJg27DQa8tIf7XTn91uFMtE9vAIZaocvhShCnyrCIRvsd58kNvrEbGDqzB2aRJy:hIJF6tIf7XTn91uFMtE9vAIZaocvhShW
MD5:	0A9B0E60D7292D3C5EC08A871A68DB42
SHA1:	1D6FFE0E4720E8069A60B3357E5326B9FBAB7BF5
SHA-256:	B38D4E3AC6E3C227444B27D8E9DCC146CD6B998619361C72651EE7CE7AC5403C
SHA-512:	E769A6D5EC1B103F3C6688A9CBBE6D7E2EF07EEDB4B786E3F484FA5E0F2CC34BAD4D83DA0E2B58C1AA3BAE995104BD6F590098E7FA03BD4E5CAC472CD68500FF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.840000..fDecay=0.950000..fVideoEchoZoom=0.999993..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.900000..fWaveParam=0.300000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=4.904830..fShader=1.000000..zoom=0.999999..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.920000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-FF9R1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	5.38061565663199
Encrypted:	false
SSDEEP:	24:ycng1AY2s040nhGuDsr0oA2Kp653c9n+UgVyMcOXjmo9qzm6F9U3P7Mxn4kkQUn:9A2szWoeU53snuchOz3qVF96QxnlO
MD5:	3C84EA194BC13D0A3A1C1CC5C5E7576B
SHA1:	B35879AFFFE3F16D934FBF7781B05F19A1080E7B
SHA-256:	D09C2E3B49D5CB742903F16C5E082B36A8E3C1BF102318DDA6167D6AB04DB799
SHA-512:	4C80EAAB6EFB9ACAA966914E6FA9D9D44817E542779BE8BB35FB509E94CBF9F4141A974D9CBC951DFCB47C19A2C329FC9C024E20359A80589E81071E16357A33
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1..fDecay=0.995..fVideoEchoZoom=1..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.241456..fWaveSmoothing=0.09..fWaveParam=0..fModWaveAlphaStart=0.5..fModWaveAlphaEnd=1..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=0.741921..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=0.9999..sy=0.9999..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0.4..ob_a=0..ib_size=0.005..ib_r=0..ib_g=0.3..ib_b=0..ib_a=1..nMotionVectorsX=6.4..nMotionVectorsY=1.440001..mv_dx=0..mv_dy=0..mv_l=0..mv_r=0.7599..mv_g=0.48..mv_b=0.39..mv_a=0..per_frame_1=wave_r = wave_r + 0.45(0.5sin(time0.701)+ 0.3cos(time0.438));..per_frame_2=wave_b = wave_b - 0.4(0.5sin(time4.782)+0.5cos(time

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-G6V4Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6749
Entropy (8bit):	5.120281197801696
Encrypted:	false
SSDEEP:	192:rnndo+5qk6nL9RdAOgwZnbXmYCKwuHaVngHJh26FO8d:rdoHL9RdAOgwZnbXmYCDWHJVFO8d
MD5:	BDC02E3ED45224B701F9F8750AC117F8
SHA1:	02A5E6451D29D1C8C36280355F6659A7B3939C91
SHA-256:	3A226DC1ABD4E9D6BE7ADD6C9C8ED51A0C940921A646AEF66D5814280B18E909
SHA-512:	8C4098ADF37023C3339BE90330DC47FF63C1160D692BB8EFEDFF395174F187AE4EA4ABF18EA8A2426D04C880B484AFF5551FDEF1AB404E23D31178054490C903
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.925..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.818..fWaveScale=1.107..fWaveSmoothing=0.648..fWaveParam=-0.900..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=75.68355..fShader=0.000..zoom=1.02978..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-GOG1N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2216
Entropy (8bit):	5.175459963475993
Encrypted:	false
SSDEEP:	48:7SFOO523J7yl4V3AEDQW8nqchOz3p9FE5VFoARLCmCJ:+FM3J7nVhDQWfchObFE5k+LxQ
MD5:	98546CAB1CF057E5527DF1ADCFAB2938
SHA1:	FFC5EE67C5AE6D707A939C31931719986B960E8C
SHA-256:	DE1DA35DC086CB00FA1709B6DAAC5F33AC341A0902D7C5560944ECA3EB6854DA
SHA-512:	883C99D2D1672081E3E79CDAF3012ED3F8BCF420CEB1CBC51D1EF015E4E320014EB3F68286C9EA7BE955BF4018B424581E9A353CB0C92E325BD2B073B1A57778
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.995000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.744429..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.001800..fWarpScale=1.001800..fZoomExponent=0.399610..fShader=0.000000..zoom=0.998169..rot=0.020000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=0.999999..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.400000..ob_a=0.000000..ib_size=0.010000..ib_r=0.000000..ib_g=0.300000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=2.400001..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-H4JFO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3076
Entropy (8bit):	5.201058304477907
Encrypted:	false
SSDEEP:	48:Cefq8b5t3Jd3aAEQ9+MWS4sisZlvcscv+sAAib7LJZoolSDPXwwMgr1XNSzswqU6:rfqY3kQjHTVcvrdf1XsQXU6
MD5:	1CF4D4D11E988498E804117541543FD0
SHA1:	3B5E840C89C89F83BB056DB9A60E9D73CE8DA349
SHA-256:	B64C9321D00E9F0498F51C7DFA3B5CDB8B42566FC4A04ABD961DAC7CFFB7DC19
SHA-512:	36CD651216EC6F01DD3E852CAAA4277F4FE8483D8190544E98F5217F8ADB333607D2FD987C4611427257B8C91608E5CFFFC61ECADB9869950B946AF536271BC1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.980000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.653093..fWaveSmoothing=0.630000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000100..fShader=0.000000..zoom=1.000376..rot=1.000000..cx=0.500000..cy=0.500000..dx=0.020000..dy=-0.020000..warp=0.010000..sx=0.999944..sy=0.999904..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.049900..ob_r=0.110000..ob_g=0.500000..ob_b=1.000000..ob_a=0.000000..ib_size=0.055000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=1.280000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-H6QCB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3794
Entropy (8bit):	5.279851380521129
Encrypted:	false
SSDEEP:	96:1i3J4Vhe0M8WEEbuXj3/NDnZa13vxQTvyEC:s3JYNDbkuz3avyFC
MD5:	663841824DC88375A4BBA739477D1B5B
SHA1:	495E92531D3CC8932EEDBF6908584D5746F9F75C
SHA-256:	A3C5FC9D76D29050468B3A42661F4BC5F0B4D5E17928303AC0BCD64ADCE703EC
SHA-512:	71C773042D5C77EDE6B4A38E0C10384035D534A0FD18149DB0B0B442B5B595696C823E1DED7830B987947A53DF6FE99244897E178B050CACF44308D95B5C49BF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=2..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.203135..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.008147..fShader=0.000000..zoom=1.001600..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-IKLRN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3553
Entropy (8bit):	5.253157313559295
Encrypted:	false
SSDEEP:	48:KqUc71B5xJq1l4V3AEAoDZONtloOL558HSEFmtw/siO6zCnDIVPXdohDvGpGWCvk:zzJfVhAogloiASE4VJ6ohD1WX9Sgt0Dg
MD5:	9032696EDDACF1CFF56E843599FF6E53
SHA1:	02C6271AB2FB2C58DCCC4933DF4C21F1E6B3FD7C
SHA-256:	7EB1172126FD3E824572A5B22FDC09D98E56B522A7E96EB1F1FCE750D73C2924
SHA-512:	E74D66F9037512F624B5C3E668443066AC4E3015F2FA8E81C5FD96D99352A3C5755CDB5E0665CDE689F31AD02F0DDEBE781A73340B836EDC2B1FAC9B2ED57D16
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000499..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.030740..fWaveScale=0.498516..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=1.000000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000158..fShader=0.000000..zoom=1.000223..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.100000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.060000..ib_size=0.035000..ib_r=0.250000..ib_g=0.450000..ib_b=0.250000..ib_a=0.290000..nMotionVectorsX=19.199999..nMotionVectorsY=14.400005..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-J9D80.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4334
Entropy (8bit):	5.309481556546856
Encrypted:	false
SSDEEP:	48:qOB1bi5Q3JqKZkEQfVyTUaNMjyZdDBoTdbEQx+OPlVEgQZikepgOqFUa:V1N3JtQfVhCdNsIOPlVeHv
MD5:	B980A16862CA49F2FD7496EE41AB21F6
SHA1:	3D62FCF199D27BC4DE82E8296A0D2D48B633BF45
SHA-256:	52BF7835788652B4B622F28D27F405E8C8B2496660B3254F43A134109DEA5FD3
SHA-512:	A1E7F83EF621E487F230D4B5B6388BF9E4C327C3849A06FED49D99BB6A683AAD7F2F836C673F2B00F5A6AAE3022230C5724D5CB596B2D10F8B5B1737780E12B0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.260000..fDecay=0.990000..fVideoEchoZoom=0.999990..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.997938..fWaveScale=0.901646..fWaveSmoothing=0.000000..fWaveParam=-0.500000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=2.216679..fShader=1.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.250000..wave_b=0.250001..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=0.500000..ob_g=0.500000..ob_b=0.500000..ob_a=0.000000..ib_size=0.025000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=32.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-K51FF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9452
Entropy (8bit):	5.0821390413167125
Encrypted:	false
SSDEEP:	192:/3JhO1MtLFpf7mOv91HF1PMFc2rIEFYa4jj6QSQCyPry7Z5vdFTd58kNvrFbfPqV:PJhEMtJpf7mOv91HF1PMFc2rIoYa4jj7
MD5:	CE69DA79720A310DCB7A4F883EC33041
SHA1:	632DF2E19E6D6B3982194BDF6FFB803AF130221F
SHA-256:	5D572340B01F969E1573314EA0A7CEB4372B1253DB6665060DC9B9CD61FA0690
SHA-512:	1C03052E4CCED92DDE1909AC6FD6EDAAD86AC3893ED3130E3B70D16B6764A0A4D0371FB91638763CF2655598FFCF42F68B0FAAAF95AFA0595CECF08DB6D0FD0A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.560001..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.868000..fWaveScale=0.424194..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.998170..fShader=0.000000..zoom=0.809868..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.600000..nMotionVectorsX=31.999994..nMotionVectorsY=28.799999..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-M1ODR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2484
Entropy (8bit):	5.185299622717283
Encrypted:	false
SSDEEP:	48:ak2FZf5Z3Uy2BAgchkpn9uAhADABTTBislZw3/QkeZRDKHKBGdGBdGT:sFp3YcauGssfBHjwvQkeTGdwde
MD5:	AB5B54C64E628A86D86B277FCAA35CA0
SHA1:	9F5B09D033B3D649B898FB7ECBB5DA4E25046309
SHA-256:	B131ED0F813AC0CA67B37E3F88144352D66DBE1A3152B17B0566A7FDA71BA7F5
SHA-512:	E2EE5256404AFAB4528D946C497FB06B68116E41DB47DE38EC1CC67D85455ABCB9E00FB144C12EC8AD400FAEE0A54C3F6598003319928CFE7C743EF8134DCD4C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.210000..fDecay=0.990000..fVideoEchoZoom=1.007992..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.091679..fWaveScale=1.599181..fWaveSmoothing=0.900000..fWaveParam=-0.000000..fModWaveAlphaStart=1.489999..fModWaveAlphaEnd=0.750000..fWarpAnimSpeed=1.000000..fWarpScale=1.007348..fZoomExponent=0.101411..fShader=0.000000..zoom=0.989602..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000005..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.760000..wave_g=0.480000..wave_b=0.390000..wave_x=0.500000..wave_y=0.499900..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=1.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-M32OQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7100
Entropy (8bit):	4.935401113701575
Encrypted:	false
SSDEEP:	192:Epgw1lEtmf8n2f0HEMtE9vrkINa4DqzSsPrPnyrCInqZoTvdFTd58kNvrFbGDqzW:EpgelEtmf8n2f0HEMtE9vAINa4DqzSs9
MD5:	F5DE0FC2A1F80080040AC8B7318351F1
SHA1:	73260DD1463F25106945A28072B58B390AA9981E
SHA-256:	3C2DDB7F2A2868AF6E3CB18F877E7F361F3B4B4A404779A22B8171DB5D2E2298
SHA-512:	DF279F40A15ABA915962C9B16F906A64D6C7943D201E9D45523DB61C86F447EEEDA9F3D0AD89E58040FD040AE4B6865D2C9C94E496A79A2E0A848370459217BE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.900000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001645..fWaveScale=0.387300..fWaveSmoothing=0.630000..fWaveParam=1.000000..fModWaveAlphaStart=2.000000..fModWaveAlphaEnd=2.000000..fWarpAnimSpeed=43.865211..fWarpScale=3.645675..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.001000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.300000..ob_a=1.000000..ib_size=0.050000..ib_r=1.000000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=48.000000..mv_dx=-0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-M68IK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8065
Entropy (8bit):	4.997236576769668
Encrypted:	false
SSDEEP:	192:MJRGbGCtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqq:MJRGtJpf7mOv91HFMtE96XIoYa4jj6Q/
MD5:	EB37C59A68E263E97C0913CB7DF6F1AA
SHA1:	BC39BA74E681D03070E2D17C4A3D88B7ED18B040
SHA-256:	28D7C823B12A957652EDAE8D2E1C1B24643333369853EA64615E7D429C7D58D6
SHA-512:	4EEF79FBBF09069901159A25EE51982DDB17C095D3E66C41EEF0677C2F944138985ADDD0C2DC4AE778796F2AC7BBE3465C3760E55A4DEAA0C61F17B746150FC5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=1.816695..fVideoEchoAlpha=0.400000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.498315..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.950000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=31.199999..nMotionVectorsY=2.280001..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-MCGQA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3571
Entropy (8bit):	5.168531691076699
Encrypted:	false
SSDEEP:	48:begVs523Cd3aAEQEhMWS4sisZlvcscv+sAA1gPhZ20l5DP33wf0MTRw9BGBZGh1:Cgf3jQLHTVcvrtgPfUJTRwGih1
MD5:	15C87D02DB2C7AD9B99F708E48BA29BB
SHA1:	1F74B92D0152F57320BE4B120F177F33935F608B
SHA-256:	9C1C0B385847181878EDE11910BB71554E8ABE77071F87DD2A6EE4B324C3F131
SHA-512:	B7D07F45343D07829AA9C4A269476753AC1825B2341E0ECC8FFF1834BB6770BBF9FB4B336FC8128B6230A899CEAED5A5E6E67AC0E3807F0C8DB65A4A74E94DC8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.029878..fWaveSmoothing=0.630000..fWaveParam=-0.620000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.008151..fShader=0.000000..zoom=1.000300..rot=1.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999903..sy=0.999904..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.049900..ob_r=0.110000..ob_g=0.500000..ob_b=1.000000..ob_a=1.000000..ib_size=0.055000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=1.280000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-N0B4Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10767
Entropy (8bit):	5.0591912325621795
Encrypted:	false
SSDEEP:	192:RqgJYWB+2aP7GVVtYf7mnu90HPFMtE96FEKIYYa4Kj6QShCOyrCHFmvdFTd58kN2:vJYy+N0VtYf7mnu90HPFMtE96EKIYYaW
MD5:	38A5C08E69BC0D5AFDAE9FEF3700AC62
SHA1:	B65542F062DC6433140C7FB227CABD48FE00DF4B
SHA-256:	139A4581B9D188C7E479B5EFFB1FA6CDF9941E38CFC670CD90F2093783704526
SHA-512:	9BE18C52551280A3E781DF39E868E4E84B5277AA3F5A305E37662B3A2C2054422C2D5D008F796D02774EAA185FF8A4E56C53CE5DC7773F920849E0BD100063CA
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.334693..fWaveSmoothing=0.750000..fWaveParam=-0.219900..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.300000..zoom=0.999900..rot=0.100000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.800000..ib_size=0.005000..ib_r=0.400000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-NCUK1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17544
Entropy (8bit):	5.182555601134852
Encrypted:	false
SSDEEP:	384:mxJgIbuK/TLTgCEBStJpf7mOv91HFMtE96XIoYa4jj6QSQCnyrCl1vPTd58kNvrT:mxJzKK/TLMCEBStJpf7mOv91HFMtE96t
MD5:	3CE9997437358F4BD410E7EA3C7AD881
SHA1:	958029DB3E15811DB64458171214CFB24C6B7E61
SHA-256:	727C24A166A0D4C4C354108D2378539D593AF241C4AFC47194D55BFED3979A95
SHA-512:	AB43323A90111919F1E9C5E1CC5D2EBDA80621113BBB5684779DBA61B3FC8578F94120AF7B75BE3634B39F661A04AC498EF67590F0C064A3813207F5C87D80D9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.400001..fDecay=0.650000..fVideoEchoZoom=4.567740..fVideoEchoAlpha=0.650000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999835..fShader=0.900000..zoom=0.999512..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-NGAFB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8471
Entropy (8bit):	5.026021760071446
Encrypted:	false
SSDEEP:	192:w3JhH7v1atUf7mn2l0HE1PtE96FZIEFYa4jKTQLQ7OyrCHF4vXd58lsvyFi/Dqz8:UJhbdatUf7mn2l0HE1PtE96ZIoYa4jK/
MD5:	FFE40FA96D77E203E7C8BAA156889EA3
SHA1:	8EAF5925837287166ABB781D73E600FE4310F276
SHA-256:	45C452176526CBBCCBD27A2D46C34563787B5126985C13DBC715970CE9E453B4
SHA-512:	AA168B3CF05042558970C90E3C5A95720C44C3CC125A1931F0E90EDDEEC4E2DB9A2BD0287E1D99B8332C95D866C540A8F734ABC9182AB24F8E081145BE8F2A6B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006593..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.500000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-NHVBL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3815
Entropy (8bit):	5.215755785208422
Encrypted:	false
SSDEEP:	96:cf993+lTSHTVcvrP2MGJTR+dLKYDNFTUk:cff3+lTSHTVcvrOTJTUdLKYLAk
MD5:	897EABC43133039AFCBCDCCEC7A7F20E
SHA1:	6CBB8AD1F547CEE11E864105DA517E44B0995331
SHA-256:	68301DC757A3F1768A22B274C63C2878D87BD774F1642E1D6E420DF6CBB56BE2
SHA-512:	64F507A26FE797D3F7B32B5D33B8D1CF91FF8A9A4C5940664857D74AA160685F433C2B4F39BD681AF817B0D20F2C5E01D3CADAA8556F9FAC14FDED90847EE2DD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000100..fShader=0.000000..zoom=0.961206..rot=0.000000..cx=0.530000..cy=0.470000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=0.999904..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=1.000000..ob_size=0.049900..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.100000..ib_size=0.055000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=1.280000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-OPK04.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3380
Entropy (8bit):	5.289448397357401
Encrypted:	false
SSDEEP:	48:pCNwB0523H9+rEeSDli1lvkMMCAK0/WKUUv8iNLUTwRba2dbYG8nRlFYlQ/Rh:pPv3vemiXcWAKuc3OUTwtTb5WlFYlm
MD5:	86EF24C7D9A457BF15AFBE52D7B4CEFA
SHA1:	91E08C9EF95F8D7A19B8F4C51EBD2EBFBCFDA942
SHA-256:	2AD388790DA6FB455FEFCBDF7A1DB6637C4D6B28BDA82B63130C82BC00A33E8B
SHA-512:	C11041134A8AB7883D7F431632CDFAE1E07A8943E1B94450A6BBBB4CE8F5E93718C34652F4BFB740665B201A5C118823C4C2ADB0385B5D9CC5B5304029C9CF7A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.700000..fDecay=0.902000..fVideoEchoZoom=0.913970..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.199861..fWaveSmoothing=0.630000..fWaveParam=1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999995..fShader=1.000000..zoom=0.999500..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999997..sy=0.999999..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.000000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.260000..ib_size=0.500000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-OVBE8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7752
Entropy (8bit):	5.199698494211692
Encrypted:	false
SSDEEP:	96:8+eMx0RCF+BhVo8qVBwwW01qzTcGszHfhhgVCHfw1qiDDco3nntLiFII2FHx/e3C:rt+S8gh91H41BntLiFJ2KSBq49
MD5:	39A7895390B653C95BC1ED4DFF306AA4
SHA1:	0F1851EE37EAE3D3310733B8555B94FF0AC67AAF
SHA-256:	1DA086A3DDB2309713283EF3C78BF0AD2545C895DE537D85F062AC0DF4C17FB9
SHA-512:	65FD9AD903965538EE9D1B87145E6DBB4451E7FA64873B4973BFCFDCE9DF647FD99DBBEB7EB709CAE7B2F4073689F63A7E0657EF4407EDD3A73E45AF00FA1B03
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.985..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.080..fWaveScale=0.588..fWaveSmoothing=0.000..fWaveParam=-0.400..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.645..fWarpScale=1.500..fZoomExponent=0.99990..fShader=0.000..zoom=1.00020..rot=0.00600..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.08927..sx=1.00000..sy=1.00000..wave_r=0.450..wave_g=0.450..wave_b=0.450..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.300..ob_g=0.300..ob_b=0.500..ob_a=1.000..ib_size=0.260..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=12.800..nMotionVectorsY=11.400..mv_dx=0.000..mv_dy=0.000..mv_l=5.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-OVI0C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3542
Entropy (8bit):	5.393316379215782
Encrypted:	false
SSDEEP:	48:xrps1N5Q3Jq1C4V3gM5MzNN0NLYnBRyKqs7fVuHlI1d+dd158/2R1e8MBqTct1:Uq3JOV55M8NL87UHlid+FG2IuU
MD5:	7C473261893EB0B7C34EB753CF49ECF1
SHA1:	AE267ED7B35B4EE5D8092DB42F6E4885983872DB
SHA-256:	BF215A53EC1557374C122A522AE64BCA4C97056F080ECEE9AA3D87106F4DE59C
SHA-512:	78BC771C6084A9E57BA08BE23D4871975A494C38FE1D004B2C62AC12ED6A60DDF3C546B750E83F78D654D259050B3ABBDDEAF8AC23D415596EAAD749CBE63EEA
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.994000..fVideoEchoZoom=1.745792..fVideoEchoAlpha=0.630000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=0.997763..fWaveScale=3.023201..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999991..fShader=1.000000..zoom=0.999900..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.500000..wave_x=1.000000..wave_y=1.000000..ob_size=0.000000..ob_r=0.500000..ob_g=0.100000..ob_b=0.200000..ob_a=0.500000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.500000..nMotionVectorsX=24.959995..nMotionVectorsY=7.680000..mv_dx=0.3

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-PBOG1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1564
Entropy (8bit):	5.265004503982191
Encrypted:	false
SSDEEP:	24:8Wu6gkzv9E4CSFk1GpZDsn1dRx5XF1TZtar9VyJ1zssM0W+Dx:wmv9D++NU1HDfTaL8
MD5:	018B18C72C550E64047F6C3D10BEFC92
SHA1:	C89303DFCE0BFC69AA2BA153A0870A38979C35C6
SHA-256:	4EA940FE163C2047A315FA60A929AD7A0E5B8DBA67077A24DEB1B009F7BD7147
SHA-512:	599858AA03DA8D29EB185190533DBCEF14E5FE978DD8047CD72AA195A03A066F5CB57D64192C581BD122F9308C31D1308151BF83B4C1AE90F99731565CF75D91
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1..fDecay=0.985..fVideoEchoZoom=1.000224..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.0031..fWaveScale=1.004873..fWaveSmoothing=0..fWaveParam=-0.5..fModWaveAlphaStart=1..fModWaveAlphaEnd=1.01..fWarpAnimSpeed=0.999994..fWarpScale=1.002076..fZoomExponent=1.00183..fShader=1..zoom=1.077494..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0..wave_g=0.5..wave_b=0.8..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.03..ib_r=0.38..ib_g=0.27..ib_b=0.03..ib_a=0.3..nMotionVectorsX=10.879999..nMotionVectorsY=11.52..mv_l=5..mv_r=0..mv_g=1..mv_b=0..mv_a=0.25..per_frame_1=wave_mystery=abs(sin(time0.51))-1;..per_frame_2=cx=cx+(sin(time)if(above(sin(time),0),(-1+bass),1.3))0.5;..per_frame_3=cy=cy+(cos(time)*if(below(s

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-PK9UE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7972
Entropy (8bit):	5.153589936962879
Encrypted:	false
SSDEEP:	192:rsroc6c9RoAOgwZnbXmYCKKWGCHlSPG2LvLmvgoFoX:rsroG9RoAOgwZnbXmYCCH4u9nm
MD5:	269BEAA261386874FEF25A9FF52E0713
SHA1:	F3D46A29763119E1FAEE6F347CD827FA2432435A
SHA-256:	6455423CFF0493D563788FC37893505C3033843E6372B36B065444A8BCE5C938
SHA-512:	3234566F815E1E897352768230ACD4A80BC8544C2DBDB3F182CEF00616338837052640A51B3036E6AE5D5D1D90C8918977D4F45CAEB2D662CB931E7C53962575
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=2.000000..fGammaAdj=1.900..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000..fWaveScale=1.348..fWaveSmoothing=0.750..fWaveParam=-0.500..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.99990..rot=0.10000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.500..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-PO48P.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10132
Entropy (8bit):	5.072545933763623
Encrypted:	false
SSDEEP:	192:xq3Lo1ntmP2C1uFMtE9va8l8s3HleQ4jKTQLQ7nryCIlXSyS2bY58lsvyFiGDqah:xOL2ntmP2C1uFMtE9vXHleQ4jKTQLQ70
MD5:	3B200D60F0148C9EE40E37B4E61A8809
SHA1:	FB26D9E2EC48AB03AF04F0EBC4293FFBBF007BB6
SHA-256:	F1C2DB64ED23B800F39C9B05148FF386FB0F4A95562B18C4243929EE5A027DC1
SHA-512:	E8EA436A5CE3230B8A2864FC48C651C68585B5EF8A483E1BC68C66FA8D5D290E0B57A2C2F0ED05424EFD097605115B37356C04A889A9EFDC773FD7CB38D04F2E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.900000..fVideoEchoZoom=0.999999..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.311600..fWaveScale=1.228910..fWaveSmoothing=0.000000..fWaveParam=0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.459526..fWarpScale=2.006761..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=-1.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-PTLJQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	971
Entropy (8bit):	5.268391225757912
Encrypted:	false
SSDEEP:	24:Xn1MIgBciLrhM64QCc7zwIrISSI8OEyMsk:laRMlKISfo
MD5:	61D6B844FBEBE639D64CEE32F335DFCB
SHA1:	6B9E3DF17C69C3CC4672BD1329781C07CBC70405
SHA-256:	D1A74E2CF2F420B3EF58353D835BE5F4C8DD2F5648A20C0CD67D128CBFC9DE66
SHA-512:	A3DE474FB9B3A9BE8FEC624FF1A0F8B9AD3354AC7BE17050C8A03BC2090C8E5BD493E4785EE0F76764A5CA771EDC79E9AEC4CED829B5CDF85DD00560F7F3F116
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.9..fDecay=0.982..fVideoEchoZoom=1.00011..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=2..nMotionVectorsY=2..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.22..fWaveScale=1.1704..fWaveSmoothing=0.6839..fWaveParam=-0.04..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=0.9999..fWarpScale=3.1379..fZoomExponent=1.6092..fShader=0.2..zoom=0.907..rot=0.1399..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.238..sx=1.0099..sy=1.2571..wave_r=0..wave_g=0.1..wave_b=0.9..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0.37..ob_g=0.46..ob_b=0.35..ob_a=0..ib_size=0..ib_r=0.1..ib_g=0..ib_b=0.3..ib_a=1..per_frame_1=wave_r = wave_r + 0.4sin(time3.14) + (0.2mid);..per_frame_2=wave_b = wave_b + 0.2sin(time1.5);..per_frame_3=wave_g = wave_g + 0.2mid;..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-R5GNG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1603
Entropy (8bit):	5.299200249608365
Encrypted:	false
SSDEEP:	24:Xt9ZgUcUVAmJ4qjhGjDsFYU3i+UFTAGOXFH83ouVsYX7W5KT:LfOJGYUyPVAZXd3iso7F
MD5:	11A23889A2ABB7804958177E79DB94E4
SHA1:	3DAD05514148D8ED8B652634459BDAB28880CF22
SHA-256:	40253868EC400C4BFFC87A50F9711F636D02CC4D70A9FF2BFF81D3C3AF1AD9E3
SHA-512:	9C3D72F927F6685D548013FD68358567BF629BA237B4A418732D5793CBBB916F3B20715E0706A00EF436B4A111920612145FBB04E9ACA32D85CE203F7A1560C1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.56..fDecay=1..fVideoEchoZoom=1..fVideoEchoAlpha=0.4..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=1..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=64..nMotionVectorsY=1..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=1.59918..fWaveSmoothing=0.75..fWaveParam=1..fModWaveAlphaStart=0.85..fModWaveAlphaEnd=1.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=0.844378..sy=1.06152..wave_r=0.4..wave_g=0.4..wave_b=0.4..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0..ib_r=0..ib_g=0..ib_b=0..ib_a=0..per_frame_1=warp=0;..per_frame_2=x_wave_x = 0.5+0.3sin(bass+treb+mid);..per_frame_3=wave_r = 1 + sin(-x_wave_x6.28);..per_frame_4=wave_g = abs(sin(2x_wave_x6.28));..per_frame_5=wave_b = sin(x_wave_x*6.28);..per_frame_6=treb_effe

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-RAU55.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	24814
Entropy (8bit):	5.309498340289779
Encrypted:	false
SSDEEP:	192:r8W+5qxadYm/Ju4WppXkudhtRIMD1EWrlo2G/pnbYm9d3/USRnONZnbXmYCK7gFA:r8W9m/1udyWrvm9bONZnbXmYCxFoEWeI
MD5:	D60ED92B0A7E98A2E68CDB77E87C57A6
SHA1:	90AE72718745750CD462848121B21A8EE9E63884
SHA-256:	CF4B3FC0EDC3D9FF34C6B216F0580FF32E009A166EF79079D567E5770E3AAE4B
SHA-512:	F514BA35D64144DA7315FB65507E81D044F46E261C19870A5B1BC93FEFFEFD76D3B5D6A62C62603BF55B28B7608CE851899427292F699BE7094AED1CEDE04C40
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000000..fGammaAdj=1.000..fDecay=0.995..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.413..fWaveScale=0.375..fWaveSmoothing=0.549..fWaveParam=-0.660..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.626..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.08925..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.240..wave_y=0.440..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-RNTSQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1106
Entropy (8bit):	5.2934037318919644
Encrypted:	false
SSDEEP:	24:8xe1ug16dQg4HcGeeLWzfsi6uYOT4vNyMjsC:N8QHXSjsZOcMq3
MD5:	7D0D37E29EECF9F443627836C1728A80
SHA1:	CFF90AD3DF8444BF949437432E54DC697AE8A50D
SHA-256:	91B24FDA9B100CAC18A474413E4084380B39D603BF28883702799F61EA7BBBF9
SHA-512:	6FF285089B647EC6DD023E5287091E3DD479021132CF320458F3EC4EF50A6066207917C1B7396279FA8285B11260C7C447AA4812805B81025D2FEFC3FBC2F558
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2..fDecay=0.98..fVideoEchoZoom=2..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=33.469135..fWaveScale=0.931008..fWaveSmoothing=0.5..fWaveParam=0..fModWaveAlphaStart=0..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=5.725291..fZoomExponent=4.778017..fShader=0..zoom=1.093507..rot=-..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.0662..sx=0.905286..sy=1.01..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.47..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0.5..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=19.199995..nMotionVectorsY=14.4..mv_l=3..mv_r=0.6..mv_g=0..mv_b=1..mv_a=0.1..per_frame_1=wave_r = wave_r + 1( 0.60sin(0.933time) + 0.40sin(1.045time) );..per_frame_2=wave_b = wave_b + 1( 1.60sin(1.900time) + 0.40sin(0.956time) );..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-RQF7L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1862
Entropy (8bit):	4.966905231123507
Encrypted:	false
SSDEEP:	48:Bc81K523LDb1CFAEDhU2fmfoSkfVfovfJi4fRjzXOn:jh3+D9KoSExoXrRj7O
MD5:	1C3810C9C30CF0A9F6ED9325B0843AEF
SHA1:	3394098E7F895EF0A3EF0E935769105186392CEA
SHA-256:	D23A753B12D717543BA41ADAC94B4ECFE6C041AD3408C7172CDE591B99CA9A00
SHA-512:	E82B8047280C33D7EDF13BB0C70BEA411981327658D24F98977E8CAED640F3195BE50B32DCD51C69625D53F3B9FA92FFDE7F982B920C749208D6BF659BA73DB9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.999000..fVideoEchoZoom=1.000495..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.005730..fWaveScale=0.535239..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=1.489999..fModWaveAlphaEnd=0.750000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999500..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.779700..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=3.200000..nMotionVectorsY=1.440000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-RU4QH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2397
Entropy (8bit):	5.1848394441050765
Encrypted:	false
SSDEEP:	48:Yd3qFVKU523Jqwu3aAEqhS4k2cNv3+fvBl9JsVf35l:q6c3J9qwcI55l
MD5:	728B4B52A65669F33657B05B326CC296
SHA1:	3A33EE12B237D6709238E2B24C5CC0FE4434EBE5
SHA-256:	E3130B985B25D20DFEA5E874E21BDE0F6D9A1C4E4ADF86C8345893842424D96A
SHA-512:	24DF5CEAE7157B857E91770E858313E51D43C234ED39466AB804B617893E57D4479F4B843A208EC785B56D1DB6227D2DA3500FDF0161B168DAD31A8A7C12A41A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.999000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.186470..fWaveSmoothing=0.630000..fWaveParam=-0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.280000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.300000..wave_g=0.600000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.499900..ob_g=0.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-RU5K8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9509
Entropy (8bit):	5.0432186812985815
Encrypted:	false
SSDEEP:	192:L23J5PwIe4kTvv/LcJA3xvhaD5YX+CJBtLFpf7mOv91HFMtE96FXIEFYa4jj6QSO:+J5IIeBvv/oA3SD5YX+mtJpf7mOv91HD
MD5:	7362BE9635D8107ABBF20CCFDD750890
SHA1:	470CD88D4674DDBE4A7C8B8D77565E5AD79A4117
SHA-256:	C7BD25B6C70CF03995977A2F3F49CC9AAE4DDBD8C2182E239816385549F2F384
SHA-512:	107210C5C7702B3D764D9DD33D92F63EC59DBC52CB415A9CC5FAD645C91491288BBE4326F168A0460DA0AF320F84A233026666160B224346234E632384B0EDA8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=0.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=1.000000..wave_y=1.000000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-SEIDD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8890
Entropy (8bit):	5.052287734960059
Encrypted:	false
SSDEEP:	192:G3JCWm/1htwfkn290HEttE9vxIv2KTQLQ7OyrCINtvdFTd58lsvyFi/DqzwFBauy:SJC7htwfkn290HEttE9vxIv2KTQLQ7OD
MD5:	1C947522F46DF4B2083FFD703A274F4F
SHA1:	38327778CFEC8B4E16B9D7E026FCCCFD674DECE1
SHA-256:	AB0C4E972E68DC9ED4D782B2964993F1C96223F377ED373C84BD412FFCAC9067
SHA-512:	F61C4C2C1C14B7560CA8899975442FF730C856E93BD20C36A4A87AB7649907446E5C9F0A138A67425176140833BC61087488178E478CE51A009E0085DA77C055
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006500..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-T06H8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3831
Entropy (8bit):	5.2804153695941025
Encrypted:	false
SSDEEP:	96:HFyJ4VhGuvEZloiASE4VJsZo57DpCH3Ml:lyJYFvEZloiHsUBO3Ml
MD5:	BE3C8E0BE4FFD4B418FC7CAD627A8FFF
SHA1:	26752DA3811913D4DDCCDDFD1C9FF1C26553E769
SHA-256:	BD497C0DE39EEAB43441440C33EC6F1E3B2FF7B86FC7133C2AFA74C5B82E040D
SHA-512:	2D12C6B07FB803522C4155712E28FBDB12AD514E1E1C4CF5E8154E1228230AB8DCF685A241C154531A26520B01A3300B8E3E00A9B0458E6840C939B109429CDC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=1.000498..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000416..fWaveScale=0.608285..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=1.000000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000154..fShader=0.000000..zoom=1.000223..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.150000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.050000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=6.400000..nMotionVectorsY=14.400005..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-T1EJC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5942
Entropy (8bit):	5.013990327391212
Encrypted:	false
SSDEEP:	96:LwW3JGpmISt5pmOv9tnHFttE9z9Ov0vYQrqVIEFYjj6QmnQCnyrCHFVSvHdFPL8+:53JG8dt5pmOv91HFttE9z+hIEFYjj6QR
MD5:	A2948E3F3FA38A00986AB56387D95CBE
SHA1:	60C3237592918F76043BDEF22E33B04EFB75F7D8
SHA-256:	7A31DE084DE3BBCF54B10E08EDA6D3B1C15A7999795D77330DD9B0690545DFCC
SHA-512:	D2172F3BD954175A70EC66CB3378BD6EAC3F20C8E6DE30CD9BAB000C626FC118872C0A9DA5042A38C8D019F724DDDF322F09AC93A4F8B1CE49BDFC76A31607A4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.997000..fVideoEchoZoom=0.999997..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=98.029610..fWaveScale=0.935100..fWaveSmoothing=0.306000..fWaveParam=-0.360000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.854653..fShader=0.000001..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.090000..wave_g=0.090000..wave_b=0.090000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.020000..ob_g=0.020000..ob_b=0.020000..ob_a=0.970000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.970000..nMotionVectorsX=5.120042..nMotionVectorsY=5.088000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-UIQ76.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7728
Entropy (8bit):	5.015486258518443
Encrypted:	false
SSDEEP:	192:hvyNwy13tBfB3mn2f0ujMtE9v9I+k5j6rShCOyrCIwvdFTd58kNvrFbGDqzwFDap:hvOwQ3tBfxmn2f0ujMtE9v9I+k5j6rSF
MD5:	C7117211A65D8854F406996408DF8033
SHA1:	E927715EEFB6072ED3D921238C39490EAD18F068
SHA-256:	D2B3B94E1B19DD38A5C6ABB33BF1582743F613157D34B2868F61E703841C7A38
SHA-512:	E924398ECD67E3FC7794596F29FD267525E44894C9A3B3C828F208D9FD92316FBCEC022263EA709CE8F8A5C2871AB50B5DA758A6A6EA6C98635D4E5F1186491D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=3.679999..fDecay=0.900000..fVideoEchoZoom=1.000747..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.999974..fWaveScale=0.000009..fWaveSmoothing=0.900000..fWaveParam=0.173490..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.350000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.089900..rot=0.180000..cx=0.500000..cy=0.500000..dx=-0.059000..dy=0.000000..warp=1.508800..sx=0.999900..sy=0.999900..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.448434..wave_y=0.121660..ob_size=0.008955..ob_r=1.000000..ob_g=0.000000..ob_b=1.000000..ob_a=0.045734..ib_size=0.003418..ib_r=1.000000..ib_g=1.000000..ib_b=0.000000..ib_a=0.732955..nMotionVectorsX=1.000000..nMotionVectorsY=1.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-UJIOD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3511
Entropy (8bit):	5.284375925843923
Encrypted:	false
SSDEEP:	48:aXG+Bm9DN1+APJpy1//3jfOW2asqQ1w3Afq60tkA6gg6g+e3/HQ3sM6dq2A:1+Bm9z+APJ2jfOWsqOxL0trsq96dqN
MD5:	9B6C122BC6A8EB809DEB1BCDF9E2661A
SHA1:	A811B4B789996CB3E01A18EE036AAA2E7B68A33F
SHA-256:	2F8E5FBB6A52EACEEB73EF64E9637D15478BE5AF9CCF46D11508330389466536
SHA-512:	00FD08A8D19F441BAA70EE78025325D0F1F43414DFD01DBBF8E4216833EC2E668818279091CA798C78B0B16E5C83A81E2DC8D9C1FE37D7324D44BFC5CE2AE3F0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=2..fDecay=0.94..fVideoEchoZoom=2..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=2.651498..fWaveSmoothing=0..fWaveParam=-0.180163..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.999997..sx=0.578528..sy=1.030301..wave_r=0.610115..wave_g=0.337971..wave_b=0.298628..wave_x=0.671479..wave_y=0.725962..ob_size=0.03..ob_r=0.148379..ob_g=0.786533..ob_b=0.637879..ob_a=0.973918..ib_size=0.045..ib_r=0.841289..ib_g=0.297099..ib_b=0.775799..ib_a=0.238807..nMotionVectorsX=12..nMotionVectorsY=9..mv_dx=0.59891..mv_dy=0.978744..mv_l=0.5..mv_r=0.296168..mv_g=0.490016..mv_b=0.461879..mv_a=0.573571..per_frame_1=wave_r = wave_r + 0.45( 0.6

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-UQL62.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12302
Entropy (8bit):	5.256874416816769
Encrypted:	false
SSDEEP:	192:rYTdA+5qFiwL2WH9RIGlNrtiwYCzoTULqwK9tg2PbR:rEAb9Rf1VYCgJ42V
MD5:	39E423F848A99008A341520F5E48CC5D
SHA1:	86587EF1EC4FBACBDC715DFC0DDDD6B6517AD1F3
SHA-256:	5342979F2323FAA7A7B15DCA31E7499F9264E577BEB1DB2CA84D70449D0F4DB5
SHA-512:	F0FCB5E1F8A6BDC651C964EB37346ABFA71A004970F80D4D582FEEE053ED1AF1F5227454FFFDB9F4C3423C3C862BEFE7E6572A5806A28104B5E766E9CA3DE28A
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.002..fWaveSmoothing=0.261..fWaveParam=0.000..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=0.99984..fShader=1.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=4.586..nMotionVectorsY=3.234..mv_dx=0.122..mv_dy=0.156..mv_l=0.212

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-VF79C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3154
Entropy (8bit):	5.200906735067807
Encrypted:	false
SSDEEP:	48:Wa936/523Jd3aAEF5RMWS4sisZlvcscv+sAA1gPhZ2+l5DP33wf0MTRj+BHlTStG:x9D3kgHTVcvrtgPdUJTRjGl+fO
MD5:	81AEC03C3EC5C7AA2F7BA955A853B864
SHA1:	113E34CDA08DC9278D3E0F609C1A3C56BDFA0CED
SHA-256:	0E9BB1BB9BE4C15F13611037FCADD8B5D7CE3455FBCEA9F509110664E5642364
SHA-512:	353F8550758C2565F4C4325074C5E721703808038AB1089B91FE9BF6908AB9C6740AEAAC09721FB03E90ED92D2A403D1CC1899AC5827BC76DE935986CA7FC3FF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-0.200000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000157..fShader=0.000000..zoom=1.041020..rot=0.160000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999944..sy=0.999904..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.049900..ob_r=0.110000..ob_g=1.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.055000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=1.280000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Other\is-VV1G2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	5.075800070993564
Encrypted:	false
SSDEEP:	24:m3EtykDmn32qizH4K62U8u9YlqjSXiIlWWAoIrIB8Hbgo4QCCI2:gE+izYKR1WWANvb9CCI2
MD5:	D560B3E8E965767E3137854C1DD610E3
SHA1:	2F30E9C144105F23A9EC295E7A5EEC32CB8AD7B2
SHA-256:	55F6566044A33B52F0B867DCFD0DA696032089A9F5C09EC0D6F2D6C876894F57
SHA-512:	4AA45F65019BCD147AAE2548D2A6483D8012EE6AAC451FAE0B5C774A03789AF7AB108716DAFB79A316FFC365AB6FB05182ADF9D453365FB92CFCDD6880AD89C0
Malicious:	false
Reputation:	low
Preview:	[preset00] ..fRating=3.500000 ..fGammaAdj=2.000000 ..fDecay=0.925000 ..fVideoEchoZoom=1.006596 ..fVideoEchoAlpha=0.000000 ..nVideoEchoOrientation=3 ..nWaveMode=3 ..bAdditiveWaves=1 ..bWaveDots=0 ..bModWaveAlphaByVolume=1 ..bMaximizeWaveColor=1 ..bTexWrap=1 ..bDarkenCenter=1 ..bMotionVectorsOn=0 ..bRedBlueStereo=0 ..nMotionVectorsX=12 ..nMotionVectorsY=9 ..bBrighten=0 ..bDarken=0 ..bSolarize=0 ..bInvert=0 ..fWaveAlpha=4.099998 ..fWaveScale=0.010000 ..fWaveSmoothing=0.360000 ..fWaveParam=-0.500000 ..fModWaveAlphaStart=0.709800 ..fModWaveAlphaEnd=1.700000 ..fWarpAnimSpeed=1.000000 ..fWarpScale=1.331000 ..fZoomExponent=1.000000 ..fShader=0.000000 ..zoom=0.959487 ..rot=0.020000 ..cx=0.500000 ..cy=0.500000 ..dx=0.000000 ..dy=0.000000 ..warp=0.198054 ..sx=1.000000 ..sy=1.000000 ..wave_r=0.650000 ..wave_g=0.650000 ..wave_b=0.650000 ..wave_x=0.500000 ..wave_y=0.500000 ..ob_size=0.010000 ..ob_r=0.000000 ..ob_g=0.000000 ..ob_b=0.000000 ..ob_a=0.000000 ..ib_size=0.010000 ..ib_r=0.250000 ..ib_g=0.2

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-047B4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6987
Entropy (8bit):	4.924461309096054
Encrypted:	false
SSDEEP:	192:DCw3Jk7J16tX7fOvl1uF1PtE92a8rdId4jKTwShCOyrCIlXbb758lsvrEb/DqzBe:DnJk7H6tX7fOvl1uF1PtE92xdId4jKTf
MD5:	7F9D5E6F793DABBFE67EAED957F006A0
SHA1:	2CBEB297E03906B52E5894AE6DD6FB157BEAE5DB
SHA-256:	1C67BF8D1B5390792F45A0B0FE43E15F06A39D07DD1C63DFE058AB19FAD658BD
SHA-512:	62B9C37139540A7BCDC4C27611022CE2F8181C7125CD30D7B3342BEF01DC005AA6B552F75DE541916030FCD2CEBE3F4BD5A2B05CAC62E710B8DEC1BD3ADFB20E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.006752..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.080487..fWaveScale=100.000000..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.100000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.006500..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=57.599998..nMotionVectorsY=44.160000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-1A0E0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7715
Entropy (8bit):	4.996184436041904
Encrypted:	false
SSDEEP:	192:k+w3Jg6IV1nte/n2f0YFMtE9vkIqeKTSLnCnyrCIFv6xls9ySbGDqzBWaOI4aSw7:kDJgPnte/n2f0YFMtE9vkIqeKTSLnCnA
MD5:	93E4C4134FD4C8F0D3FEED8C3C9C5380
SHA1:	F6FCC2361827FEBA55C88F97A7D07C2888CB3631
SHA-256:	C5EE35202DA9F08053CB7579D54CD4C1FA28A2CE4A9A961C6B59CDFBF9927B1D
SHA-512:	6B25F701FED7A75E360950798DB013EE222FF62B8B98570CA587023340DFC07DBAE204D82C69F894A3003D621C62357C35E7A20F1F5CF9752C71F7B84883AE51
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.980000..fDecay=0.900000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=0.018000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.015000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.950000..ib_g=0.850000..ib_b=0.650000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-26SFT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2191
Entropy (8bit):	5.076660188101511
Encrypted:	false
SSDEEP:	48:pGfqso5Q3JqKd3aAEkqJ+VFVNLwlusywFrHSSS:4fqq3JgklVFzwl7ywEP
MD5:	060B60A75C28E8B7AC6476E1FE0569C9
SHA1:	DACE6A9FE4FEFCE920A28DF335732A3B76709A6C
SHA-256:	8623B63AD7E606013CF895DBEF75FE021C59C6F682B0CFD474E4C308D91FD059
SHA-512:	DC56C12AAB4DAE412D709511380867A81DA81F9BF338CB33E3FE9F884E9FDB7A9A46903AE91E7769BACA1BA7712AEA4B7FBAE9C92F42309FB982808CF36EAD0B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.653093..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999996..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.014500..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.015000..ib_r=1.000000..ib_g=0.600000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-2OSAB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5422
Entropy (8bit):	4.903663288938591
Encrypted:	false
SSDEEP:	96:pi9X3JgqMOtTgtupmOvqtnHFMtE9vYmxu0KzbZVI/Yjj6QmnQCnyrCHFGJfeP0Dr:piB3JgqVtktupmOvq1HFMtE9veBI/Yjn
MD5:	F9738E98E3915EE6D902902720FE8EBA
SHA1:	C599EF4E5BFC017055BB47D89DC82795DC3AF978
SHA-256:	D2389D695651369BD2AD439FD0DEF4CCBB789C6BB39D74932584EDE104BA15E7
SHA-512:	4DFFDC8A464B98F77F068C69F77D404180E96700714977A192086856B4B7D8985FB31905272AC03A4CDDCF3F9AC92F808D852303DCEDCB74F6030E6CDA00A6A1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.700000..fDecay=0.940000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.950000..ib_g=0.850000..ib_b=0.650000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=0.000000..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-4N9CU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6390
Entropy (8bit):	5.0676788321840345
Encrypted:	false
SSDEEP:	192:r3rjk5qV6nL9RdAOgwZnbXmYCK0HBZ6K26p:r3rjKL9RdAOgwZnbXmYCjZ
MD5:	FFFD3CD083B5CCF5B13E981A40F52504
SHA1:	52196E99EB7C7575909EDB603C7AD7401E2029EC
SHA-256:	85CAD586146B5B601DE68A1A6CC26773E707207ACB1670F7EAEF2CF9D2EDA534
SHA-512:	7A1D696C5BE7A664D59EC6ACA0C8BA4DA733FEB8452C67F353A8C0601FA301E5C9A346ADDAA4F7A420641589F7BA6956FE17E0424642EFE02A943CE5B3489420
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.981..fVideoEchoZoom=1.047..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.900..fWaveScale=2.905..fWaveSmoothing=0.600..fWaveParam=-0.300..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=2.63006..fShader=0.000..zoom=1.03100..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.600..wave_g=0.600..wave_b=0.600..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=24.986..nMotionVectorsY=20.031..mv_dx=0.065..mv_dy=0.109..mv_l=0.036

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-4OKPJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1603
Entropy (8bit):	5.266122909467438
Encrypted:	false
SSDEEP:	24:Xxl2gScH3VAyc4qjhGjDQiyYU3igvXANpsAGmFHxW3ouVsW17Ra5o:Hnb7J7yYUygvXAcAfdxBisE7r
MD5:	A05ACF69B34CEFAC23402F2DA6248BC8
SHA1:	A0349262482B723050EA336CF0CCEC178AE39C7D
SHA-256:	B4F33A1BDCDB7B4499055090994EB9131C908315F55CB5D5A57ECB58FE3E30A3
SHA-512:	AB78051DD6A48E0E6E77B0F2E31359992906E55F1ECD53C488FBFD7138438F8B03D57430FF1EA04F2EAF9D759C80F0A5A1429595E735F48E59ABDD8F9864068C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=0.975..fVideoEchoZoom=1..fVideoEchoAlpha=0.5..nVideoEchoOrientation=2..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.054279..fWaveSmoothing=0.75..fWaveParam=0..fModWaveAlphaStart=0.85..fModWaveAlphaEnd=1.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=-0.19..cy=-0.1..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0.4..wave_g=0.4..wave_b=0.4..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0..ib_r=0..ib_g=0..ib_b=0..ib_a=0..per_frame_1=warp=0;..per_frame_2=dx=-0.0005;..per_frame_3=dy=-0.0005;..per_frame_4=wave_x = rand(100)/100;..per_frame_5=wave_r = 1 + sin(-wave_x3.1415);..per_frame_6=wave_g = abs(sin(2wave_x3.1415));..per_frame_7=wave_b = sin(wave_x3.14

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-54F6K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7751
Entropy (8bit):	5.086446100088262
Encrypted:	false
SSDEEP:	192:cxWaks/C+tYpmOvq1HFMtE9vxTJoIZpjj6nSQCnyrCIRagkvVT8kNArFbGDqzBz9:ugs/C+tYpmOvq1HFMtE9vDoIZpjj6nSA
MD5:	07446B9B768DB510037A9221485E8C40
SHA1:	60986207F88DA07331DD291EA03E1EE97BF3EBAD
SHA-256:	6B41C1F6D8DAC2C39D5BB0C377C68541080BB5759A1AC25CA3BBFFD743327900
SHA-512:	FEAAABCBF6134B71EE79A1FFC7C44253908409EDAA8FBCACA6D3052BAF0CDAE4AEEBAC07032E7A26586AE96960D883A00CE56D8B020CFE51C190A9FDF0183D80
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.994000..fDecay=1.000000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.634243..fWaveSmoothing=0.100000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=100.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000156..sx=0.999666..sy=0.999900..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.460000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.250000..ib_g=1.000000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-55JNJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4175
Entropy (8bit):	5.293873278171624
Encrypted:	false
SSDEEP:	96:McwP/njKYnpQZl/mZlmIbN2mnzwDNfUFwvU:7wXppQZMZcIbN2ezwjU
MD5:	50604E7640B0E4C758D5714C09BFFF57
SHA1:	A987BCA44B817D9D2DA3CE630CC006AC83F2D0F8
SHA-256:	5AA19D88F01F5CE1EBF6FCEC3AF85347044E4284301759D41A07EF43A846ADC1
SHA-512:	B1F13A83EEE00F8AF66241300A0BA5AD2EA16AB305383F529826389A212A69651919E8B1B3CBAB125473B2F3553961A7C8006D32E29400E1091155ED39026F1E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1..fDecay=1..fVideoEchoZoom=0.999609..fVideoEchoAlpha=1..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=7.014853..fWaveScale=0.01..fWaveSmoothing=0.27..fWaveParam=-0.4..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.99579..fWarpScale=1.331..fZoomExponent=1.01..fShader=0..zoom=0.998531..rot=0.002..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.1..wave_y=0.9..ob_size=0.01..ob_r=0..ob_g=0.9..ob_b=0.2..ob_a=1..ib_size=0..ib_r=0.5..ib_g=0.5..ib_b=0.5..ib_a=1..nMotionVectorsX=63.936001..nMotionVectorsY=48..mv_dx=0..mv_dy=0..mv_l=1..mv_r=0.63..mv_g=0.2..mv_b=0.3..mv_a=0..per_frame_1=ob_r = 0.4 - 0.3(0.5sin(time0.701)+ 0.3cos(time0.438));..per_frame_2=ob_g = 0.5 - 0.46sin(time*1.724);..per_frame_3

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-5BT5N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4176
Entropy (8bit):	5.26486955182451
Encrypted:	false
SSDEEP:	96:icPPd+/WvyE/DNLwCfLfGvkw0mz2Zl0Zl9sbWt3UF:1PdyE/Re2ZmZXsbWt3UF
MD5:	303CFB43CB2DF67A14659A4364F332BC
SHA1:	F5EAB15537DF90FE6819676E5962BDEC7F7C6450
SHA-256:	668147ED5A881F141EF9F843623A636C8A32155C2CACB60F787766EBFE8747C4
SHA-512:	312070891DCF0AC7FDF46232747C46BC91CFBB24E5CE2738C52899282C27C3AE8F42CF522906D761E0D5CC04DF0F993895288171561BE3AE12024DA27941C76C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.96..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=5.204482..fWaveScale=0.535238..fWaveSmoothing=0.27..fWaveParam=-0.4..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.99579..fWarpScale=1.331..fZoomExponent=1.01..fShader=0..zoom=0.998531..rot=0.002..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.1..wave_y=0.86..ob_size=0.01..ob_r=0..ob_g=0.9..ob_b=0.2..ob_a=0..ib_size=0..ib_r=0.5..ib_g=0.5..ib_b=0.5..ib_a=0..nMotionVectorsX=3.2..nMotionVectorsY=48..mv_l=3.5..mv_r=0.7..mv_g=0.7..mv_b=0.3..mv_a=1..per_frame_1=ob_r = 0.3 - 0.3(0.5sin(time0.901)+ 0.3cos(time1.438));..per_frame_2=ob_g = 0.4- 0.4sin(time3.924);..per_frame_3=ob_b = 0.35 - 0.3cos(time*2.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-63E1T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3102
Entropy (8bit):	5.165295291800817
Encrypted:	false
SSDEEP:	48:W5860K23JqSl4V3A2WmkKVvfOiGhX8ivzKuwI33Q6wPJ3DN+/FY12AckoohNrh9y:jLT3J4VrWmkKV3OBt81g1GDN+NkxAO+
MD5:	6F3154223B27558EC450D11AADC3C2B7
SHA1:	30CE5AB698ACFC82B820AF581E41EF79F2D0FCA8
SHA-256:	7093958120AEDA2E93AFFFE2F46833DF2A07C2D6D362DF868818F8C4F31C2141
SHA-512:	DB99C5E5042775757EE97AABC7BD7C70CDC09C27236951CA07CF76129231525267FBAC310347C2CA23A1E82A47B85CB20D35AC304C2B1F58D426F2AE283A44F6
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.640100..fWaveSmoothing=0.270000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.010000..fShader=0.000000..zoom=0.998531..rot=0.002000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.960000..ob_size=0.010000..ob_r=0.000000..ob_g=0.900000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=9.599999..nMotionVectorsY=9.000000..mv_dx=-0.2

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-72NS7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1306
Entropy (8bit):	5.343878216966334
Encrypted:	false
SSDEEP:	24:XxWMhgfeNrc4QCcG9DSYC6uH3KKp6aI7t6t4lwm0j:kmt77S/hUa889
MD5:	62268A37CF4678D1419276BE4E8F54D0
SHA1:	343C044FC3FB205635924BEFE7B74C1E8171C798
SHA-256:	EAFCA4D7CE9C240BA3106754A345191F14363F2104B2CBF742263CC695EFBDBA
SHA-512:	F7997BB2D945A4317BCEF77A46BFD7858E09E07879F7C591A8B5B05FEBE2C917B62D4856FEF9C20016F62425E42453330E1A1EF6CDE50AB0DC9F2CFDA18D5259
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=0.942..fVideoEchoZoom=1.0065..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.7999..fWaveScale=1.54922..fWaveSmoothing=0.75..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1.040604..rot=0..cx=0.47..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=12..nMotionVectorsY=9..mv_dx=0..mv_dy=0..mv_l=0.9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=wave_r = 0.5 + 0.5sin(time1.143);..per_frame_2=wave_g = 0.5+0.5sin(time0.896);..per_frame_3=q8 = (bass+bass_att)*0.5;..per_pixel_1=state_scalar=i

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-7JFO0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1724
Entropy (8bit):	5.0012158337734975
Encrypted:	false
SSDEEP:	48:Wpy6523Jqu9+AEHMhFTsmworyNmcgfTUX:0c3JgHMXs/ZNmcgfTUX
MD5:	B1EDB3AB84C7716897BBA79A2883A7F8
SHA1:	F849E99E9DB00EE0DACC7504A2872A434B3FACA1
SHA-256:	96365BD842FE7E1004779E3CF1B17238D4F0770D4E477692A4461DC6622BFB2C
SHA-512:	75B6F606DE0BB8110F90E079E8BB640A01817579E6B04E799E81540916E6AE38559EF62ECDDED6502B216C2F527672B8809BFD88E1535E10EB14AAD67B6D45AD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=8..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.990099..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-8MS33.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4313
Entropy (8bit):	5.211015882753323
Encrypted:	false
SSDEEP:	96:cZq5gJ4VhWmGCphOBXdeKZlkXTbrY5cDNmx/JER:cZkgJYWzqKZwTbrY5c/R
MD5:	695EE834569F101B27BF2BC88406BEF0
SHA1:	F6040B2E0428EC8E239CC8DECEB365500F723DF4
SHA-256:	67FB442FC8B17BE456DFB74E34AA6DF70CBA64C2CA8744B5B1461D74A5FBA380
SHA-512:	B53E5025A57F35835B3F28882C18530F4E173B91E7239A16BD0C8F7530383F83D4D8A7309C180572D7C73565BD887CFBED0EBB82144EA0282A874673873EE80C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.993998..fDecay=0.998000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.334693..fWaveSmoothing=0.750000..fWaveParam=-0.219900..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999900..rot=0.100000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.400000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-90ES2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3485
Entropy (8bit):	5.201256827421959
Encrypted:	false
SSDEEP:	48:1bDoFOzZdpUuQU5RHTLpfY4ZlJoVPOKb5n43m8Q+whJ3DNR10I75LI:RDYWpNlY4ZlSV7b5nI5cDN30I7q
MD5:	456E79C3D22690B220C0C4667C3EF1AA
SHA1:	0EEFE9999F03A48D65BC2EEB6CC03372CCED873B
SHA-256:	26CB13C74CC84168D8DBBB39D797A8F2348B6F314D3A45A7986C465D35C154EE
SHA-512:	7504B51625F4E47FBA6B295CFB0F209EA3F86E59ED448425C36A329CEC032481AE69DFBDD1BEE87FC4C087655E738E944470414472A656E5A0BF361E12B391A8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.994..fDecay=0.96..fVideoEchoZoom=2..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=1..bInvert=1..fWaveAlpha=1.882469..fWaveScale=0..fWaveSmoothing=0.63..fWaveParam=-0.5..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=1..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=0.980296..sy=1..wave_r=1..wave_g=0..wave_b=0..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0.0015..ib_r=1..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=64..nMotionVectorsY=48..mv_dx=0..mv_dy=0..mv_l=0..mv_r=1..mv_g=1..mv_b=1..mv_a=1..per_frame_1=warp = 0;..per_frame_2=wave_mystery = -0.5;..per_frame_3=vol = 0.167(bass+mid);..per_frame_4=xamptarg = if(equal(frame%15,0),min(0.5vol*bass_att,0.5),xamptarg);..pe

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-9I8VS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7704
Entropy (8bit):	4.951625546682789
Encrypted:	false
SSDEEP:	192:CJY51/tP0mn2k0HEUtE9vTLWIL4jjTZLQC/yrCICMjvgwlsvyFi/qDaBtIaHAWZ5:CJYX/tP0mn2k0HEUtE9vTCIL4jjTZLQM
MD5:	91FF4CE86234AFE4AFDBE9BBCAFA3AA6
SHA1:	B882DEAAE50247246D78B474FF169363C4D694B4
SHA-256:	3984D074B3E6E02BC8F7A7095618197021A9B0E8BC38AC2B0927DF668475C4C4
SHA-512:	1336F4E97E9048B4240929B2AA92C960096E816044080DCE01DD0E999619D9E92FD20795AE5FEF3CE335AA5ABCDF771F1A93E77B6ECC68E63971B67F159214D1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.221673..fWaveScale=0.685151..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=100.000000..fShader=1.000000..zoom=0.999998..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.200000..ob_g=0.400000..ob_b=0.220000..ob_a=1.000000..ib_size=0.005000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-9VBO9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1530
Entropy (8bit):	5.325081077406515
Encrypted:	false
SSDEEP:	24:8xSqCkve+Uq924zghGE+FYC6uOU+C9QP1zlRyX5quD4agiYAHzt:M4k9JMO/+CW24yYqt
MD5:	8D2D2C53EC2EB0AC89511BA2546D944F
SHA1:	17CD4F7852AC1F71E4FC90878BF1546BE2185564
SHA-256:	98FA7CF8030390E8A9CF4029E13D7BBFEB26BEF561D07017CFDC8B34C493C906
SHA-512:	9A19044F7090195CC8866728D2444D7AC9027768EF27804870D9B80AC5B41EA3A6060886FC7822C04484022E2732FD83514FFBE2C1E6979F74138526508E6EDF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2..fDecay=0.9..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.903511..fWaveScale=0.01..fWaveSmoothing=0..fWaveParam=-0.56..fModWaveAlphaStart=0.71..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=1.070549..rot=0.02..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.198054..sx=1.220188..sy=1.22019..wave_r=0.65..wave_g=0.65..wave_b=0.65..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=64..nMotionVectorsY=2.016..mv_l=0.01..mv_r=0..mv_g=1..mv_b=1..mv_a=0.72..per_frame_1=wave_r = sin(1.24time)/2+0.5;..per_frame_2=wave_g = 0.5cos(10bass)+0.5;..per_frame_3=wave_b = cos(10treb_att)/2+0.5;..per_frame_4=bass_effect =

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-CUB78.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1492
Entropy (8bit):	5.342241299111903
Encrypted:	false
SSDEEP:	24:8cZgx614QCcGhdFdYrMrjKp6hMhT2GQM7MmICFA59pCBRYvRRfsNNusg0:F/izdfSUhMhaMDIi0pCBOvRtuX
MD5:	6DBFA7FB0AD336329B230F801484C739
SHA1:	5D2FBA40C5203F099D61F2E57D6846F51470C21C
SHA-256:	682553C1E7D743AD2A3F69CD0A51EDFD715B77506A284182D0AB8468E16B843A
SHA-512:	3C40EF1807811E6891F589FEE0B519DE6CF336372668B606B82B4957BB207B5EF5B4E8F9DA1C86E9AE0D6C86975CDF0FE5324AACF66F3618D861559A2761B2EF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.998..fDecay=0.994..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=5.9..fWaveScale=1.116811..fWaveSmoothing=0.9..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=2.853..fZoomExponent=1..fShader=0..zoom=0.9619..rot=-0.01..cx=0.5..cy=0.5..dx=0..dy=0..warp=0..sx=1..sy=1..wave_r=0.9..wave_g=0.45..wave_b=0..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0..ib_size=0.01..ib_r=0.5..ib_g=0.57..ib_b=0.4..ib_a=0..nMotionVectorsX=63.936001..nMotionVectorsY=47.952..mv_dx=0..mv_dy=0..mv_l=1.05..mv_r=0..mv_g=0..mv_b=0.8..mv_a=0.1..per_frame_1=wave_r = wave_r + 0.1(0.6sin(0.933time) + 0.4sin(1.072time));..per_frame_2=wave_g = wave_g + 0.1(0.6sin(0.888time) + 0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-D47JP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4973
Entropy (8bit):	5.224708871745497
Encrypted:	false
SSDEEP:	48:7T1V5gJqKn4V3AE/oh6NrE2C/qQ4wjADqPaFtwSd/TrlIO2GOSzheVvhoVfaSVyB:XWJeVhw/q5hqazHlBqV
MD5:	ED9CB823139D9BBFD8C36599359FCC36
SHA1:	78EBF1879E76CBB0BEB0BE3C88217C4C82601A37
SHA-256:	242D5537277C46D2573214EBF580CF55BB95FB40DFE688D1464AFA1F9585CF79
SHA-512:	72DD329F5D1A01087F5AE22F36A41123B8363DB624859BB3753650A3FFF5FF0A2A3325304ED92DD3C10F43F6B1EB1F4DC42C1B667D7A6B7D24186B2A6320663C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=1.186471..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.351767..fShader=0.000000..zoom=0.980296..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.700000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=1.280000..nMotionVectorsY=1.248000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-DCTRC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7606
Entropy (8bit):	5.2096033434537565
Encrypted:	false
SSDEEP:	96:8+eMxlbm5d5qwDyljQB8S1Ri00XwMvlghu5vJq3kudJOcqJ2PUL:rDm35qIyRe8SyPXAu5vJxMOcy2PUL
MD5:	174762431CD7C1D52BA2D08BEF30CAF4
SHA1:	76A82A75FF0C5B4D1C99478E6F804D1265F13616
SHA-256:	889D5F4201F9144020F2BD58FDB388B134C03771E37A5B860FB4ADCDF880ECC5
SHA-512:	889936AEEC52D5BF7B4D53D5072CC8731EC9AE9E6DF6E6A8F3A4D526CA889B25FD2EA67CE3200016583C854995641118D7DA7829F43FE683508C29C53FA2B27E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.0..fDecay=1.0..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.0..fWaveScale=3.815..fWaveSmoothing=0.9..fWaveParam=0.0..fModWaveAlphaStart=0.0..fModWaveAlphaEnd=1.1..fWarpAnimSpeed=1.0..fWarpScale=1.0..fZoomExponent=1.0..fShader=0.0..zoom=0.97990..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.01000..sx=1.0..sy=1.0..wave_r=0.650..wave_g=0.650..wave_b=1.0..wave_x=0.5..wave_y=0.5..ob_size=0.007..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=64.0..nMotionVectorsY=48.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.850..mv_r=0.5..mv_g=0.5..mv_b=0.5..mv_a=0.0..b1n=0.0..b2n=0.0..b3n=0.0..b1x

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-DGU7U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7387
Entropy (8bit):	4.931518096921343
Encrypted:	false
SSDEEP:	192:CJYp1/tP0mn2k0HEUtE9vTLWIL4jjTZLQC/yrCICMUvg1lsvyFiGDqzBtFauFiAV:CJYn/tP0mn2k0HEUtE9vTCIL4jjTZLQK
MD5:	183CF943B4065A9D8EC30B4149A4B9C3
SHA1:	7993BFA7DE7427AC2844E1D2E90294EA3A2AF424
SHA-256:	A94602194919358967FA44224C1FCF3B7AE6423F33C5A254B00BECCCBC8FB644
SHA-512:	6F4DFA4ED1802A21C2427D7754A4ADC0F96A84ACEC43981239BEC04ED7751D546DB4C3AFA8E97A0F406AC19868EF029FBD4C8BAEFC9A0EB035C4495FB91BC4EA
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.221673..fWaveScale=0.685151..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=100.000000..fShader=1.000000..zoom=0.999998..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.200000..ob_g=0.400000..ob_b=0.220000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-DUTHI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8108
Entropy (8bit):	4.967080589000472
Encrypted:	false
SSDEEP:	192:wY0hWEQ1Lt9f7mOv91uFtMFc2/OdzIOa4jj6QShCOry7ZwOMZvWd58kNvrEb/qDF:YhX+Lt9f7mOv91uFtMFc2WBIOa4jj6Q1
MD5:	AB34C2D541FF78F1FD18C9E48FECD199
SHA1:	6AD844F4D824F41C69DF30139AFECC79897C6570
SHA-256:	19A879B3C92A058EFDA81EFAF869399579944A25274C559B06B32DBDD6553D9B
SHA-512:	4C7F28D5FF09E9EC8A8F80FDEFEEE83F1D7871BD8B9AF2B89ACF0219D8462D7DBDA9BC503F64F8CE45962582A02E4219D4F3EDC9957CA0EE24467832720526A3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.000000..fDecay=0.980000..fVideoEchoZoom=3.289248..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.645252..fWaveScale=0.010000..fWaveSmoothing=0.500000..fWaveParam=-0.500000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=2.853000..fZoomExponent=2.100000..fShader=0.000000..zoom=1.025000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.290770..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=1.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.015000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=6.400000..nMotionVectorsY=43.199997..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-E3VC1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7802
Entropy (8bit):	5.0552728325164535
Encrypted:	false
SSDEEP:	192:U3CNP1St07mn290HEMtE9v2I54jKTQLQ7nyrCI36+58lsvyFiGDqzB6VrWZ4aSyd:gCN9St07mn290HEMtE9v2I54jKTQLQ7I
MD5:	918810EEDC22B19A0CBB85EC7DC4476D
SHA1:	B5F63BB2AAA495DBA321A55BF0F608D1876157B2
SHA-256:	AB5E710BF1BE2837210A36D4F5CC6B7455D400873CDDB081F592C6F647B877FC
SHA-512:	EB78F450DDF7655095817BFB2F7E57BB4EA15D5AF5EDCE798FB19FA58931B00BB4ADF36A61B2FD4B2210C6FBC3006CFD52B777DD986B4F6490762A38800662D8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=2.216266..fVideoEchoAlpha=0.780000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.931011..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.008100..fShader=0.400000..zoom=0.820774..rot=0.000000..cx=0.499900..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-EC9AO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8288
Entropy (8bit):	5.187360239444687
Encrypted:	false
SSDEEP:	192:rrSOwy5qt6nL9RdAOgwZnbXmYCKnCSbw5cL28kM:r2OwYL9RdAOgwZnbXmYCtSbkcbkM
MD5:	5D3FD89785C6567F017F4EE7D6E4BF2A
SHA1:	EB5A85FDCE6BACEDC6A3CEA061C363C9E081A8BE
SHA-256:	EFA0CE86D5AAAA9754677DF11B532B429FF7FF666354126804D451FCAFEA2214
SHA-512:	19D09A70CF826F0DDA9108F4A21154D47E36C7506C5AAF8A1E2302766115E2368E6C249BF70FECAA74D344395FEDFC3774C64D9FEAD1D9EC66BA1118DC544969
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.300..fWaveScale=0.881..fWaveSmoothing=0.500..fWaveParam=-1.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=3.60000..fShader=0.000..zoom=1.02109..rot=-0.16000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.30900..sx=1.00000..sy=1.00000..wave_r=0.600..wave_g=0.600..wave_b=0.600..wave_x=0.500..wave_y=0.470..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.750

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-ECGMD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1209
Entropy (8bit):	5.2586765160250515
Encrypted:	false
SSDEEP:	24:Xx7GdgkeAt4QCcGjDsHR6urQfJO+TVZgM9VWDekXOYXM:JzAaNu1YTTcakXa
MD5:	AED38D7E0657BA8A6261B931EAF8D93F
SHA1:	3ECC8D1D532C8E0B3131C7B4500CFDDE5B98FFB2
SHA-256:	AD8F6EA5A5C61854AC642EF88D3E463821C55EE7337272C3FBEA47BDD7F13517
SHA-512:	417061A1BCA6E1C2E1C8518CFC1F9FBAADD75F625EA3A5AA6B7C86741AEC21D16EDC8BA309E78968B04AADBB801252AF292E77E30A14F2B25FC2DFAC945DB862
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=1..fVideoEchoZoom=0.999608..fVideoEchoAlpha=0.5..nVideoEchoOrientation=2..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.8..fWaveScale=0.011046..fWaveSmoothing=0.75..fWaveParam=-0.42..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=1..ob_g=0..ob_b=0..ob_a=0.9..ib_size=0.01..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0..nMotionVectorsX=1.28..nMotionVectorsY=1.248..mv_dx=-0.06..mv_dy=-0.026..mv_l=5..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp = 0;..per_frame_2=wave_r = bass_att.3;..per_frame_3=wave_g = treb_att.3;..per_frame_4=wave_b = mid_att.3;..per_frame_5=ob_r = 0.5+0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-EL0T3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1453
Entropy (8bit):	5.268451691528425
Encrypted:	false
SSDEEP:	24:8WkgjAp9N4zghGRDsHF7zUIFT8pKp6wOSsvav0VFi72JEqvoM:LO96MEuFXUtUUwOmv0VFr9F
MD5:	B20C86F67932051662C253D3CC6D1647
SHA1:	54255F815168F658C01500F433243B693A005992
SHA-256:	3E0D95715551DF3F6D0797C002E648D493B7B0E7DA62DFE106696D12F220E09D
SHA-512:	AA8975875D79A4EA1CC2035FF622ABF4CD39866D59B767FE243AB6DA7BC3F271ABFA00748818F19D98A18D7326B31065CFFB1C2F56BB315EA0D0E29F85797161
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1..fDecay=1..fVideoEchoZoom=0.999514..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.591236..fWaveSmoothing=0..fWaveParam=1..fModWaveAlphaStart=0.71..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1..fWarpScale=1.331..fZoomExponent=0.01..fShader=0..zoom=1.0003..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.4..wave_g=1..wave_b=0.6..wave_x=0.5..wave_y=1..ob_size=0.005..ob_r=1..ob_g=1..ob_b=0.41..ob_a=1..ib_size=0.005..ib_r=0..ib_g=0..ib_b=0..ib_a=1..nMotionVectorsX=12.799995..nMotionVectorsY=2.8799..mv_dx=0..mv_dy=0..mv_l=3..mv_r=0..mv_g=0.7..mv_b=1..mv_a=0.4..per_frame_1=zoom=zoom+0.028(bass+bass_att) -0.05;..per_frame_2=rot=rot+0.10sin(time);..per_frame_3=mv_r=0.5 +0.5sin(time1.23);..per_frame_4=mv_b=0.5 + 0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-F1B24.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6893
Entropy (8bit):	4.91352876566352
Encrypted:	false
SSDEEP:	192:DCw3JkS16tX7fOvl1uF1PtE92a8rfId4jKTwShCOyrCIlXbb758lsvrEb/DqzB8r:DnJkw6tX7fOvl1uF1PtE92xfId4jKTwM
MD5:	C5808740E23F54521A3A3D0D8DC5B3D9
SHA1:	438B11E70D19B16A5F409EF96AFCE006FF8FB165
SHA-256:	CDF094B1C31077C822E7B7230D42109670B3A182A73A130AAA6528650A130DDF
SHA-512:	B645D0E7CA108157A6AF8407BDB51BF12EB3569EF5044EDFB879247ABDE5C3264730337FC766B1602F017AE14F7DDEB99CA27FAFF6735AF241373E693BBE4477
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.006752..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.080487..fWaveScale=100.000000..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.000000..fModWaveAlphaEnd=1.100000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999902..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.006500..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-FR4KN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3912
Entropy (8bit):	5.255006993181645
Encrypted:	false
SSDEEP:	48:o3vaKhUh8HTaqflXZlSGPODbnTRS3OF7Q7wKJ3DNYeI4YU5qy8P:ciK/lXZlrIbnlTF7cfDNm4YpZ
MD5:	855A23C1E6C2F9E8FAAA128F60CBF69D
SHA1:	D5C6F856F963493264B3ED50A783FEC2327EAE45
SHA-256:	544BE10C578D7DF62E4AFE45FC3071406C32D83D8D87AE213D908B93F169CFB0
SHA-512:	A333B2F8423A492F5C66BE402421D3091B48C6E7030242BAD0C4708C8AE35015FF32FFBA22B25414BAEF32E9B8F6EDD1DBF1E747001A437CC4C1CB0C317DB891
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=0.96..fVideoEchoZoom=0.999836..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.01..fWaveSmoothing=0.75..fWaveParam=0.5001..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=0.9999..rot=0.1..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=0.5..ib_size=0.005..ib_r=0.5..ib_g=0.5..ib_b=0.5..ib_a=0.3..nMotionVectorsX=12..nMotionVectorsY=9..mv_dx=0..mv_dy=0..mv_l=5..mv_r=1..mv_g=1..mv_b=1..mv_a=1..per_frame_1=warp=0;..per_frame_2=vol = 0.167(bass+mid);..per_frame_3=xamptarg = if(equal(frame%15,0),min(0.5vol*bass_att,0.5),xamptarg);..per_frame_4=xamp = xamp + 0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-HGPJT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3743
Entropy (8bit):	5.220313681563867
Encrypted:	false
SSDEEP:	96:IZqLgJ4VhWmEaphOBIPdeKZlkXTbr4HvEwA+VPOC:IZ2gJYWXNKZwTbr4HvXeC
MD5:	95BEE95D290B2E51DA0FB5E8187F533E
SHA1:	9D950C171C1D07DB55D6B5C82FC61D8D22EFE389
SHA-256:	E185152FAF0FBF1FFBF224E2B1F6F3332D77A7DDCA2B43F67792847729558007
SHA-512:	BFC47EBC4092E60ED7D0BAF4B42C38F057F10FF400021EAB94271F3ABB685578E951D7ECF040CC6D2AE422FBA4726FC2F1D182A815054F97A61998A6F9F8B9E7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.994000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.334693..fWaveSmoothing=0.750000..fWaveParam=-0.019900..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999900..rot=0.100000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.002000..ib_r=0.400000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=12.000000..nMotionVectorsY=48.000000..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-HSE9M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8079
Entropy (8bit):	5.092877648256201
Encrypted:	false
SSDEEP:	192:dxWaks/C+tupmOvq1HFMtE9vgTJoI/pjj6nSQCnyrCIWag9v4T8kNArFbGDqzBPO:Lgs/C+tupmOvq1HFMtE9v8oI/pjj6nSG
MD5:	C4A01161F1F3905B7FD89FA4A3992E3D
SHA1:	018F5A0E74F8EEF34DBB119D4290D7ECC93B2B20
SHA-256:	8A24254C58584B0A3BB4E4F2EF7E60F24B6B1155F254D902ED5D142888AD91A5
SHA-512:	D050C13376CCEE1FB210296DF847FE322189D6A0B77D86ECDB5E8042A278566FFB32E76F746D38089CA31F6DDE6882ABA54936DFD589D589B3B8D536B68984AB
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.994000..fDecay=1.000000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.634243..fWaveSmoothing=0.100000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=100.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000156..sx=0.999666..sy=0.999900..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.460000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.250000..ib_g=1.000000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-JOI87.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1654
Entropy (8bit):	4.950312852298314
Encrypted:	false
SSDEEP:	24:8JogLh24KuSW5JI3H5OaAJWDhR5xxXRLWg49/srM8KUfzXoao2Ee66:QRJn523H5OaAJWDhjDhLf9t
MD5:	376C67B0BEDBABD5BD1992D772243E6C
SHA1:	B16FAB033BD5DDF7E4AF9AAC2CF1B8157458888B
SHA-256:	9F1E126726A3B257C88E2C3D80916D558A4F33DD828368DEBFB1D31DBDAC29A2
SHA-512:	1355F93952919DD9080C186A851D8358A5AAF5B68C382DABC3EA57517D700C0BA2495726A64FED14BA37A9B996A85BAA840FFDCE636EDAB801778BC2FA26820F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.998000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=7..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.054200..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.850000..fModWaveAlphaEnd=0.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.965683..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.220100..sy=1.000000..wave_r=0.400000..wave_g=0.400000..wave_b=1.000000..wave_x=0.500000..wave_y=0.100000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=1.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=1.248000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-JTV6Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4159
Entropy (8bit):	5.199843688617762
Encrypted:	false
SSDEEP:	96:b93J4VrWmkKVuILTKvvE/DNLJsFwQDEZ/PZldZl9ObjqeCPpop:h3JqWpjILOvE/R0h2HZzZjObjqlhop
MD5:	CF3D3B7A5DAC2C5FF9DE023848C7EF47
SHA1:	C053566FE72F7DD80C2749B97FCDB62CB09E8BA6
SHA-256:	2D9BC593733CF39EB50375343C25AAC679C109A22461F43ECB40BF3EECD7C9E8
SHA-512:	A9EDD152A6F7E7D715EF35D2F741637E12FD5FA1B1FD35522CEDC342982E723158DD570EEE7686BB90337682CD9BFFB05A2BFCDCCB99E8A3987965E298B4AA69
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.640100..fWaveSmoothing=0.270000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.010000..fShader=0.000000..zoom=0.996546..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.960000..ob_size=0.010000..ob_r=0.000000..ob_g=0.900000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400000..mv_dx=-0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-KMVQ7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10074
Entropy (8bit):	5.275350934262689
Encrypted:	false
SSDEEP:	192:r7hrAm5qJ6nL9RdAOgwZnbXmYCKOlVG9/f7KJ1+ytGL29TgGxAeF:r7hrAEL9RdAOgwZnbXmYCji/fsBEigGh
MD5:	973F655B05F5705AB62EB27DF8FCE7CB
SHA1:	EE18E6BD6776D96FB10949242895051997348DDA
SHA-256:	67336F644881356F1AD219F371067559A853FF8CC4872E4B8B843F67D4E40EAC
SHA-512:	9D598CD136A8FB28DBEF3C2EFE777BE720CAA28434AFC9A1348E989EFB1161871E7600E582D53776AA7F88D09C498190FB7E519392A226DA1135387BE6904780
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.720..fDecay=1.000..fVideoEchoZoom=1.006..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=2.782..fWaveScale=0.590..fWaveSmoothing=0.360..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=7.52390..fShader=0.000..zoom=1.00990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-LD5PS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1879
Entropy (8bit):	5.1239316117569995
Encrypted:	false
SSDEEP:	24:X9q8gOrL4DUS85Jz9+AE5OdKLxYdexNcZR66ZrfoOqNZfVs+bEoOqkM8Niat7E7L:gYEw5h9+AEcHWNeQ6ZkN/6M88atgG4
MD5:	D46885F7A9A779741F73070CA9F29DB2
SHA1:	33A2E3CB3B6F706F2A9709CA1C058BD05D41AD6A
SHA-256:	AE61CDC4B306DC0F8A58245783FA54BBBE03F7411E731A486D67F63465CA8A75
SHA-512:	278B443B640C325B514273154231F3219C552A4B74962D4EBCF6720BB0A3FCC7FAD0678778DB99B64872EF275E34C79B4C636BAA051E6CD6547265E1AC69CE12
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.053731..fWaveSmoothing=0.360000..fWaveParam=-0.500000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.903947..rot=0.020000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.198054..sx=1.072135..sy=1.232392..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.050000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.500000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400007..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-LF21F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13550
Entropy (8bit):	5.118044659886269
Encrypted:	false
SSDEEP:	384:lj8y95bmdd8ftN0Og90HPFMtE9vxnIMaIKThLQ7OyrClMvDd5dkNvrEb/DqzkDtb:lj79cnGtN0Og90HPFMtE9vxnIMaIKThi
MD5:	4E7303F50AA738CB652AEA557448CB69
SHA1:	6EBB852C7FFFF9983EAA82D8F9C6A3E8223FAB4B
SHA-256:	3EDDF1CBC2DFF1BE683D98DE6ABA039C2D50F14F7C7591ADE8753E8AB840F8B1
SHA-512:	2858976AF8DA83B44965B96D3DA6C2EE226BFF6DD73E29EECEB2DBB8C8C0A4A84180663AC45FD04E8AC80FD233BFF7A6E166B5453C7D440C46202DD3900A04BC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001273..fWaveScale=0.180933..fWaveSmoothing=0.750000..fWaveParam=-0.200000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=9.860800..fWarpScale=16.217400..fZoomExponent=1.503744..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.999999..sx=1.000000..sy=1.000000..wave_r=0.900000..wave_g=0.200000..wave_b=0.400000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=1.000000..ob_g=0.100000..ob_b=0.000000..ob_a=1.000000..ib_size=0.075000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-LGVSJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1844
Entropy (8bit):	5.0394060484818235
Encrypted:	false
SSDEEP:	48:wqa9Wlg523Jqu9+AEqMk1yNPPqbzJ0eqzo:wl9O3JgqMOWc4o
MD5:	561A5B0F08D3060F3181C8A1E8B22C88
SHA1:	CA4AEB5D849CC74F30A8A94A229ED1687A7BBF15
SHA-256:	7A1074F2717724C225FF158C8E6F74A145E5F1F24843BD3CD6F5E04EA6C1A97E
SHA-512:	95DC44E29197CA5888D182A8B1B3BBE42CE68E1E54FDC804DD98BA2B890231FE2215D3248C038DDD9309BBB472D338793DEFDCDC577000E5F6370AEF8C470840
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.700000..fDecay=0.968000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=0.046000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.020000..ib_r=0.950000..ib_g=0.850000..ib_b=0.650000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=0.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-MC2TD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2190
Entropy (8bit):	5.115780595039198
Encrypted:	false
SSDEEP:	48:JqLgu1d5Q3JqSl4V3AE5MzVTsmwoMFFFUeF11:buK3J4Vh5Mds/LTFUeb1
MD5:	FB1B1F48420117EDAFD05307373B1976
SHA1:	9CCBBA53039304724425B9BE336100BBE8EC1CC7
SHA-256:	501BE1112AF6803073F086045324987EB14DF69BA4B514FA2B6522E983A21311
SHA-512:	882ED823FF11FC50FFA8E9A892F94B95B0670B9B9962FD9BA0728FC1E321A90C2E5A030B6CDA0B718D97A317F06CF6659D18E81F5573B4241263B1698D6C8465
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999994..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=10.444094..fWaveScale=0.591233..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.500000..ob_g=0.100000..ob_b=0.200000..ob_a=0.500000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.500000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-MT0JF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1873
Entropy (8bit):	5.271285247101332
Encrypted:	false
SSDEEP:	24:XxeGgON64QCcGRDsdoGXgzH3N+DH7GZo0MS7AXIi1UhFYgPVnkzwb8e1zW9t:c+lH3GX8NYHCo0H7AxUhagPt8Dj
MD5:	810341313BE702F5CC8DF34FA560B5A1
SHA1:	C89D347FB8D5A910D9431B3B9B7006A92DB7BCB2
SHA-256:	9D37702932F7B3CF41721D4A6F1AF261A342A2DC837A817D0A2BA3503CC0FB7C
SHA-512:	0534EC004911A97FB960F557A002A8B736F67DD94F88A6CBFF0745A0156B83650D707D94CF3EBA5FD1D04363B328CB72467EA62E630D29BC0B59DDAB5A01AAB7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=0.98..fVideoEchoZoom=2..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=11.94..fWaveScale=1.599182..fWaveSmoothing=0.7..fWaveParam=1..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1.772..fZoomExponent=1.001..fShader=0..zoom=1.007..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0..sx=1..sy=1..wave_r=0.7..wave_g=0.3..wave_b=0.3..wave_x=0..wave_y=0.5..ob_size=0.005..ob_r=0.4..ob_g=0.3..ob_b=0..ob_a=0.7..ib_size=0.005..ib_r=0.65..ib_g=0.05..ib_b=0.45..ib_a=0.3..nMotionVectorsX=12..nMotionVectorsY=9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=wave_r = wave_r + 0.200( 0.60sin(0.823time) + 0.40sin(0.916time) );..per_frame_2=wave_g = wave_g + 0.500( 0.60sin(0.900time) + 0.40sin(1.023time) );..per_frame_3=wave_b = wave_b

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-N3UOH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2098
Entropy (8bit):	5.101505152355616
Encrypted:	false
SSDEEP:	48:R6YWC5b3Jq5d3rAM/C9WKVGax8kduuG+oYz:QYp3JO5ODxluuG+oq
MD5:	6BC8CDD98E02A6357EA1344E11362058
SHA1:	990B811641BB1AF66F27722C25E14D54B5E02520
SHA-256:	1E2C23DDD7A117D616EB3457559CA257AE83C9D913900F7E0CB1A424537C68A2
SHA-512:	0446298E1396273EEFDA5B7043791B6384D607D1448315EC4661C512A5C1341EBD794144D6F21954B2A7F443A6D5B0AD7666C5D965D01C2C8B8BC0FA0B7E2C28
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999514..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.591236..fWaveSmoothing=0.000000..fWaveParam=1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.218587..fShader=0.000000..zoom=0.961268..rot=0.000000..cx=0.500000..cy=2.000000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.400000..wave_g=1.000000..wave_b=0.600000..wave_x=0.500000..wave_y=1.000000..ob_size=0.005000..ob_r=1.000000..ob_g=1.000000..ob_b=0.410000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=2.879900..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-NIR7U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7843
Entropy (8bit):	5.103573643330608
Encrypted:	false
SSDEEP:	192:cT3Jq/OktupmOzl1HFOtE9vgLJQI/Yjj6wSQCtyrCHF8Agtv4T8kN3rFbkDqzwFM:cLJq/OktupmOzl1HFOtE9v4QI/Yjj6wU
MD5:	432F997C3A9737F78816A7C5B981EB8D
SHA1:	02623B0A66876BC19B457A4D9A0CF0C7CA6BAD07
SHA-256:	B18E158E3CC0CA4E5C8C8ECE6261714737F161242C1CA3B46E387FB75E24C620
SHA-512:	6B44B70596BF1093BA9B49E057374FA15D269D9D0716ABBF85F5918FF9F25415570B11098175AD90BCCBC44A8121BB3BA61CFDC5F33CCA30197D1F0C3D2A65C9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.640100..fWaveSmoothing=0.270000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.010000..fShader=0.000000..zoom=0.998531..rot=0.002000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.960000..ob_size=0.000000..ob_r=0.000000..ob_g=0.900000..ob_b=0.200000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-NMVQ8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7727
Entropy (8bit):	4.928629640308355
Encrypted:	false
SSDEEP:	192:2Y0hWn1Lt9f7mOv91uFtMFc2xOdzIOa4jj6QShCOry7ZaOMZvWd58kNvrEb/qDau:KhGLt9f7mOv91uFtMFc24BIOa4jj6QSY
MD5:	8E2AAD8A43CEFF89CCABDDB666F028D9
SHA1:	42E2E71B3CA06BA5B78155D32AB43230C03F0767
SHA-256:	A3ED058386BEF1D89B5E10F5E778C4FE1A0F3385E9D0CC43976BB4ADF12BB662
SHA-512:	6A3585581464E00E6760322EE669A32A2777C5E8119028600ADB3F43C53FDC2FA0D9D9615DE58DF253F01EB3435540BC7B96503943E351F903A27509B2DEFC01
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.000000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.645252..fWaveScale=0.010000..fWaveSmoothing=0.500000..fWaveParam=-0.500000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=2.853000..fZoomExponent=2.100000..fShader=0.000000..zoom=1.025000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.290770..sx=1.000000..sy=1.000000..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=1.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.015000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-O6LEC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9878
Entropy (8bit):	5.198719066452986
Encrypted:	false
SSDEEP:	192:rf+dIX5qY64nR1K8SVYgfX7buu5vJvYChZJ3tehJCu60hL:rfKIvnR1YVYgDbXvYC53tehJCZM
MD5:	359E9FE1251F4FD736DE327FA60F8A3E
SHA1:	7FAFED2A7D8ECD5D24DB4820FFEC5DEFC969208D
SHA-256:	9F0C377664A8C1B1E6DD5D86F4DFD859C582221401D3DDD5D93C2FB81C6189F1
SHA-512:	0C9F4891E045044FE0C432F36135B37338CD5DF4E0A6974AFB20E027467F33430EA832D71364416451CE53CB25C2C94E2CF6779FD0BCF6234BBE0B5EBA3C4849
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.100..fWaveScale=2.781..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.000..fModWaveAlphaEnd=1.100..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.00990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.007..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-P4MQK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8439
Entropy (8bit):	5.157739481277602
Encrypted:	false
SSDEEP:	192:rO7IX5qY64nR1K8SVYgfX7buu5vJvYChZk6x2MAF:rO7IvnR1YVYgDbXvYCneF
MD5:	55002EB5E5C500B826E21E59E890ED73
SHA1:	2AB4B8699F96493DCB6A653415BF205EC5067D67
SHA-256:	310B5CAF73EA5C3FDB854ED640A15ED6A16348C8938DB034729D4C02B0FC6E6A
SHA-512:	D03ECE02AFB832357E0BF4D79FF10EC8CCD4AA426A75C8D70289388FD1EA9FA211BF03F5255DD3A60D6B8DE01237B5B71B45B97120405A867687C48431352169
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.100..fWaveScale=3.815..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.000..fModWaveAlphaEnd=1.100..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.00990..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.04177..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.007..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-QA597.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5997
Entropy (8bit):	4.790087932963142
Encrypted:	false
SSDEEP:	96:oBM4VhDd1S0tZf7mn290HEttE9vT/TIEFYa4jj6QmnQCnyrCHFVPvHdFPLd58kNA:pY51BtZf7mn290HEttE9vnIEFYa4jj6O
MD5:	26DD7ED9508254929CDD49D81595D6F0
SHA1:	ADD68E43B01B30472038128CE735A5D0D5D8D3A0
SHA-256:	53F3EE696AD299E881EC43ED5CD0C191D5742EA140DA9AC70579A8CDAA42D39F
SHA-512:	31399AEBEF8F4D966E7771C2306EF96BB5D3BC0955062C70F8A442BFE5ADA00AAC6FE3FC5BC7A5BA896B7D65A0AF2B93A4707AC4C55324815C35CE4787EC2A05
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=4.574798..fWaveSmoothing=0.750000..fWaveParam=-0.400000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=9.860800..fWarpScale=16.217400..fZoomExponent=1.503744..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.999999..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.040000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-QGTST.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1857
Entropy (8bit):	5.057906649431076
Encrypted:	false
SSDEEP:	24:8T9Tdg1Q+h4DUSP5JI3Jqu9+kFWDhREaxcZiRZ0g+S8GyRutCYMPl+oG/2ifyR:c3+Gz523Jqu9+kUDhteGHFzM0oBi4
MD5:	7DCC5B25057B45447EE6785449698100
SHA1:	F2E4EE9EBD0A2F2495CC17CB08B505C8F8D48083
SHA-256:	8F69834187C87F27CAEC0FE7ED5A99F38060E542979DE5F29D091DBDA0BFF1DE
SHA-512:	13D9E1528CFD060E99F8B9FBEBC73B3966E125EA048D51A04F2C57BCC6E0C352B94F28184665D2762041C3E10D6F75C0B434F9564234EE68414B8E2BAA7E12D0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.000000..fDecay=0.990000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.032378..fWaveSmoothing=0.630000..fWaveParam=-0.400000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.045000..wave_y=0.940000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=1.000000..ib_g=0.000000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-R9G54.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2685
Entropy (8bit):	5.333913976563192
Encrypted:	false
SSDEEP:	48:qzc++iP/UFXjTAzqX8uzKh1QmfwoQZl/mZlLyrXcbrp2J9t/XK9zvN:FLiP/wTH8ZfpQZl/mZlmIbN2N/69zvN
MD5:	986E77D429DC0BE6468B24E9B597E214
SHA1:	787E20F5FB24A2F14AABF6B13850BCF8DECA86E7
SHA-256:	25DE765B15FD6F7877661229CB1A60A0A5E50AACE61B58ABAA23403A1B94540B
SHA-512:	0FA5977F5B3003A9B1E57B992DAD60DAEF3B7126FADECA70F2B756503708D1DF84C12E577E77A17509F9EF6BF33728F91780B32A317471407695370636F88D9B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1..fDecay=1..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.6401..fWaveSmoothing=0.27..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.99579..fWarpScale=1.331..fZoomExponent=1.01..fShader=0..zoom=0.998531..rot=0.002..cx=0.692..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.96..ob_size=0.01..ob_r=0..ob_g=0.9..ob_b=0.2..ob_a=1..ib_size=0..ib_r=0.5..ib_g=0.5..ib_b=0.5..ib_a=1..nMotionVectorsX=0..nMotionVectorsY=48..mv_l=5..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=ob_r = 0.7 - 0.3(0.5sin(time1.701)+ 0.3cos(time0.438));..per_frame_2=ob_g = 0.5- 0.4sin(time1.724);..per_frame_3=ob_b = 0.5 - 0.35cos(time*1.196);..per_frame_4=w

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-RRVPH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2189
Entropy (8bit):	5.065323469065928
Encrypted:	false
SSDEEP:	48:pyf9Lo5Q3JqKd3aAQkqJ+VFVqLQsusywFkH7nySQ:Mf9X3JEklVFCQs7ywSyr
MD5:	2FD3EF0261A2F784A3900C5430713317
SHA1:	3585E63B93E29CDD465152A514AAC6AEDD3E36EA
SHA-256:	A31913B065DB22972793AFA8BB67D832A58099302A88C020AC5620AD0D25759C
SHA-512:	E098F77533B44C49E02213726623651C87D3BD264451EB693C31FDE7307FCF3D0DEABF581ADA8E24BC4622D444AD34400C3127698C6E7BB1B4A99F88E970F29F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.010000..fWaveSmoothing=0.500000..fWaveParam=1.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999996..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.980000..ob_size=0.014500..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.015000..ib_r=1.000000..ib_g=0.600000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-RSQDA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3900
Entropy (8bit):	5.3608160811230245
Encrypted:	false
SSDEEP:	96:G9xDWEEbuXj3/NDnZa13vrHTqVvbmevN6O0B:2Dbkuz3avCVNolB
MD5:	DC9E167ADD0810FE0520371E469D7FB8
SHA1:	93E124B34F3CA4D18336509B364C8222E0D2DAB9
SHA-256:	3781801467A8F2D7C5A0B886D94C67D325DB839F9FC76F90E38FEF73FB3B81BD
SHA-512:	10C22BA28810B030A462EB7896BE5C01F1D70A0439E9F8F6FF4379B54A4D0DBDA0439FEB72307BBABB772CFB34CE887FF3B4B97FD57AEA04D903E48C776CFC7B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=1..fVideoEchoZoom=0.9999..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.868..fWaveScale=0.282091..fWaveSmoothing=0..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1.0017..fShader=0..zoom=0.9881..rot=1..cx=2..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=1..ob_g=0..ob_b=0..ob_a=0.2..ib_size=0.005..ib_r=0..ib_g=0..ib_b=0..ib_a=0.6..nMotionVectorsX=64..nMotionVectorsY=48..mv_dx=0..mv_dy=0..mv_l=0.55..mv_r=0..mv_g=0..mv_b=0..mv_a=0..per_frame_1=warp=0;..per_frame_2=le=1+.5+2*sin(bass_att);..per_frame_3=bpulse=band(above(le,bth),above(le-bth,bblock));..per_frame_4=bblock=le-bth;..per_frame_5=bth=i

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-SFI0Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1824
Entropy (8bit):	5.1081916422791
Encrypted:	false
SSDEEP:	24:X9q8gOrL4DUS85Jz9+AE5OdKLxYdexNcZR66ZrfoOqNZfVs+bNoOqkM8yiGCf:gYEw5h9+AEcHWNeQ6ZkN/PM8R3
MD5:	8AFC79005ABB89436EAD94A35E040564
SHA1:	AD0077EB8A4583D0B04F54644293E92C5E324130
SHA-256:	DAD69F4EE66B556BE57F7578A7D54973FE4F291FF19018A12A52928E00068A17
SHA-512:	995FA7E8DEBE6E455BCDE4230F0B23C65FE39236876B160BD7B7930B89DF043FFEA2019993A6910AB0FB7B491CBEC4A91EB494DF0EBD6A4B803CBDCB65D57D6E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.053731..fWaveSmoothing=0.360000..fWaveParam=-0.500000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.903947..rot=0.020000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.198054..sx=1.072135..sy=1.232392..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.050000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.500000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400007..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-SLH0H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2302
Entropy (8bit):	5.143167584926103
Encrypted:	false
SSDEEP:	48:FMO1t43HDd3FAEnhIyBvlX0ldmf+yfZfoDjftfo2JfffRlVX7ty/I:hg39n2slX9dNov5o29HRXtyQ
MD5:	14058BE05150E364134273816686C7C9
SHA1:	970F119EED28474FC5FEE1C09797536BA74C1C08
SHA-256:	4C3B325E3A4C70B372E4D1D70E9A23680AEB20BDC4E25132F212E472DFBCD5F0
SHA-512:	E8DB02BE376E65D606FBBD81133A1CA18D3E1DF4B88B24C70F3FA8078403183964074F5E9F22BB13D57F8B9C7279E97F25C4E8C3436919EBA6D2C5E47EAD695C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000400..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.005730..fWaveScale=0.282090..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=1.489999..fModWaveAlphaEnd=0.750000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.690737..fShader=1.000000..zoom=2.380962..rot=0.000000..cx=0.499900..cy=0.499900..dx=0.200000..dy=0.200000..warp=0.010000..sx=0.463935..sy=0.535239..wave_r=0.000000..wave_g=1.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.030000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=1.248000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-SLM60.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8098
Entropy (8bit):	5.212141467976436
Encrypted:	false
SSDEEP:	96:8+eMxV83QPlilwWB8S1RPG0XwqvzUaghu5vJq6kudJfSl4oJ2YLqbHF:rU3QUGs8SfBXdbcu5vJYM6x2MAF
MD5:	4AE21596F1FB47C96EEA6B6A643220F8
SHA1:	0237A09052EF22AE2800B2B07B0A06AC95C31828
SHA-256:	6B9F880FE3CBF636BD406FE7DAF5069C5A6DEBD11E3466A798634C6BACD1529C
SHA-512:	1C75FA3C6000AD9CFA4FBAF977FE13AE9D88770D7D48C7BB06A5325E21BCD1D1A5DE34D1B9B56B8E5313E55937884BBEC11D283FB116652CF27DE0472EEEF568
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.0..fDecay=1.0..fVideoEchoZoom=1.006752..fVideoEchoAlpha=0.5..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.1..fWaveScale=3.815202..fWaveSmoothing=0.9..fWaveParam=0.0..fModWaveAlphaStart=0.0..fModWaveAlphaEnd=1.1..fWarpAnimSpeed=1.0..fWarpScale=1.0..fZoomExponent=1.0..fShader=0.0..zoom=1.029902..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.010000..sx=1.0..sy=1.0..wave_r=0.650000..wave_g=0.650000..wave_b=1.0..wave_x=0.5..wave_y=0.5..ob_size=0.006500..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.260000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=64.0..nMotionVectorsY=48.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.850000..mv_r=0.499900..mv_g=0.499900..mv_b=0.499900..mv_a=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-T4CFG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7843
Entropy (8bit):	4.981820903400225
Encrypted:	false
SSDEEP:	192:sj8WQ01Bt7fBn290HEttE9vXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqzwFn:sj86Bt7fBn290HEttE9vXIoYa4jj6QSQ
MD5:	424B7D70F6AAE401EB150AA8E7E3BF3D
SHA1:	76B511A899E088F09ACA1ED7E512666380D69B01
SHA-256:	8EB08DD7FB2A9737602440CFB25E897DBF650331FBFDA757FE80C42468666C0E
SHA-512:	1312EE2B72B5A4D5535B1601FF41BAAB766E4A1F8E258298826F68FB17170290DEEB24A708DE4087BF649FE5A0A2859C490230AE8ED51EAFA2A6B4F5970E9D7E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=0.180933..fWaveSmoothing=0.750000..fWaveParam=-0.200000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=9.860800..fWarpScale=16.217400..fZoomExponent=1.503744..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.999999..sx=1.000000..sy=1.000000..wave_r=0.900000..wave_g=0.200000..wave_b=0.400000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=1.000000..ob_g=0.100000..ob_b=0.000000..ob_a=1.000000..ib_size=0.050000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-VDVKI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6300
Entropy (8bit):	4.85309975321773
Encrypted:	false
SSDEEP:	192:WYC1BtHf7mn290HEMtE9vXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqzwFDa4:WYABtHf7mn290HEMtE9vXIoYa4jj6QSu
MD5:	0AA6C11B58D5A7A28F5886A88EA9B3F8
SHA1:	77A6C382FDC721CE9C91572C920B85B0E64AD784
SHA-256:	6E4AD9A9F70742481E1201E2D17667AD56022ECF1D4F20E733CAC44E8B049F9A
SHA-512:	BC4EDC1DE974F714C46978C2CDCBB8A46E36DCBB74BDE752777757A4645AFB009B5B47CE9125F75AD00328A1E0398FAA6C13AE890FDDB36353D013F233005FA6
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=4.574798..fWaveSmoothing=0.750000..fWaveParam=-0.400000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=9.860800..fWarpScale=16.217400..fZoomExponent=1.503744..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.999999..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=1.000000..ob_a=1.000000..ib_size=0.040000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Rovastar\is-VKC2H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1520
Entropy (8bit):	5.321675463732052
Encrypted:	false
SSDEEP:	24:Xc1g1AsZqQg40nhG/ADsKvu6X5UJkaVHUKp64QRmZpTOxVfou9s2NymyqdFdD:szQH9O/u6X5UWKzU4dZpqQusudFp
MD5:	93077F36F53214405CF33F54811A6D31
SHA1:	31A672E848CECD366EDF31A5F6A4E9E8278E5BFD
SHA-256:	FC666C4C4A1500B655E0DDD2B47BE6422311285487B2E08D8FCCAC4A3395E053
SHA-512:	BDC25061871909529A77FCA9FC3150D50F380BA197DC47DF92BE12F19763CEB329EFB1C3AE3D856F91B0F45DE5AF8141602A63DBFFDB799EF639F6E315A3F7B1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=1..fVideoEchoZoom=1..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.438649..fWaveSmoothing=0.5..fWaveParam=0..fModWaveAlphaStart=0.5..fModWaveAlphaEnd=1..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=0.999996..fShader=1..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0.00001..dy=0.00001..warp=0.01..sx=1..sy=1..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.976..ob_size=0.005..ob_r=0.4..ob_g=0.3..ob_b=0..ob_a=1..ib_size=0.01..ib_r=1..ib_g=0.6..ib_b=0..ib_a=1..nMotionVectorsX=0..nMotionVectorsY=0..mv_dx=0..mv_dy=0..mv_l=1..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp = 0;..per_frame_2=wave_r = 0.5 + 0.3sin(time0.894);..per_frame_3=wave_g = 0.53 + 0.33sin(time1.14);..per_frame_4=wave_b = 0.2 + 0.2*(1-bass);..per_frame_5=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-0R3FJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4301
Entropy (8bit):	5.284625148216884
Encrypted:	false
SSDEEP:	96:Eqf3JgDJYIVefpMBOCJyVL9xS/w+oYhEuci2GI6qbop:E23JglYJMBvcVvyw5S
MD5:	3F0A894B6E008146275D1361B869BF5E
SHA1:	06B56C6426852397166A7E3C3A3372ED89C98455
SHA-256:	6F2C4B46E34AD569122480B63E7244D2A7C2D8783DED8EE0E0FC41AD1A895191
SHA-512:	24D18008ABC608A93CE92C73F94B7C16253E6C35B4B294669DF89F6B2D4AE71EF0371520833DD653D80001FC0BEB590DAF0E5A43C230F5335098792B2382F873
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999489..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.059269..fWaveScale=0.653093..fWaveSmoothing=0.270000..fWaveParam=-0.380000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.337423..rot=0.001900..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.500000..ib_g=0.900000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-1CBPE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3838
Entropy (8bit):	5.287172694975111
Encrypted:	false
SSDEEP:	96:FY3J4Vhep8WEEbuXj3/NDnZa13vDHTqH6O5LO:y3JYFbkuz3avKa+LO
MD5:	5DE131ABBBB4FCB12F8CC4F2DEE33C37
SHA1:	4A5204646BB92F014CFF7702B424DFFEBC52A406
SHA-256:	F982DEF7A6602408930422FDE6D920DE66562A2D25B4012EC71455225A81409C
SHA-512:	09C025D204AE7ED0AC46ED4A2593D128C935FB76A96325A12C69C563A0D861F77A3E14D77AE90196CF858705357EE06D810B3E8B1EEF70A41C7EBDBC200C7D2C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=5.000000..fGammaAdj=2.000000..fDecay=1.000000..fVideoEchoZoom=0.999900..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.868000..fWaveScale=0.282091..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.001700..fShader=0.000000..zoom=0.988100..rot=1.000000..cx=2.000000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.600000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-32M06.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3768
Entropy (8bit):	5.290779059094237
Encrypted:	false
SSDEEP:	96:GX36Vhe0M8WEEbuXj3/NDnZa13vcQTEtTIF3:M3CNDbkuz3avQTIF3
MD5:	FBCE6E62725DB9115488702D8FD350B5
SHA1:	BEEFC5EBD96DA06FED966766F2F4314BAAA56D07
SHA-256:	498BD6E1FAFC908584EA2F02B3470DF5843C2174732305621AF6B04C80E6CA0A
SHA-512:	5110653B44B974767DAEBC599B0AEE96B9C78449BF239CDDCD35841181584D43279CF46EBB039EEDC9FD13529D645EB2053E337BEFBE93A639AD3FC1910F8886
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=4.141529..fShader=0.400000..zoom=1.001507..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-4UAGF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1670
Entropy (8bit):	5.272749903740217
Encrypted:	false
SSDEEP:	24:XxuskOgOAbc4qjhGjDQiyYU3kH3KKp6aPCOrAGOXFHA3ouVsYX7W5GNZW3:csI7J7yYU0hUaPvrAZXdTiso763
MD5:	41A9B8CF25A0F70207F5DA8E50AE82BD
SHA1:	CDD047DF1412DF644419458A867ABA7D82D11687
SHA-256:	DC22FC36ED65AED396ABF2D07E1FA7F034D287D5186FD2C9C9929F4B8498FDEC
SHA-512:	98918CE0A2351CBA823308CABB45BC648B9BE38F29EA5749D53C0E55F092B5029179CA449D1D12BB31203CB6913B9908033F5D44761E6DD0BE5995F120681ADE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=0.985..fVideoEchoZoom=1..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1..fWaveScale=0.040271..fWaveSmoothing=0.75..fWaveParam=0..fModWaveAlphaStart=0.85..fModWaveAlphaEnd=1.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=-0.19..cy=-0.1..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0.4..wave_g=0.4..wave_b=0.4..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0..ib_r=0..ib_g=0..ib_b=0..ib_a=0..nMotionVectorsX=12..nMotionVectorsY=9..mv_dx=0..mv_dy=0..mv_l=0.9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp=0;..per_frame_2=wave_x = 0.01rand(100);..per_frame_3=wave_r = 1 + sin(-wave_x3.1415);..per_frame_4=wave_g = abs(sin(2wave_x3.1415));..per_frame_5=wave_b = sin(wave_x

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-6J2B3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3428
Entropy (8bit):	5.231441600767431
Encrypted:	false
SSDEEP:	48:fuWMgMzNPgmDHRB0slvvyVB9xgDHfN+wYNPZ9ermFFXCUBkmG/Plhus:JKTDHRB0CXyVB9xS/N+ZN/smItPfus
MD5:	A1FD9E1263DB0F2F498274D6A0B5D7B1
SHA1:	4F9C5A1C5637E513E8DEB5FD9EFF9A1609A1E3ED
SHA-256:	5328BD3B2A852FEBFDE330FAC7D09120E2211624064F981A51484903E8F38CB0
SHA-512:	F512177278828224D9A81C27C8416113FEB678266156A3B3765C5878C0F2D0A7BFFBC374AC32BB14F7F7218FF28087AFF80183BAEE260BBC7207A9D85E9E88F5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.991..fVideoEchoZoom=1.008149..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.160929..fWaveScale=3.394157..fWaveSmoothing=0.54..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1.772..fZoomExponent=1.96..fShader=0.07..zoom=0.999698..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.513..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.01..ob_r=0..ob_g=0..ob_b=0..ob_a=0.58..ib_size=0.015..ib_r=0.55..ib_g=1..ib_b=0.4999..ib_a=1..nMotionVectorsX=12..nMotionVectorsY=9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp=0;..per_frame_2=old_bass_flop=bass_flop;..per_frame_3=old_treb_flop=treb_flop;..per_frame_4=old_mid_flop=mid_flop;..per_frame_5=chaos=.9+.1*sin(pulse);..per_frame_6=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-7GDJL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3951
Entropy (8bit):	5.350186571283568
Encrypted:	false
SSDEEP:	96:K9V+pEOC3xDuRi79xN/w+ovyrTCihTOEJC+l:HpaUguQ
MD5:	B3CAB74F9925116B5F62CEE0F20B8F28
SHA1:	EAFAFED995B0B7E545BE936FE797937E3E39E4BE
SHA-256:	3A9A3B1E24C00927134E5AA525A4F40EA5092B859D4C5844F048907B77F569C5
SHA-512:	79A5BFFB1F53895B6C94EAF6274D516AE402939E80647393C7CB14A6A99968721F558205D9DBA804765419FEF81A6A88D012FD00B95E57415E193380C683ADC0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.996..fVideoEchoZoom=1..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.8179..fWaveScale=0.397105..fWaveSmoothing=0..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.9957..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=0.998108..rot=-0.76..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.350495..sx=1..sy=1..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0..ib_r=0.5..ib_g=0.9..ib_b=0.5..ib_a=0..nMotionVectorsX=31.999994..nMotionVectorsY=28.799999..mv_dx=0..mv_dy=0..mv_l=0.85..mv_r=0.4999..mv_g=0.4999..mv_b=0.4999..mv_a=1..per_frame_1=warp=0;..per_frame_2=rot=0;..per_frame_3=old_bass_flop=bass_flop;..per_frame_4=old_treb_flop=treb_flop;..per_frame_5=old_

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-85B7G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8019
Entropy (8bit):	5.036931919359203
Encrypted:	false
SSDEEP:	192:D23JglYd11tuFOv91HFMtE9vSIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqzw0:eJgyz1tYOv91HFMtE9vSIoYa4jj6QSQs
MD5:	34B1BC69D9C11BC81634307F2A2CFE32
SHA1:	C113E9B4ADA87AD7DB7BB17CE9CD79C9BCCA3B9B
SHA-256:	57E3484211F9D394AFD6FB086C83D7152B7520C97170544C58F9D7F7531CEEB1
SHA-512:	FD8A062B7BC149B5412D58CF44CA5114456A74E059019402CD896D827E6B474EC188556ACB8A519F0E4C3208EE261588E8D27564192218AC7F049657DD197607
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999489..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.059269..fWaveScale=0.653093..fWaveSmoothing=0.270000..fWaveParam=-0.380000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.337423..rot=0.001900..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.500000..ib_g=0.900000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-AHC6H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4101
Entropy (8bit):	5.27234777922361
Encrypted:	false
SSDEEP:	96:HRqD3JgDJYIVefpMBOCJyVL9xS/w+oYhEuciP4I65b:HRy3JglYJMBvcVvy1Sb
MD5:	1A2A3E7D5587C4E907F4049EDB72E0D0
SHA1:	6D00CAC75842AAC144294E0EDEB06EE4115D2C32
SHA-256:	5D59B5581A50AD6543316E0C22A21018BCFA2424A4FD4A318533CF51577E02BD
SHA-512:	1F6DD68061DFF575A82ED54727DBEC53D34EF4237A0DD74900DF936A6F1A09DC3271A2289077304B07981495270C8E9DE22437E310DD794FCBBBF38FEDB2322D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.990000..fVideoEchoZoom=1.104060..fVideoEchoAlpha=1.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=1.059269..fWaveScale=0.653093..fWaveSmoothing=0.270000..fWaveParam=-0.380000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995790..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.998400..rot=0.002000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.500000..ib_g=0.900000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-AHCLF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4119
Entropy (8bit):	5.259402400712632
Encrypted:	false
SSDEEP:	96:rI4Vh5fVEVRTsoqDjx0q0wsSWvpqFpPjgDh7QT7xU:MYgHQtaPVgxU
MD5:	92E5212BFB580DB9E83B800DA5F1BB15
SHA1:	BF09910250911ED2F678753FA54D5262D7A10FBE
SHA-256:	D070A30267B891CDE51B5B8BB6A037921D016F4849FC9A586EE5264447B47A0F
SHA-512:	17829667029DAD094D0D4B79D0A98DAB6F6302F9A609A56907D23042F51A943EC1E21A8D0517E860A57A1B8BCB7919CC2CB0B2B26B6C4814CAEE2AC2D7B2BBC7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.996000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.818000..fWaveScale=0.374038..fWaveSmoothing=0.810000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995700..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.968827..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.424100..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.500000..ob_g=0.500000..ob_b=0.500000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-AHIKA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3558
Entropy (8bit):	5.3584668272136255
Encrypted:	false
SSDEEP:	48:7ZRs310HUCzUF4Pd0jzEAqCfrbu00sAhg490st/whMNpnZa13ve2eDlHmdQTgP5F:j1HOKWEEbuXj3/NDnZa13vpQTldiQ81
MD5:	8FF210BD4A60027D3EA58BFA93E2B187
SHA1:	2F5BF756EDFE31FE1A0C1514921E7FFA5B1693EA
SHA-256:	30B0E01B0BCF14CBB5948C4FBBE53007B9430C569B1E9831BFF88C500B6F2E2D
SHA-512:	50BF6CA8DDBE3C20EC82C7A1F9423D10568C44D17BF72CAC9A00D781908744DF0ACC6E44FE0B7A0C8DEA1AE140DA82330E6903084922D380AB4E0582232E2BCF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.560001..fDecay=1..fVideoEchoZoom=0.9998..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.419996..fWaveScale=0.972362..fWaveSmoothing=0.09..fWaveParam=0.02..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=2.468457..fShader=0..zoom=1.001789..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=1..ob_g=0..ob_b=0..ob_a=1..ib_size=0.005..ib_r=0..ib_g=0..ib_b=0..ib_a=1..nMotionVectorsX=0..nMotionVectorsY=0..mv_dx=0..mv_dy=0..mv_l=0.85..mv_r=0.4999..mv_g=0.4999..mv_b=0.4999..mv_a=0..per_frame_1=warp=0;..per_frame_2=le=1+.5+2*sin(bass_att);..per_frame_3=bpulse=band(above(le,bth),above(le-bth,bblock));..per_frame_4=bb

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-AVNEM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3721
Entropy (8bit):	5.289642852856997
Encrypted:	false
SSDEEP:	96:4d36Vhe0M8WEEbuXj3/NDnZa13v1e3QT1Q2:U3CNDbkuz3av182
MD5:	879F0E5DEAF8D686771193AE205895E1
SHA1:	9235E30A2310C40C004F965F13B0D69A1B2B4552
SHA-256:	BAC11D8DF232A608F89E2EDFD5C0F399B2129894A4EE122A3171444BBD5A6E81
SHA-512:	1E54180D6192944B266ECF013E9B6AC0E66998951AD5A1F60E5A7F82B7F504A3DDD7F88F0E36F2478E0FBA73B06D286284CAD9110BA4294097C82C5B68B82543
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.960000..fVideoEchoZoom=2.216266..fVideoEchoAlpha=0.780000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.931011..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.008100..fShader=0.400000..zoom=0.820774..rot=0.000000..cx=0.499900..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-AVTGU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3861
Entropy (8bit):	5.2882555174416375
Encrypted:	false
SSDEEP:	96:UpR3J4VBex8WEEbuXj3/NDnZa13vGQTl1fn8d:E3J4Jbkuz3avVR8d
MD5:	2CC8ADCF474A53C43FF08A3CD49506B3
SHA1:	71E24BDB66BA504D9DF1AC99CD0586D95BE0E926
SHA-256:	033702D13380843BE3D4AA706E4BA30804F12564D46DC08EED51B4DBAECB27F0
SHA-512:	E8B50A35FB8834E6967F97271F5BAD4A1E4D28945C33CDC2DA2AF024707E5CD5A360F33518724C18623BDD35E5BC1330CB68521665DC04CF775DF14682AD9433
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.560001..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=1.000000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.419996..fWaveScale=2.630065..fWaveSmoothing=0.090000..fWaveParam=0.020000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.008100..fShader=0.000000..zoom=0.906936..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=1.000000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-BH47I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2011
Entropy (8bit):	5.315530712792582
Encrypted:	false
SSDEEP:	24:XxRVg2cH3VB14QCcGjDs7oZdYUxI1qpBmMbe6YM3ouVs/yB8eovcscg7ohs0/ZX0:D0niN2oZdYULm960isk8lvcsShsLeoR
MD5:	DFC05CD8F97C56577F96ECE52222E2E7
SHA1:	AE33E38663F102667AA6DE616223C7210757F78B
SHA-256:	564FCFEDAEA97F21A5CA58F0A1772AC02189F3CDE50E2FBF83A878E389EE819C
SHA-512:	4359FDEDC6AECBCF678AF5423FE694D861483F779754C78CBB47F887D9ECFFC3B277679EAAD9F7920BB8770E3AB90CF9C3595CB67B36EFD7A1998C1FAA62C987
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2..fDecay=0.98..fVideoEchoZoom=0.99663..fVideoEchoAlpha=0..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.005729..fWaveScale=7.184967..fWaveSmoothing=0.9..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=1..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0..wave_g=0..wave_b=0..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0.25..ib_r=0.5..ib_g=0.5..ib_b=0.5..ib_a=0.1..per_frame_1=warp = 0;..per_frame_2=wave_r = wave_r + bass.5;..per_frame_3=wave_g = wave_g + treb.5;..per_frame_4=wave_b = wave_b + mid.5;..per_frame_5=ib_r = ib_r + .4sin(time.222);..per_frame_6=ib_g = ib_g + .4sin(time*.33

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-CLIHI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3202
Entropy (8bit):	5.245663088679357
Encrypted:	false
SSDEEP:	48:nvvnQ82oZd6cPgrDTrpRlvBNe1xgljNYwVPRso7+UZPbiELHa2D:nvfPaDTrpjpNe1xgVNYQPROUJbf/
MD5:	FAFA1454756AD760819DBCA36E3E0977
SHA1:	ECAB18B5E0F80ADA205D9A763173D887E16EE905
SHA-256:	D543A529A9590F998A683CC1EE81622815D12EBAB2D2F7CBDA8C0B8000690F02
SHA-512:	41D3FFB613F391E1D0504CE6A2DE1F65F02FE4C6CBEB0E5ED6A87EA52F5C25D1E61DE7BC8304B4F9F81CA08AA77BF3532C1A9245F85E9C8F43948CB75A901D6A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.986..fVideoEchoZoom=0.999993..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.741913..fWaveScale=2.46855..fWaveSmoothing=0.36..fWaveParam=-0.18..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=0.999999..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0..wave_g=0..wave_b=0..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=0.92..ib_size=0..ib_r=0..ib_g=0..ib_b=0..ib_a=0..nMotionVectorsX=12..nMotionVectorsY=9..mv_l=0.9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp=0;..per_frame_2=dx=-0.0005;..per_frame_3=dy=-0.0005;..per_frame_4=old_bass_flop=bass_flop;..per_frame_5=old_treb_flop=treb_flop;..per_frame_6=old_mid_flop=mid_flop;..per_frame_7=chaos

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-CT17K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4832
Entropy (8bit):	5.3514228255212455
Encrypted:	false
SSDEEP:	96:SP3hVhe0H8WEEbuXj3/NDnZa13vKQTEtT1opCpt+BNR:Y3dNcbkuz3av+T2pz
MD5:	A354CE60BAF4F5281B9E843F04376DAD
SHA1:	8940E2E8C069AC389AE2146CBF6ED27C79FDC87E
SHA-256:	4FC07A2BC15E06FB91D79A1C70B173374F980621D9E31B627202F034D9016B07
SHA-512:	38F78E18586BD575E2750A6B24027CD2CB9A65361A6D96C6033025F5F331FF3B2E8166719FC749826CCA38E78EEE76CD6797BE5ED02395C8985820D5422FE02B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.050000..fDecay=0.970000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.008100..fShader=0.000000..zoom=0.988218..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=31.999994..nMotionVectorsY=28.799999..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-D0VMQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2024
Entropy (8bit):	5.139510367988638
Encrypted:	false
SSDEEP:	48:7m8sH5Q3JqKd3aAWoP2Hug2gmG91dxdFVK:S8n3JqoP2O59G91dxhK
MD5:	1BCFB58C94AB1CE76B0C2A49C1E42E17
SHA1:	26628E58A60E22C72D7CF1AF8595C2346D5E5712
SHA-256:	E70431D7C2B2AB9D808BCF00931428C6ADC9E2CC862433320D886DC17F67D6F0
SHA-512:	B649F57E3EABB0B97DF3B76641046836AEE0DC1465E03C7C66AF9D2E6F9DAC71A87D994F5A4DE43371329B6C8D59BF512F2CB4CB577BD569DC665F4FA8B1ED7A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.438649..fWaveSmoothing=0.500000..fWaveParam=0.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999996..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.976000..ob_size=0.005000..ob_r=0.400000..ob_g=0.300000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=1.000000..ib_g=0.600000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-D8HG8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3821
Entropy (8bit):	5.303546265534841
Encrypted:	false
SSDEEP:	96:Lqp+YxbpMBOCJyVL9xS/w+oYhEusEhI6pk:LPYXMBvcVvypY
MD5:	4A3E8AD2A58F021955EEE969F43B3849
SHA1:	16BAAC629DE5FDB0B4EE16CE6C47825F6BA3CF96
SHA-256:	65D5846A275FDF7F50BFFA8495A01C87DA552C4A8E9158ECF0761F3315DC9140
SHA-512:	2B072D182EBDF87351A5DB11F9D22605622A92F461969F809B74BA9FE7B058D7A2AE64ED302D81E9E739242685B6DDFF0A26EF1CD58E1088C468A32DC322C371
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=1..fVideoEchoZoom=0.9994..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.059269..fWaveScale=0.653093..fWaveSmoothing=0.27..fWaveParam=-0.38..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.99579..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=0.619082..rot=0.0019..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0.01..ib_r=0.5..ib_g=0.9..ib_b=0.5..ib_a=1..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0..mv_dy=0..mv_l=0.85..mv_r=0.4999..mv_g=0.4999..mv_b=0.4999..mv_a=1..per_frame_1=warp=0;..per_frame_2=old_bass_flop=bass_flop;..per_frame_3=old_treb_flop=treb_flop;..per_frame_4=old_mid_f

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-EKTCF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4534
Entropy (8bit):	5.285223502557815
Encrypted:	false
SSDEEP:	96:Fc4Vh5fVEVRTsoqDjx0q0wsSWvpqFpPjgvrlRPf+ONVXKj58r:uYgHQtaPnuc7r
MD5:	02EFE359873D381E9D45CC9808458111
SHA1:	7707A36FD7F1DE1B1DE03D820252B455E9129E13
SHA-256:	A2FF9E36AC9E9CD1C7968D893B8EB2A3DD6594AA9A371FDEF441D54986BCC96B
SHA-512:	B0F44EAA2B105EBBCA7276D427F85DE2409783C05538A501B8942040C2A6E395638BA51FFDB08FB0EC55716ED6E85A7210EDD9AD64B3488B8779F73B8B247495
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.996000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.818000..fWaveScale=0.653000..fWaveSmoothing=0.810000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995700..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.998217..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.424100..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.500000..ob_g=0.500000..ob_b=0.500000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-F56SG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4066
Entropy (8bit):	5.301965222644289
Encrypted:	false
SSDEEP:	96:rb3J4VheMWEEbuXj3/NDMfL11KH+QTICe0K:X3JYbbkuz3yKQCep
MD5:	4B041C15D9D2209ACAEC01591B486CCD
SHA1:	A8F00C19C3F4C366F51A0831A4301C82483F906D
SHA-256:	D85B7DEA6B8CB3C7638DFFE1D0F1E12CC90DE7302E4FDF482FEBBEFF1452982D
SHA-512:	D6448EA3003C83AACA6988C64716B8C50046614C07598DFA10335CCD80DBD73EA6CB0A18BB3A2B0A4C5D0687FB205FF05A104C041FF37BB27E74114A76029AD8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999786..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.842588..fWaveScale=0.445820..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.759877..fShader=0.000000..zoom=0.991498..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.700000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-GGDQU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7794
Entropy (8bit):	4.9623123040437624
Encrypted:	false
SSDEEP:	192:2JYi+1/tP0mn2k0HEUtE9vTLWIL4jjTZLQC/yrCICMjvgwlsvyFi/qDaBtIaHAWV:2JY3/tP0mn2k0HEUtE9vTCIL4jjTZLQm
MD5:	3BA089BA645336777F1CDCE87573EA87
SHA1:	282D515FC2FF12B713046B232EC016225309F8EA
SHA-256:	46557637557E14587140CE6A62A79BD9402DAAEEB2B5DA54E63B510952884B00
SHA-512:	6110A0791CB17E12A53D772EB31CA28C69018230EDDEC431F8B4060C4DA911A8979B7F8465147FE1A8DAB7308B18F5B1B5E1A9A8F59B96A80BA55242189EB2D0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=5.000000..fGammaAdj=1.500000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.221673..fWaveScale=0.685151..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=100.000000..fShader=1.000000..zoom=0.999998..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.100000..ob_g=0.300000..ob_b=0.120000..ob_a=1.000000..ib_size=0.005000..ib_r=0.200000..ib_g=0.200000..ib_b=0.200000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-GIUBK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8287
Entropy (8bit):	5.032303958891181
Encrypted:	false
SSDEEP:	192:J3JYNR1otLFpf7mOvf1HFMtE92PAKxIEFYa4jj6QSQCnyrCHFi6vdFTd58kNvrFN:ZJYNvotJpf7mOvf1HFMtE92PnIoYa4j0
MD5:	B3B5E93B091D1890E0FE3EFA8ED88FB6
SHA1:	225F5550FCB875576908CA2DF5FB44C29712BF81
SHA-256:	292556FEE04493BF95B25A572B0D86E7BEDEDB3C59B7C53BB869A10C15CCA680
SHA-512:	E80D8577381650C6F26DE25342DC3B234AF9DF8261C52A3B2F2C50B2E00E469C81595780734DA274F892AF8D3EF05674FDDEC3D98BB7B494B05A137353D3F44C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.112222..fShader=0.400000..zoom=0.693048..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-I66MV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4346
Entropy (8bit):	5.27947353232535
Encrypted:	false
SSDEEP:	96:YqM4Vh5fVEVRbsoqDjx0q0wsSWZpqFZPZ/Ol66qf+Qfu:YhYoHQtast699
MD5:	3AA06C6FF59E746CF74C16B2EA083827
SHA1:	5BF803E441B330304D3681DCDC2805E9AC69BA0F
SHA-256:	75DAF510FF04BE21A99A38841E957D6469E97C39B72D0EB7C4B922D4A523B07C
SHA-512:	65AD8A11CD8F992F269CD188D64B3CAC8DEA4BE0B045FCCD891167B0CB28F6F461D82EEB0E91B7046F7D49E3F1E2E0053CB4435A61593E1BAA82292966EAAC9A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.994000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.818016..fWaveScale=0.653093..fWaveSmoothing=0.090000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995700..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.998217..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.424100..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.500000..ob_g=0.500000..ob_b=0.500000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.500000..ib_b=0.500000..ib_a=0.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-I69HR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4501
Entropy (8bit):	5.304927059145043
Encrypted:	false
SSDEEP:	96:eq2gcTIVyaC3xDuRi79xN/w+ovyrTC5hNQBjBFi42:mg8VUguw92
MD5:	781AE0C25F585D516F62BA676640A9F4
SHA1:	19AE766E4B60A3B174F71FD5B0F6F00F4DD703AA
SHA-256:	808E79EE3FF240ABC00849651E60232D7A487184E21AF99400ED4C582DC6DFC7
SHA-512:	CBDA5C931C494E94E8346F956C29944AECFB14ACBD117A8B501663D03D9D91FCD7EFE3ACED3DDE0F18904662317F45C5AD08BCCBC87F9B75379A9B7CC72079B5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.997000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.270000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.817900..fWaveScale=4.141529..fWaveSmoothing=0.180000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995700..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.007985..rot=-0.760000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.350495..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.500000..ib_g=0.900000..ib_b=0.500000..ib_a=0.000000..nMotionVectorsX=31.999994..nMotionVectorsY=28.799999..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-I9P1C.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4530
Entropy (8bit):	5.318108915820596
Encrypted:	false
SSDEEP:	96:zU3J4Vhe/8WEEbuXj3/NDnZa13vAQVWH3U:I3JYvbkuz3av6H3U
MD5:	82CD083904D1032E53BE64C1CAF30A21
SHA1:	1396374C8A8EDA1CC4F6A1FB196AA7A65DFBA239
SHA-256:	1875936D3AC8679DCE4EC19F492FD7C361B60C669003DA36186234606012557F
SHA-512:	9E662FECD4FD76D4167412E36C40D0527F44685FBD0BEC80153DA7CA381605DD99CF13DD6FFDCCBF72528F488036E5824374ACFE6513F3554CFF525CE289AEE0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.560001..fDecay=1.000000..fVideoEchoZoom=0.999700..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=25.573200..fWaveScale=1.135639..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.998170..fShader=0.000000..zoom=0.998137..rot=1.000000..cx=2.000000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.600000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-IR8GQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7784
Entropy (8bit):	4.959416075674242
Encrypted:	false
SSDEEP:	192:vPJYi+1/tP0mn2k0HEUtE9vTLWIL4jjTZLQC/yrCICMjvgwlsvyFi/qDaBtIaHAz:vPJY3/tP0mn2k0HEUtE9vTCIL4jjTZL0
MD5:	2FAA23C7A6BE6D8243875B29450ACD4F
SHA1:	68A5AF7E59467AA3DC3AA6C933ED4FA7FBEEFDCD
SHA-256:	324ABF7E47D4AA59FE8B090BBD46073E88A3FDB5F8869B8946CA148F17EF2395
SHA-512:	E04A33CA8BB4E11D1B9618A1E88DDCE9BB934D5460265E689DDE2B4A82979B239423F9280625A4A129C22584D8E4D7F47B0A00256BC0F06A1596E0D99DB6B2B2
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.700000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=3.221673..fWaveScale=0.685151..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=100.000000..fShader=1.000000..zoom=0.999998..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.100000..ob_g=0.300000..ob_b=0.120000..ob_a=1.000000..ib_size=0.005000..ib_r=0.200000..ib_g=0.200000..ib_b=0.200000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-K6K50.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4445
Entropy (8bit):	5.2981266234279065
Encrypted:	false
SSDEEP:	96:HqhgDJYIVebsoqDjx0q0wsS10pmELR8kIpiOu6Bn:HAglYjHQtXk8nR
MD5:	F904F7D9AE925AB82008B4A707698056
SHA1:	A22634D6C35F2886048BEBCA37DC9B39E85B6FB3
SHA-256:	969F89A45080A4703DE0B25EAB395A7DBA490F5F85610D508D06F960023296C1
SHA-512:	8B8DF320B9A1F544A617380F43BCD182A0022AFF80BD9F92AEFDAA8661CCC4CC20F64D17A47A10CB4F0E097D64944BA87DF354B381371338A9EDB2068BD78FA3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999496..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.059200..fWaveScale=0.653093..fWaveSmoothing=0.090000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=5.995700..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.008384..rot=0.500000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.008145..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.500000..ib_g=0.900000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-K6M3L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3876
Entropy (8bit):	5.301838739918167
Encrypted:	false
SSDEEP:	96:By36Vhe0+8WEEbuXj3/NDnZa13vVQTEtT1opH:M3CNlbkuz3avvT2pH
MD5:	E4F623FFB4FB6F2764B26F67C184F6E3
SHA1:	ABBC68C43F5301D960AA2A79A5BA02CB0A177B84
SHA-256:	D11A26D73D705D6E086642FC79D18740CCABCAD44CC32DE04D5E3436CEBF6B8F
SHA-512:	4CC3BB34BB1F9C4E76BAC3A55A7BE4E6707618418140D9ACAEEC1015B3C000A9DD030626A8E758BA799A786BFBF7AA2103A3EBB915D0769C1981145B13C621BD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.050000..fDecay=0.970000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=100.000000..fShader=0.000000..zoom=0.998169..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-KSD75.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3911
Entropy (8bit):	5.345425621574361
Encrypted:	false
SSDEEP:	96:H9O+pEOC3xDuRi79xN/w+ovyrTCihTOEVlXF:/paUgumXF
MD5:	28CB4B7865D507F2EEA3F8CDC49E5BA1
SHA1:	6F3DAC1A86CC41D873C0E9AA293232BB5BA3B6D1
SHA-256:	9CAB459561A0A3DDE856C66B5F9F13726984F0CA60F17076BF3F3F106F0B7DFA
SHA-512:	17E62041FD220242E46CE71DE1AB1B115DCE50C1BF8CC3683213B43A39CBF44329D1D5CB72512F27B517C3496DB2BA7ED20673D19F4F86027CD10C4B72D44745
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.997..fVideoEchoZoom=1..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.8179..fWaveScale=0.397105..fWaveSmoothing=0..fWaveParam=0..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.9957..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=0.740601..rot=-0.76..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.350495..sx=1..sy=1..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0..ib_r=0.5..ib_g=0.9..ib_b=0.5..ib_a=0..nMotionVectorsX=31.999994..nMotionVectorsY=28.799999..mv_dx=0..mv_dy=0..mv_l=0.85..mv_r=0.4999..mv_g=0.4999..mv_b=0.4999..mv_a=1..per_frame_1=warp=0;..per_frame_2=rot=0;..per_frame_3=old_bass_flop=bass_flop;..per_frame_4=old_treb_flop=treb_flop;..per_frame_5=old_

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-LQ5G1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4012
Entropy (8bit):	5.296130810606379
Encrypted:	false
SSDEEP:	96:LH3J4Vhe58WEEbuXj3/NDnZa13vradQTxInry:j3JY5bkuz3av9Iry
MD5:	4D2F2DBDDA3438047397ADE7E4B2D087
SHA1:	0470D92ED50C21FEE81DA1D7F9BDE124E1495AE1
SHA-256:	55A4951DA125DE3E58BEC2F6C7E70156A26E7A823A9271F9768926F3EB522CF6
SHA-512:	06B295C664479F7D4DE170B36CD6A2395EC0795EFEF808431F53D99CE6195D6C8F27B58128C8CF2ABD251C9C7E86CB4FF8D2723D60C6CAFFE8E17FDFB97D3A97
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.560001..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.868000..fWaveScale=0.424194..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.067988..fShader=0.000000..zoom=0.959155..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.600000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-M69L4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3788
Entropy (8bit):	5.29269602281753
Encrypted:	false
SSDEEP:	96:fI3J4Vhex8WEEbuXj3/NDnZa13vpQTleBR81:g3JYJbkuz3avGqS1
MD5:	981303A9A2903A2640C0E8E1E5207F03
SHA1:	FE9C51F2FE5AAC870F689A0996238142D0F4CD36
SHA-256:	1F4809D0747772CA68C110C7435493A9B6AFD3807810071D14A6E403A95810EB
SHA-512:	659891272DA254C0B6FB993C5AA7AE2BB029CDB7D73AACFADFCFA70B4A1761C352673E50E7F818FDA476942EB3339AF1A7DDA6D339FBEB7C3A063E1A8EC801BD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.560001..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.419996..fWaveScale=0.266717..fWaveSmoothing=0.090000..fWaveParam=0.020000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=2.468457..fShader=0.000000..zoom=0.962731..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-MECM7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7033
Entropy (8bit):	4.947438482720636
Encrypted:	false
SSDEEP:	192:j3JYNf1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDZ:bJYNtFtJpf7mOv91HFMtE96XIoYa4jjf
MD5:	5A34C587D418ADCAC4B2061C92BE30B3
SHA1:	B421004B090A7C2279403ED08BF099C71882EF81
SHA-256:	0E5172ABA02036CE07AFC3A8171E0C6E675747B6448F4139485C22B25D1C7D0E
SHA-512:	48847D16AF985CE34C972E0AD13A12DD7963CC5BA22C790DD13DE43715143352E23244561E978A23B396566B2F68B1EE113C6FF0730EF7F09EE6830C23ED3226
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.008151..fShader=0.000000..zoom=0.659411..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-MLHEC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4002
Entropy (8bit):	5.309040278986909
Encrypted:	false
SSDEEP:	96:3qk+YxbpMBOCJyVL9xS/w+oYhEuswhI6CCF9v:3GYXMBvcVvyXt
MD5:	DF28CF6CC7E20A7992876F27961401D6
SHA1:	A8253029DB506FB349756FB9DD64C652D1EA5918
SHA-256:	9761F47B3E6316B1A676B97EAF8A0C588A6B9596A04C61F505956B30C52FEA3E
SHA-512:	9ACA0434B7DE9CC9D7A79B2F472E39441884E077165F6E816EC24CF1BF5FBA41E9CE16C6C73C6749B819D78F1FC309842D69ED462B2206BDAEDCB5B531CC445F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.992..fVideoEchoZoom=0.9994..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.0592..fWaveScale=0.653093..fWaveSmoothing=0.27..fWaveParam=-0.38..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=5.99579..fWarpScale=1.331..fZoomExponent=1..fShader=0..zoom=1.008..rot=0.0019..cx=0.5..cy=0.5..dx=0..dy=0..warp=0.01..sx=1..sy=1..wave_r=1..wave_g=1..wave_b=1..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=1..ib_size=0.01..ib_r=0.5..ib_g=0.9..ib_b=0.5..ib_a=1..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=0..mv_dy=0..mv_l=0.85..mv_r=0.4999..mv_g=0.4999..mv_b=0.4999..mv_a=1..per_frame_1=warp=0;..per_frame_2=old_bass_flop=bass_flop;..per_frame_3=old_treb_flop=treb_flop;..per_frame_4=old_mid_fl

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-MVRTG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3105
Entropy (8bit):	5.338456379869689
Encrypted:	false
SSDEEP:	96:8jZQDYJWASyCJo5GOeIVNNm+xMS+0paXEQs:QH5SLqBNjXYXEQs
MD5:	CD9954EEA9E51621F134906D19DB6EB1
SHA1:	C14545402E6260748397CB259BAE8728081B1885
SHA-256:	84ABB9F524364B5C8B6730F13C6B68250CE64978188114912F767D21772CF579
SHA-512:	8759E8C0BFF814763BB94A67131E1DDA6831217381D52F55545E24FED6EAF449115774BEBFB2AAE22D3DABA5582251CA992EC72CD6EF587F855268DBF600E008
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2..fDecay=0.981..fVideoEchoZoom=1.00644..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bMotionVectorsOn=0..bRedBlueStereo=0..nMotionVectorsX=12..nMotionVectorsY=9..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.868299..fWaveScale=2.781641..fWaveSmoothing=0.54..fWaveParam=0.2..fModWaveAlphaStart=0.95..fModWaveAlphaEnd=0.75..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1.008151..fShader=0.2..zoom=0.9998..rot=0..cx=0.47..cy=0.5..dx=0.005..dy=0..warp=0.01..sx=1..sy=1..wave_r=0.5..wave_g=0.5..wave_b=0.5..wave_x=0.5..wave_y=0.5..ob_size=0..ob_r=0.5..ob_g=0.5..ob_b=0.5..ob_a=0..ib_size=0..ib_r=0.5..ib_g=0.5..ib_b=0.5..ib_a=0..per_frame_1=warp=0;..per_frame_2=chaos=.9+.1sin(pulse-beat);..per_frame_3=entropy=if(bnot(entropy),2,if(equal(pulse,-20)above(beat,0),1+rand(5),entropy));..per_frame_4=bass_thresh = above(bass_att

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-NL6G0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3885
Entropy (8bit):	5.288480716331432
Encrypted:	false
SSDEEP:	96:3W3J4Vhe0M8WEEbuXj3/NDnZa13v4AQTatTjF3:G3JYNDbkuz3av4mTjF3
MD5:	6A9B710D85E58E40F745173260D28520
SHA1:	CEB617685C7542967E63D5B6358DA9F6E5B5C933
SHA-256:	1D38C43D93755CB74800A9705CA36E3E93B2A88CC33F0CA5C3A99E666D4C4B33
SHA-512:	90188EACEA583EF433C137CA772FE1698D46C53DEE8315EB8577E1EA702BCFFE8528C3933374C29D05091BA192120F20A9CB83EE51B21F1DDC4D635C4363A93D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.998169..fShader=0.000000..zoom=1.001500..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-OL53I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3747
Entropy (8bit):	5.2796374321581805
Encrypted:	false
SSDEEP:	96:JK3J4Vhe0M8WEEbuXj3/NDnZa13vqQTEBZF3:g3JYNDbkuz3avQZF3
MD5:	84EF4933EBEFDD16953DB8E0207C54B4
SHA1:	5ABAA4166091ECBD7802044BC7731B2BBE32D027
SHA-256:	A26185627118FCBA46E6AD6CDFA97DAB7BF58FC4C81070513B2743F0635F93E2
SHA-512:	D80C48C770CDDD4EFD7DDB347CF212D4035E56A8DFE97CFB716C43712CA5C7C32110160DE766A6EEB18ABECC557245AD554EAAF49861CA54F4E26E015A8AD2D7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.001830..fShader=0.000000..zoom=1.001507..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-U7Q78.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4513
Entropy (8bit):	5.305496008330551
Encrypted:	false
SSDEEP:	96:gU3J4VhefjVSWEEbuXj3/NDnZa13vAQT7HS/w:53JYDbkuz3avxHS/w
MD5:	23D1363449CFF1E84CBEB4094E838EFD
SHA1:	B3863B5E99F96C631AC092BF9ACD3703D867B9A2
SHA-256:	1AAD1D2A84B7D377F969D5773C70DEDF21A4137F0AFF94A3080D1BE7EDB07300
SHA-512:	0E7FA87E3286B21F0776A2F19BB75F4939C6A7D28A7D1C81B00CCF90F614AE9FB0C5AB84AA08241E54859A144A946F3D61DD7E1C1C7B6E3901EEEA2DB4340721
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.560001..fDecay=1.000000..fVideoEchoZoom=0.999700..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=25.573208..fWaveScale=0.282091..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.998170..fShader=0.000000..zoom=0.998137..rot=1.000000..cx=2.000000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.200000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.600000..nMotionVectorsX=19.199999..nMotionVectorsY=14.400005..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-V8AGN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3730
Entropy (8bit):	5.266535780374799
Encrypted:	false
SSDEEP:	48:FxBGG2oZdpcPgnDbB0slvvyVB9xgDHfN+wYtqATQsT/8YQw1x3yGcXmZaAHNW1x:7nRDbB0CXyVB9xS/N+Z5TdTBQHeox
MD5:	9483EFA7ED0CB72DD0FD35293FB58E1E
SHA1:	F58525FD7DDCD40F5C968FF373523DAB2D234A80
SHA-256:	72F8A995910CC7E21C4F794CE7C9E7648A60E59784B37F3265BA785E12C81150
SHA-512:	BD4C77D8C65BECC479773F32D75CB659ADD8062F55B92DB278C3FD1A2B91B18C0CE5F46A91AAF430609B9AF14A5821C8E7B221B95FF07FF28B34DBE05083BCAD
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1..fDecay=0.975..fVideoEchoZoom=0.999993..fVideoEchoAlpha=0.5..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.741913..fWaveScale=0.502368..fWaveSmoothing=0.36..fWaveParam=-0.28..fModWaveAlphaStart=0.75..fModWaveAlphaEnd=0.95..fWarpAnimSpeed=1..fWarpScale=1..fZoomExponent=1..fShader=0..zoom=0.942044..rot=0..cx=0.5..cy=0.5..dx=0..dy=0..warp=1..sx=1..sy=1..wave_r=0..wave_g=0..wave_b=0..wave_x=0.5..wave_y=0.5..ob_size=0.005..ob_r=0..ob_g=0..ob_b=0..ob_a=0.92..ib_size=0.004..ib_r=0.4..ib_g=0.4..ib_b=0..ib_a=1..nMotionVectorsX=12..nMotionVectorsY=9..mv_l=0.9..mv_r=1..mv_g=1..mv_b=1..mv_a=0..per_frame_1=warp=0;..per_frame_2=old_bass_flop=bass_flop;..per_frame_3=old_treb_flop=treb_flop;..per_frame_4=old_mid_flop=mid_flop;..per_frame_5=chaos=.9+.1*sin(beat);..per_frame_6=entropy=if

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Unchained\is-VCSS3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3858
Entropy (8bit):	5.303771796038907
Encrypted:	false
SSDEEP:	96:Dy36Vhe0+8WEEbuXj3/NDnZa13vVQTEtT1oF/:m3CNlbkuz3avvT2F/
MD5:	FF0CB6EA197C27BAAD1270A8D1C400B9
SHA1:	E70236CEE4D12026FA32C3CF4AE83428A04D528A
SHA-256:	CFFEC5CD0E30E0FFCF929F178DC7ED29241F5D0D29D09896D0519463C30AB473
SHA-512:	712C1C8C1A689AD2C31EDD6D6E79426B2839449C0FC5E54E01FEB331F7948D7E5FAA8870F5BEF00498DCB686717E9549FE8710AC89273202B9D503B0444E1EA7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.050000..fDecay=0.970000..fVideoEchoZoom=0.999800..fVideoEchoAlpha=0.499900..nVideoEchoOrientation=2..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.254574..fWaveScale=0.450290..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=100.000000..fShader=0.000000..zoom=0.998169..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.900000..nMotionVectorsX=24.959999..nMotionVectorsY=19.199999..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-2H5D4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6312
Entropy (8bit):	4.894460496284239
Encrypted:	false
SSDEEP:	192:rNJYWX7c1xtif7mn290HEMMFc6FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDs:rNJY0yxtif7mn290HEMMFc6XIoYa4jjC
MD5:	8BC0C804606909A090607F219D6F682C
SHA1:	EA5CF40CDDFA364A8B2E4D75408079EADE65929B
SHA-256:	47EAD4A41C6E606BB19247E50DDD50FBD8741BA96712582897132B23EBFFB1FF
SHA-512:	CA2440C6EA2CA0C6207DE9621FCB667761F30C675318F874E5CC98EDB331381F7CC8B245FF29F8E870C0C4E3BCC3877091B69DE2936EB999F3043D97ABE9A120
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.800000..fWaveScale=16.217468..fWaveSmoothing=0.750000..fWaveParam=-0.440000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.25000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-538GN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4606
Entropy (8bit):	5.267233954689136
Encrypted:	false
SSDEEP:	48:baz5o523JqKCFAEeGJMpiB4YisL5vcsfM+sCaZm8yyIqeKXbGGzW:2z33JCeCMpiBzHFVfMrg8yyI/2W
MD5:	BCFC930DA4C051AD87646C89BC12226B
SHA1:	F46CC4F04A1C2D65C73C20035485F2F3BE06541E
SHA-256:	87A4609ABF38AC1F114B9933C3C9B8561F428D77B43EECE4BDE8E119A2952D54
SHA-512:	D33FBB63C2E71CA5BBE1A4A4EEBF121B3FA1D04BAB49544D19A51BA983ECF2E28C4D8DFC40FF49A162366235685613B4936AAA0DBCA74CDD42EC3F410601BE2B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.011683..fWaveSmoothing=0.801000..fWaveParam=-0.600000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.906938..fShader=0.000000..zoom=0.977870..rot=-0.380000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=0.450000..ob_g=0.450000..ob_b=0.450000..ob_a=0.200000..ib_size=0.003000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=1.200000..mv_dx

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-EKDDH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6203
Entropy (8bit):	4.810849667183274
Encrypted:	false
SSDEEP:	192:hD3JgHl1Mtef7fOv91uFMMFcvdIDa4Kj6hStCnyrCZ2vnTd5xkNvyVbGDqzBGauE:tJg7Mtef7fOv91uFMMFcvdIDa4Kj6hSt
MD5:	9D4D2A87DEC587E136B4CE747E174829
SHA1:	CEC9057AEFC23D6440207C0213D6CB73FCCB647A
SHA-256:	7AA37C7FA73A922881E601D1DA8B9CDE7FE33D70931AE6008A2A2426C65EF48C
SHA-512:	2209904192BFAEC9F4603E97DBC3BFC2AD055B4A4173249122172FF58ACA22579CADEBF1615668441EAD6780D53E3F34EC38D3259AAFAF5DEEF3B70D80285EDA
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.997000..fVideoEchoZoom=0.996629..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.270000..fWaveParam=-0.380000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-G6QPC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4902
Entropy (8bit):	4.816400352524846
Encrypted:	false
SSDEEP:	96:Eq6J4VhWmU7w5ZgtLFpmOv9tnHFMtE96F5C8RVIEFYjj6QmnQCnyrCHFVSvHdFPV:E1JYWX7HtLFpmOv91HFMtE96F5CYIEFA
MD5:	1B82DE1E77E78C879926F30413C9FC33
SHA1:	7A51C8092EBB237FE332E61A12B062D305998952
SHA-256:	FF90DE0FE6073B341D0D9ADC0C2442FB53963B81CD5CC5F8F66C8B207C255BDC
SHA-512:	B98C8613033E97103C5121D1C75FAD0E0983FBDBF2D2F972912DDF0D6E02AA06D1FC0B3840A30EA3293E1E36F55B7AD6943C04F914DED966D0F595B0DAD194C5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.980000..fDecay=0.940000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=2.987793..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-GK9V3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1458
Entropy (8bit):	4.89209306545229
Encrypted:	false
SSDEEP:	24:XkjgOeXsF4DUSr5JI3JD7d3aAEwJKKrtpAXSqC6hwFCdn:UmXsyH523JD7d3aAEwJMSoRdn
MD5:	7B0CE705347A798FA9F5914805FF2553
SHA1:	B56FE0800EF2C416BCB1F3B89C84F37A456369F2
SHA-256:	E151391DAE21A1134710F090DCCE80EB35201CF779752046A3008EA88B09BB24
SHA-512:	301EE0A63493D18650C2EEF12360EFFD79A0B729482F0CF3A442022526E49AA7EE8AD12325501FE5436451A0516EBD8B1BBC89443770DB55366C64DD74BAE962
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999600..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.011566..fWaveScale=100.000000..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.904846..rot=0.200000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000002..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=10.240001..nMotionVectorsY=7.200006..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-GPHG7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12084
Entropy (8bit):	5.13375264210203
Encrypted:	false
SSDEEP:	192:WqJYXSF/NdBoMd8mtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58o:TJYMNd5tJpf7mOv91HFMtE96XIoYa4j4
MD5:	328471AA0E2A9F9A841742FF83874F99
SHA1:	B47C8DC32861E87BE21CE747CA355A338E4AC96A
SHA-256:	6AD1B801F551A16561E43B4BEFCD7DE586B64346E18BC959DBFFDFB8132F2A03
SHA-512:	1C8A508F8B0712B237BE400257CCD0BE23365518160DBEC38E715CEF56B8739F4387DCCECE5D7B9CACC19298740DD34EEA21F5D0DCD309138CB386744A7A90F8
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=2.000000..fDecay=0.820000..fVideoEchoZoom=1.0500000..fVideoEchoAlpha=1.100000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000000..fWaveScale=1.000000..fWaveSmoothing=0.750000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=7.680042..nMotionVectorsY=6.240038..mv_dx=0.3

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-H74SB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6920
Entropy (8bit):	4.906327360435855
Encrypted:	false
SSDEEP:	192:wKgWX7HA/R1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrn:Fg0H6FtJpf7mOv91HFMtE96XIoYa4jja
MD5:	34C523EE84AB3AD2D3BD165AE7CA7CCE
SHA1:	137D2FF8AC6F87C3656434CA273944C21A03097B
SHA-256:	6E7F4DF3107DC0041F19ED5AA9531C4A99146A839E0A9277F9895F64F07C6C13
SHA-512:	1FDDBA53180230D96186E474919DE5A5B64C2B42D061A26F330CCB5AB8F6C341910F3ECD18319B099CB9C3B84346CF505D89516098C0436A5F4DF8790C3DAC0F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.010000..fWaveSmoothing=0.360000..fWaveParam=-0.500000..fModWaveAlphaStart=0.709800..fModWaveAlphaEnd=1.700000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.959487..rot=0.020000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.198054..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-HCRQR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1923
Entropy (8bit):	5.048871188058632
Encrypted:	false
SSDEEP:	48:w/aLH5Q3JqKd3aAWoJ6+VFVjcLpusQgGLY:Aaa3JqoJbVFwp7QgT
MD5:	26A756F42C5D3574952C8C4605010648
SHA1:	196247CD8BB672E84A14F025F9E030DCF57F27E2
SHA-256:	E089B46D8F461A45EC15E5E19C043F70A809E6EB0589EF97F3255856F616CA3D
SHA-512:	9D141652811C45C026465F7A8B6C1424DAA44D3C070197FC47988E97344CE798F3BC7410134ED21AC299CF87F8AAED395080846275CA06C8ABC42F5C0053C12F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000000..fWaveScale=0.098609..fWaveSmoothing=0.500000..fWaveParam=1.000000..fModWaveAlphaStart=0.500000..fModWaveAlphaEnd=1.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=0.999996..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000010..dy=0.000010..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.976000..ob_size=0.004500..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.021500..ib_r=1.000000..ib_g=0.600000..ib_b=0.500000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=2.400000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-I87FF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6145
Entropy (8bit):	4.954181733553504
Encrypted:	false
SSDEEP:	96:OirQV3BA5qqHXh9RfGhOgVivGhnbolm5qmYzmKlT47kTVOf:3rAy5qqHR9RfAOgVpnb+mgmYCK27kTVI
MD5:	35E2CFB09725077DD1B803E2953CE087
SHA1:	401CFAB0B52B6233F8756652B74FA3FC14043F2E
SHA-256:	3E8AFBE16174786D6176534B42081F25E0E67B404DFBEE5BB2888B1F0C5DDAC8
SHA-512:	003B2652D8F20C9C037B5734F090CDA4D9012520587A1F6450BDD3E1B5B8A4954F8B1AA88803B989E74B8F87DD2F442E3CADDEA6DD5F12B975199D017EC7F4D2
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000..fGammaAdj=1.980..fDecay=0.940..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=2.988..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..mv_r=1.000..mv_g=1.000..mv_b=1.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-N70TS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5682
Entropy (8bit):	4.7522725564822865
Encrypted:	false
SSDEEP:	96:h9t3JgPMpfWA1lPtX/t7fOv9tnu4PMMFcvFyC08IDQKThLQ7ryrCIunPvHnPLd5i:hD3JgPKWA1FtXV7fOv91u4PMMFcvfIDJ
MD5:	B7E5CBA00D93CCD4377BB52EAB1080F3
SHA1:	EBA659B16503674A1E1C59752B20CE09329E702D
SHA-256:	0953EB746594861C535B7AC6BC2496588B02CFB9EC8051072660B26E9397A98B
SHA-512:	3D4019538A0E2E288355A5B681B516D7B001E52114185327E76E60665C7EDA29052EEA9D3C293659059BB1639EFD9B0FCE82EF0805DE56E3B3A2FDFFDA9E0BCC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.997000..fVideoEchoZoom=0.996629..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.270000..fWaveParam=-0.380000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-P2M92.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7721
Entropy (8bit):	4.931169761356138
Encrypted:	false
SSDEEP:	192:9JYw7K4FisSupvtafoOvj1uFtMFcvOIIaTKTQShCnyrCIrvvdBlsvrEbGqDaBtM7:9JY+KuiSVtafoOvj1uFtMFcvOIIaTKTp
MD5:	151A41CAE6D2AFD4830DE8277B526C34
SHA1:	2B45747ECE1206D1E1C43A2760C6839CEE748C90
SHA-256:	6E20F13B7D39E30C2D2E8EA39BD4056BE920819248DE5AE5E015078CAF7B053D
SHA-512:	3B4AC562C40002A068A1FD07A656F711442921F91722AF9371EF9336EE99FB1E6569DEB1CD5FFCB5C4865A89F306C24154B64A4EEA43472964F88056469FF46C
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.000000..fDecay=0.980000..fVideoEchoZoom=2.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.741900..fWaveSmoothing=0.000000..fWaveParam=0.000000..fModWaveAlphaStart=0.750000..fModWaveAlphaEnd=0.950000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.000000..sx=1.000000..sy=1.000000..wave_r=0.500000..wave_g=0.500000..wave_b=0.500000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\Zylot\is-TQFOK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8992
Entropy (8bit):	4.984052996667565
Encrypted:	false
SSDEEP:	192:RD3JgsGKE+AVOIzzQftXlf78/v9ctHF1PtE9vcFfIla4jKTQLQ7OyrCInWvwd58/:dJg5KE+AVOYzQftXlf78/v9ctHF1PtE3
MD5:	85C5FFC6147E9B8531E3D09907A341E6
SHA1:	5EC96CE54545D76B32A399ACAAFA813D59465541
SHA-256:	8641C8BA11C928DB3FDD3BB8BD39E1086DFBCAC26DC4CAABA7F6219B8B191112
SHA-512:	1081D5772FC49A929722D3090D224FBE31AADA9268F921115E4977A81D8D223C608B5D7D7C7EC1E186CB5D75C9392F96506AD4EA6CB23B7253928039B91BBA09
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.997000..fVideoEchoZoom=0.996629..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001185..fWaveScale=0.010000..fWaveSmoothing=0.270000..fWaveParam=-0.380000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-03CNC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9335
Entropy (8bit):	5.24255473386349
Encrypted:	false
SSDEEP:	192:rAod8+5qxY7iY0zqWHAOgwZnbXmYCKu2DH2O2W:rAE83eWHAOgwZnbXmYCWb2k
MD5:	F0F9ECA85BD1A03D6C729D2795F114A6
SHA1:	DD20D6943AC77DAFFBC786571BD5A4FAF21BBEA6
SHA-256:	5DFD348F3FEBC79A08A353A6B7E4675F42BF323BBCEFF3478ABA6FE9459D0D6C
SHA-512:	C0CDE3C59CEDC4FDEF4435209E595383ACC0B348E939A4CC9DA5EE71FE44022B717C99CC0214214A203D8A67EE7D7C36CD0F08E09DA6CE5FAFB5BFACE4A89146
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=1.00951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-0NMJO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7744
Entropy (8bit):	4.955586420960373
Encrypted:	false
SSDEEP:	192:ogAIBRUSel6Stdffn27F1uFrFtE9vxIza4jK6wSQ7CFyyCHF1vdFTd58kNvrFbGp:og0tdffn251uFptE9vxIza4jK6wSQ7Sz
MD5:	4D4133C9C5A59E2769EC0902ECEA8E6A
SHA1:	55A7E839925E11CA6D92D83FA6C4214B6437CE1F
SHA-256:	E3106ED5C6443FE9A6903084E58952A931EAC15E1E492543DB53BC279E4EB12B
SHA-512:	15F6C7797AA8CF95D4C7ED8B552995EC4CF256332A1DEC36E790F7299657184677F2B2031515094F8B6C590EBE28B566AACAF62A89CAA3F5F862C8326E8C8080
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.140000..fDecay=0.895000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=0.101411..fWarpScale=1.981669..fZoomExponent=5.830084..fShader=1.000000..zoom=1.019604..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.880267..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.100000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.050000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-1RG5D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10713
Entropy (8bit):	5.222480592512039
Encrypted:	false
SSDEEP:	192:rmksk5qDOic8XWP9tpJiAOgwZnbXmYCKC4ZGe/0U0vj4l/JtecHh99fs9:rTs/6P9YAOgwZnbXmYCkZGVpj6JtX9f0
MD5:	68253FBBDF980822748EF77D0137BBF5
SHA1:	2A68B9D8942C2C06B5F9F514748BF793FC2C0EE3
SHA-256:	75F7D5CFAF9B5F548C039EA87D41F181E6B92E0F0CF2B4431F1BC09E138597DF
SHA-512:	D2CC451D4B95526BEB9B25BAB09C271A30EA0A5246EFCBD9910B817BE34D80F4011006A034807055AD5AF1401CE1C038031623893A7B91F4BF0241A52C61D785
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=3.04777..fShader=0.000..zoom=1.01730..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-3G1IF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10554
Entropy (8bit):	5.006990304491878
Encrypted:	false
SSDEEP:	192:qPRPnWQ5xedwBm/n27F0HEMtE9v6+lCj6QShB3nyrCIsvqd5RQVvwSmPGDqzB/al:qR/WQ5xKwB6n250HEMtE9v6+lCj6QShl
MD5:	A39AB9CDD25B54BAA0CB50E7C6383211
SHA1:	181EA1ED3D42BC8FF13A09B8775D40C0BC248EF4
SHA-256:	859F3DB9871C717E02161C4DB3A533597232C1978A9DD0C694F0A0EB177A74C0
SHA-512:	65EABDFF3A8584DEFF99423F6B27DE61190AB5194BFB5652E53609F0C8FBA9A00A170E13E4C28296270D204C00413D5D25A88BF775722FAE73441D58EC745B2B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.210000..fDecay=0.650000..fVideoEchoZoom=0.996621..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=7.709095..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=0.800000..zoom=0.999500..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.000000..sx=0.999993..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-3PADE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5123
Entropy (8bit):	4.618974208643884
Encrypted:	false
SSDEEP:	96:8Fu3JgPM61zYtLFpf7fOv9tnuKMtE9YVw8I3Sa4jj6QmnQCnyrCciBPvHdFPLd5X:Mu3JgPl1ctLFpf7fOv91uKMtE9YV/I3r
MD5:	CDE4BDF111FBB35AD74329E188009CE9
SHA1:	BABFFE53D3E5A728D9AC298631D07BB0F6B132F7
SHA-256:	09780734E5365FC1AAC01397831B8FF0ACE1C5629B2A923C3481728CA936D1B0
SHA-512:	73383AC2717ED4632FEC8C8A87D79F73F18BBCEDB22634C0B2570F2DC99EB4AEE6462B82D1256AE9FAF8CCCA7F0E6AE2F7C11D7F63E4FB567705143005703246
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.985000..fVideoEchoZoom=2.722646..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=0.640708..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=8.311067..fShader=1.000000..zoom=1.009509..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-4DM3R.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5335
Entropy (8bit):	4.694259489285755
Encrypted:	false
SSDEEP:	96:X0F8T0PMz1zDtjf30tan0tREz3tE9vcsTIEFYa4jcBVPQmnhCnrrCI5F3jtvHZLj:XU8T0PQ13tjfktan0tREz3tE9vc8IEFc
MD5:	8FD8290BF71EED166BAE89FADFCB33A6
SHA1:	00FE41E9A13C07F13B50F5A6D5A6C241727D30C6
SHA-256:	12501E4F4D77430850D3BBA8464C006DEC1A34B06C0E045D7AEE6F1333B1DFA6
SHA-512:	4221669C9995F019E97B07E422F7C09443643A045CE8BD2BE8292F891EC8B9951DA3BB1C1F9DFEB3CA2590922BD3052DCCDBB48C5E5A397CD57DDB68F55CB9AC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.910000..fVideoEchoZoom=1.001828..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285745..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=100.000000..fWarpScale=1.951295..fZoomExponent=0.010000..fShader=1.000000..zoom=0.904847..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=2.905227..sx=0.999995..sy=0.999998..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-7QR9V.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5387
Entropy (8bit):	4.732060723256138
Encrypted:	false
SSDEEP:	96:O7JPMZxQAM1IDM1bNHn2f0HE1PtE9viTIEFYa4iITQmnhCnry7I0VBPvHdFPLd5Z:OdPOxQAM1YM1btn2f0HE1PtE9vqIEFYh
MD5:	721D61C6C527CAED8D7C60D2B61D73E4
SHA1:	6199ACC8A1EB91B6D5EBDF700AD8B83324D5F3F8
SHA-256:	F98B4E8994AF48053ABDDE7B6EAC34F24C20D31069A254169102CBC3FDDCE5C0
SHA-512:	1E683BBBC87AE5E93A46FE02262CB0FDFDB13C4356AEEE405510C683F8AF033F2C517F03F98E81FB039DBBB36E49D4E2B6192AB8A20699CEE40103AD6DBB4EF0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.070000..fDecay=0.925000..fVideoEchoZoom=1.828659..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.711382..fWaveScale=0.389574..fWaveSmoothing=0.270000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=5.995790..fWarpScale=1.624064..fZoomExponent=2.518210..fShader=0.700000..zoom=1.009509..rot=-0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=1.599179..sx=0.999998..sy=0.999999..wave_r=0.750000..wave_g=0.750000..wave_b=0.750000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.100000..ib_size=0.260000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.100000..nMotionVectorsX=31.999994..nMotionVectorsY=38.400002..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-820I8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8318
Entropy (8bit):	4.981703576821917
Encrypted:	false
SSDEEP:	192:73ToHNJWmC5tzfxnv7F1HFMtE9vcqEFYa4KjTQFSh1FnyrCIpvdFTd58kNvrFbGR:zTltzfxnv51HFMtE9vcqoYa4KjTEShXz
MD5:	0D485DFD03B8EB053FD9470E3CD86392
SHA1:	5016F860C7C959B5972DA5799BDCADAB4E7C9F5D
SHA-256:	39A09FD8B6E5022B3173284E8275C41DD3848EC4123FCCF5C887F734CFAA2760
SHA-512:	0C3A83E01846721741AF0533CE797BA3ABCA80A91A3AB441AC16111846970861814EC4F727B52C7E3B164A23D325F977D779CA683332A4B13159978F48284F07
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.770001..fDecay=0.980000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.059151..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=3.749272..fWarpScale=0.721417..fZoomExponent=0.255373..fShader=0.500000..zoom=0.989617..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.030301..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=0.000000..ob_g=0.000000..ob_b=0.100000..ob_a=0.100000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=20.160004..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-9CCVS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11558
Entropy (8bit):	5.253086076210084
Encrypted:	false
SSDEEP:	192:r7Hdl+5qxHE/OYqWHAOgwZnbXmYCKuVSSbw5c5vYzh6qm:r79lZWHAOgwZnbXmYCLASbkcBYS
MD5:	39D214D3173E47FB55CAB72CDE4A4DA2
SHA1:	8CF3E1105CE2A2F4D606F78B7AE60E5E524C5A39
SHA-256:	42DC44507B256D5ADB05E0EF44F8BFBAE2D4DE2F490151586D8D00C910B9AC91
SHA-512:	D53C12984838FD1A0122B649D9D1AFC39100055278CF77EC5165C717BC65796203ADC1D6AC13013C488D5758CAA83DF7F7F64DC41A95860B15A7931787B647E5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.583..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=1.00250..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=1.000..wave_b=0.350..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-CK81H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10337
Entropy (8bit):	5.170143044562267
Encrypted:	false
SSDEEP:	192:rOed8Q5qxyui87X7WZ0y1ul4zDTJPIG02BK:rOq88KWZ0y1ul4DJPIuK
MD5:	D5FDB0D89364C2E76046D8E51A510C6B
SHA1:	3564BB303636829A7C6AE3B12D152755AB4203DA
SHA-256:	6FD26D070B776E8D3CC8977902441AD65CAB9E46FC1D526A7C38CD19245E7705
SHA-512:	C88C00192C11FE7667B4BB93FA6A4C080869D6FD941F543EB93961FDA6865CB356216A65341479361F4E188649F35B0434019D647029E4BD071D167F55923505
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-CPL14.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5069
Entropy (8bit):	4.642294277642597
Encrypted:	false
SSDEEP:	96:wKFUwqSMax1Jc0tWf7mG2LttnHFMtE9vV5kTIya4ibTrmnhCnyrCIqYvHeLd9kNg:wyvqS3x1ltWf7mG2Lt1HFMtE9vVOIyar
MD5:	5A1D773F19D0102E8C14B0DECF2A2A74
SHA1:	A0E7845C04B274148EF707800045F129632EFC74
SHA-256:	365AEDB65B5FE0D514E14BCEB57B2306A2B6442EA8C3DEDD4BB23371595FCD77
SHA-512:	28A6CA5CBDC8C40FA2C3566BDB09BC0A2E90DC02A004C8A2A1EF43609BF30E8851A7BDFFBED55B4F42DD45732C7051691E37029DD131C0569BB3252FFBD66C3F
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.700000..fDecay=0.925000..fVideoEchoZoom=1.356732..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.732989..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.910000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=0.905287..fWarpScale=2.188998..fZoomExponent=0.094414..fShader=1.000000..zoom=1.093153..rot=0.200000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=100.000000..sx=0.999996..sy=0.819498..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.200000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-GJ430.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7740
Entropy (8bit):	4.950755941336948
Encrypted:	false
SSDEEP:	192:4PPJWmC6t/fxOvc1HF1PtE9vXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqzwi:4Zt/fxOvc1HF1PtE9vXIoYa4jj6QSQCT
MD5:	E3E28ECFF9C458C39AC5E706009CC636
SHA1:	689E2AE3A48F5E468F38BDB9A5C36586ABE23192
SHA-256:	A3C15E07AF168B3F2A32DEFD9D5CD5C9EDCA0B9A0D21A0243F945C3A602995A0
SHA-512:	E6B4D7204B9ADEB8E12B09CFCBC0379E8D09B7422906DE5CD15E71C04DAA1E48B100862DE6C6F8EF3110F51BE038A38C4A73D13E8D9AB12F65C2704FD1BFCBF4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.400000..fDecay=0.980000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.951307..fZoomExponent=0.255373..fShader=0.500000..zoom=0.960513..rot=-0.040000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.972365..sx=1.030301..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=20.160004..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-M34H0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5101
Entropy (8bit):	4.6333134322721445
Encrypted:	false
SSDEEP:	96:fXVM3ROGPMS1wDt8f0asetnuFMtE9vV4T5Pa4ZqSQFmnhgKtyrCIeQvHdFPLd58a:9M3ROGP71wt8f0ase1uFMtE9vVA5Pa4g
MD5:	FBD28AF256CAA1B494AE4AADFDD354CE
SHA1:	DDD625B44C2A16046461AC2D76EBC03B4E3153CD
SHA-256:	F0A9156B78C0D9665428649F6CCAE658740034FFBB2C2BD7D75CD7ECA46C5698
SHA-512:	BFB4B78161694134DD02B9F90CE4FAEE9BBED13F218BFF1445901C321242F404E71E6837A157C14E59A16E8BD92FA63B990AD962769EEC31565A0510C5EDDA4B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.107410..fWaveScale=2.335817..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=6.811289..fShader=0.600000..zoom=0.904847..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.220183..sy=1.220186..wave_r=0.350000..wave_g=0.350000..wave_b=1.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-M3HJ7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12891
Entropy (8bit):	5.25693681523307
Encrypted:	false
SSDEEP:	192:r7Fd895qfui87X8W6s1uH4K0ekDWE4Xg2m4dLQtugz:r7r8exW6s1uH4/qE4XvN6u4
MD5:	8AB9F157994F4CF6817744C3708FD2A8
SHA1:	722C9737709EC7E5B45FCE0A6F9EA63B9B688BE2
SHA-256:	9987C278737E0881B83732234C2E6049B93F8249077223A7264B93EEB7B5FF5D
SHA-512:	2D41F0FE571D04741772E8EFB1CAFB9ADF040755C9358A830A79443D8A778FF5CFA8A85FDD7DD67DEF98C6F19B3F857213C4A14984CCBD6D76385D90037ED14B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=1.000..ob_a=1.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-MFIBR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5472
Entropy (8bit):	4.759155977238252
Encrypted:	false
SSDEEP:	96:iJ2PMqyO1z0tif3V27Ftn6+MtE9vb8jqJa9qTnmnh1FnyrCItLYvHpLdhks2etS8:o2P3yO1otif3V27F16+MtE9vYjqJa9qI
MD5:	1072565EDE60D299E475FF19C7780887
SHA1:	B21C388418E9A9A221000A7E4597D0239DED154C
SHA-256:	AF6EC3AE167C1B9B7E5A324E0E8DD0BD31B571D5741D44A798D2EEBFA2FB396A
SHA-512:	B1D5654868CCD0367077C98380D6FA02D0BA873D280EDDFFDAD74C96C28512EFBE47E4CE442D0EE98DC7A7C9BEE58CB75352ABF2A8D547967BF3A809A402B7CE
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=0.996624..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=1..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.711381..fWaveScale=1.163966..fWaveSmoothing=0.810000..fWaveParam=-0.600000..fModWaveAlphaStart=1.110000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=0.184233..fWarpScale=1.204928..fZoomExponent=5.582155..fShader=0.000000..zoom=1.019604..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.104292..sx=0.998168..sy=1.051003..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=19.199999..nMotionVectorsY=24.000004..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-OTTME.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5431
Entropy (8bit):	4.70315770219186
Encrypted:	false
SSDEEP:	96:JaFlbTqPMcr1z0t9f7mOvfvYstMtE9vzTIEFYa4jj6QmnQCnyrCHFVPvHdFPLd53:8lbTqPBr1ot9f7mOvfvYstMtE9vXIEF7
MD5:	7F7D9C45D90350D2F95C27753CC738ED
SHA1:	8F4B75970FFC2CCD6449BF890206C6A335DF3A65
SHA-256:	B962481559AD60F85C2A2300E6B43AC87F136BC5AE3AD4CCA25511633554A238
SHA-512:	142C6E11F43C709C6AE5AB4CFCE33D9768DAA1588E6D5BE5ADD6587A892DDFB44EA1D2230A5A14E589D414E901CC08FC69A1AD54BF14AF561A8A87145D637CF4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.498684..fVideoEchoAlpha=0.600000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.763004..fWaveScale=2.114586..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=8.815298..fZoomExponent=8.311067..fShader=0.500000..zoom=1.009509..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.020000..warp=3.209173..sx=0.942040..sy=0.999996..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-P9A0I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5033
Entropy (8bit):	4.627845957904002
Encrypted:	false
SSDEEP:	96:CYG3JgPM611C1HsDtCf75M2ctnHEttE92V1MIC3Ya4jK6tmnh7nyrCIicxvH53Pg:vG3JgPJ11C10tCf75M2c1HEttE92V6Ig
MD5:	AB5D2727C869F3B8A069E1A30CD45E4B
SHA1:	90CA8DD35121DF163EA92C5F3018A28BB31522BB
SHA-256:	46BDA4718DA8DF3994F97484E14BC638D8A362A8D5D947376DC9E254502A7300
SHA-512:	46FDA54DE462AC3DCE8E1AD395FE1837DF032C97282CA7ED08600C7D67141D1887F66C2EAFEA8E93EF1A8A62A1E0E931BAEE749D6B24EE177F0D2D61EDAE44FA
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=0.276106..fVideoEchoAlpha=0.400000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.415783..fWaveScale=1.053717..fWaveSmoothing=0.000000..fWaveParam=-0.000000..fModWaveAlphaStart=0.310000..fModWaveAlphaEnd=1.100000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.408386..fShader=0.500000..zoom=0.989618..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=-0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.100000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.100000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-SHHTE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5537
Entropy (8bit):	4.736942793661791
Encrypted:	false
SSDEEP:	96:KXPMc/cKfr6fcKk66u1zPtIfZnn7Ft1+MaD9zFT5PEFYa4AbTQF6t7ntaCq15nv9:QPZFfr6lk66u1TtIfZnn7Ft1+MaD9zBL
MD5:	61DBED42B6E3E54E50E4ABF1E9A58D3E
SHA1:	C346AA380D7E643BD4490DFF97C424B13898BA6D
SHA-256:	BFCE3DFD406C5D24E97D552C128384A96EDDE578B31B2E5DF36933628A57EA5D
SHA-512:	C0CF929AF2C9959194CF2A3682096B067E7A6F20E54F4FC2AF5E91DBD7A330A38125FDA3DCA8AC234F5A446C3111FD358F6E8907ED2E08A9082FCD8C517A35B9
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.140000..fDecay=0.925000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=9.737579..fZoomExponent=0.999995..fShader=0.000000..zoom=0.999513..rot=0.020000..cx=0.470000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.438652..sx=0.999996..sy=0.978433..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-T8KV4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7101
Entropy (8bit):	4.890806532293959
Encrypted:	false
SSDEEP:	192:y3JgPNRiJW5DtPqmn2c1uFttE9vXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDi:WJguqtPqmn2c1uFttE9vXIoYa4jj6QSD
MD5:	658EF5F05A5E7FAD7C22AC1C6A712F3B
SHA1:	E1592FDA97E87ED497E5C1064E2929433AA18C5D
SHA-256:	77B4B664B45ADE34B1A3BAEBF036FF431D18263B8868D81C15F23825C1436DBE
SHA-512:	C483A5A0972ACE91C70BF6496A7D3C2131D677116ACE2701D2D597575667A3F4668A51181C7958F40005DDC18C6BC80F74CB8DBF1CBA06D05BC0B1CCF2DDEBFB
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.955000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\fiShbRaiN\is-VVVH3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11266
Entropy (8bit):	5.21825530942083
Encrypted:	false
SSDEEP:	192:rded8+5qxyui87XRWIyGuy4zNa9eGyPpvhdIt:rdq8awWIyGuy4oeGyxot
MD5:	838AA1BD9E78F8A41EDAAA77D5B925D5
SHA1:	2AB5AFC40047A6B50819B05296AA8EC313DE1F65
SHA-256:	0E1B315391843E250D35A0FC18076673A012C2E4C8CD6361CCDCF5712BC82664
SHA-512:	3C8371101A3CF50F51BC61F96C9218FFD797B55B1153EA0EC6FEBDFAD7BA3F0F707B60BECF0827F766E604191B50E4DB4951BFA04E760110E72EDC736F1A059B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-033JI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13726
Entropy (8bit):	5.274525116458757
Encrypted:	false
SSDEEP:	192:riBrjU5qSZkLWj/a07euD+COv+9tpJDVZsZnbKYCo/ma9eGyPp820BLQcY:riBrjoeY+COW99V2ZnbKYCoeGyxkpE
MD5:	61734B10FD74AF082F313E47FA1246FE
SHA1:	4825AE57F0D63DAB5F3C320242B75BEBE014CA58
SHA-256:	DA632EF3CFB62A77E6597BFCD96C6A1FE6FFBAEB08E981609097B248BA2EB0D8
SHA-512:	F12E1F11E6B2D93AB10C6B3BDEB962695CE6000AB64A708A2D1854282183A9B59FC3DD097A518EF971C5CE4ECAD6221C2CB65B7CCD5204FF9CD85F43472907F3
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=2.713..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=1.000..fWarpScale=1.772..fZoomExponent=5.00873..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.120..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-03PPR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10557
Entropy (8bit):	5.254884437337463
Encrypted:	false
SSDEEP:	192:rledPJj+9xMOgZKnQqmYCKpgmO8l37Ow9eBJizBSreT7Flg:rlqPs9iOgYn5mYCxmOfmSKSsW
MD5:	5774A21B2DE6DE60C9FA67CDD45FE812
SHA1:	161DC028F74057529242C46F04642E4B82FD7C0E
SHA-256:	932777C201E542273A10B1FE3776E09EA46B2220B490B7F25692D5A2525CF64E
SHA-512:	B01B5A26A9B0B5B657F523EFD72038D39335CD90F63EEB3D148D1A7386608A2E09EA1A47640FCA2C6B98DE34C83FE809E44D798A45739D97FC2B2C6B9F860E10
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.560..fDecay=1.000..fVideoEchoZoom=0.362..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.599..fWaveSmoothing=0.000..fWaveParam=-0.500..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=0.15840..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.510..wave_g=0.500..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-0N2I4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7554
Entropy (8bit):	5.173542953355087
Encrypted:	false
SSDEEP:	192:rHr8s5q4nL9RdAOgwZnbXmYCKrFgTVn1dXzMw:rHr8KL9RdAOgwZnbXmYC1Tx1dT
MD5:	F73304578597D03F9B61D24A179102FA
SHA1:	B60785CF0BAE3447CA8D427C608B9890815F7C97
SHA-256:	AE69EA373AD0D89338AE8A2F8A9B22F2249F64232463204DCB52FCAA3EB5E788
SHA-512:	8A8D4C80235AC069F94F43425325E09B135250639577B145B557B5C8FC9517A9F02B7B1AF2AE34430691156EA9D4A21E62E1189B2BCBBC69E250EB7D8A55387B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.000..fWaveScale=0.900..fWaveSmoothing=0.630..fWaveParam=1.000..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00600..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=48.000..mv_dx=-0.941..mv_dy=0.426..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-0TTIP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17167
Entropy (8bit):	5.276544652058946
Encrypted:	false
SSDEEP:	192:rjMVdRGVM8xZHKalAVVpETPT3RONnCY9kmqklPxRnXf7lur29Mvn:rjMbRslAVVyrBONnCY2mqY5ZuN/
MD5:	979CEC1761B2A985887CA52B9D27FE73
SHA1:	CE83AC7866F4140C08AC7FF329A85A919D3F5BEA
SHA-256:	88BC67F02083075344935A7781FCA779E5305CFEEE57B04025EFEA1A0DF7BED6
SHA-512:	3FE355DD066A67FF643DF73CB062DD672F3D9E2937989886636F6064A68EA3714C77E9DD3AE04F99B363824577644DF26701AE2B442D0F8EED2244BE4C528903
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=0.000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.2

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-104LF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8485
Entropy (8bit):	5.173625964517978
Encrypted:	false
SSDEEP:	192:rcM8f5qq65L9RzAOgSZnbXmYCK+P0I2uLLO:rcM86L9RzAOgSZnbXmYCxnO
MD5:	0A65ADCCC6A6BB773CBDC55AEAADF97D
SHA1:	7949564085FA74F03E9F9DA69FC08F053820FB8F
SHA-256:	851A7BF0D8858243067272F9DB1172EA1DF8321889E72E6975AFA74521BD6456
SHA-512:	7F4A6B00D301A9AED94117058F6205DD24F5508BDCCA2DF244559238021DD80FA4E2FB86AA0CD56073C2FF341436E53D5F207B3EA5379DA70BB778E77288253E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.320..fDecay=1.000..fVideoEchoZoom=1.220..fVideoEchoAlpha=0.150..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.691..fWaveScale=4.778..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01010..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.015..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.90

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-1CGJ9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14893
Entropy (8bit):	5.280722294580325
Encrypted:	false
SSDEEP:	192:raRH8xZHKa7VVpsoLApqzY1nJH3N5wiwVJHwddwDgT58:raRW7VVBLAEzY1nJXPxK
MD5:	A926D56DE03DB3D4B8B2E21EBFB6408E
SHA1:	EE5C26150333F07BA7B694C8A11BD85BCD50DC53
SHA-256:	5CD65B821EAA8814D6816A06C50D5469F3550C757B4496EA4C226341F559D2AE
SHA-512:	018144DFFB67E232D0F3D212E9A31411C0C6744A4AF44F557134C7A8B4B387B78369EC23551CF08338752A10AB16BB0BB936CED909FA0447011B6471ABB4FB2F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.037..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.803..fWarpScale=1.220..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.31218..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=0.000..ib_b=0.750..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-1SG6M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14360
Entropy (8bit):	5.3129862753439525
Encrypted:	false
SSDEEP:	384:rQFRS9ne9q3OSZY24rLXCUkkaqti4uxeu:rucoq3OSZY3Lzrti4uxeu
MD5:	215E598FA2CE53601CA07E4789959FF6
SHA1:	1A8DB32FAB9DB2C7DF9AE978E6F66A68AC15D052
SHA-256:	C53066F72C3D3A305502584942389AA9462D7AAF9168B2FB7B18EF4C6D82A525
SHA-512:	337B08A5025B5037D379615160172BE075AB78EDCC8377C62FCB1D9598A3FE57FF9BD7C71209C051038D439A76593ECE3AFA29C36142C8D796255EC59C673E15
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=1.000..fGammaAdj=1.210..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.073..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=1.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-261A3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14555
Entropy (8bit):	5.27243183451478
Encrypted:	false
SSDEEP:	192:rmOd8eui87X4WV0qluf4KgopJTlQ83/Jtp32ZtXtbtptmI:rJ8WZWV0qluf4BopJXJtQdBnX
MD5:	AFAD9C7E15379E3A84A19FF624B9F320
SHA1:	9B526E722411CAA44DC04EA0114FB26E31CDDDBB
SHA-256:	E0EB33F3D601A4B5B0702916502BB9D7670590CDC712E77EBCE94F26752483DC
SHA-512:	24A053D5912879F0F779B614134899930E1E8212F2C4F74D2B228AB76B42EBE5693947200A4D44CED6F061E895CF24E2CE41085837BE3E9AA341D7EEF957B88F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-2EMNE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15480
Entropy (8bit):	5.284697403830763
Encrypted:	false
SSDEEP:	192:r5dRxCn8xZHKa7VVpLZLApB9ZpJ/TAa7Ys8kOx20rmDyDXQGdhh9qGZ:rHR027VVXLAL91EUY1TQG19VZ
MD5:	2F9842056627BE05A7A1451A8B780BE9
SHA1:	1CFE1075FDE27BE44C5B58F62A07BA34F91C51CC
SHA-256:	6BB48F6FE8F5599F88D38D75F9D1869FE43B7D387EEF91871541F5C1369973C8
SHA-512:	B28A0A8272D7587804ACE6C7CA5B1AC9693BD7D6A2DF9EB5C970C10615BDFC093914700C3372344B9D68057A4806EC4E9152418E099C750B4A55F1746547792A
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=2..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.000..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.005..ib_r=0.250..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-4PHGV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9230
Entropy (8bit):	5.196577638367365
Encrypted:	false
SSDEEP:	192:rwk5qxvNiEAWWP9tpJiAOgwZnbXmYCK2Mrq286v:rwSvP9YAOgwZnbXmYCwv
MD5:	5E91A8F47585773515D9E37AA6D6EFDF
SHA1:	982F38D2E877150806C6F056078DBD63E5D52980
SHA-256:	D05EC96F60B3720F1EA1883B4CE747C818CED4B6B2118A447FB3D930E74B84A6
SHA-512:	CA8991219EB80EB5F1C82382B7A01249C8E78786FD27697AA53C5F2B38D2BA39EDB38F51D7122E6D490C3681D24606784DCDC56C3B961457AFDE80E9A66D27E2
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.560..fDecay=1.000..fVideoEchoZoom=0.362..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=1.00400..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.19788..sx=0.99967..sy=0.99990..wave_r=1.000..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-4U7S6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17782
Entropy (8bit):	5.186661466190764
Encrypted:	false
SSDEEP:	192:r9Edrii3DFiOuVSoCQXcrPT3ZD1mX/9FOHanTYCJdCFnwUbVKrZ8+92W:r9Yr5T0Cgy1C/9FOHanTYCjwwuKnP
MD5:	8F8F146289EC452F9DB4CA6183CEF3F9
SHA1:	5755FA506E067DCB9F8B3E9B957F33AD44FB43F4
SHA-256:	3B2825D47715922947BBB69D4618D376EC6BEBBAC35E125FD2D16FCEC0A79F92
SHA-512:	408341D23C671E6BE40C243B38B470313521B4A03459152D42744790B725F4AB8F877E1BDFFD6AE6D9EAC59F8B3B39E82C8A6B3B0B03C4C81758BD665B1DC19B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=0.900..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.005..fWaveScale=0.167..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=1.00183..fShader=1.000..zoom=0.96098..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.950..wave_y=1.000..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=-0.002..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-59H75.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18517
Entropy (8bit):	5.304893262336689
Encrypted:	false
SSDEEP:	384:r/Wkn3rB/08L2RvFRV1tr+e3vcotGwtGZ:r/vB/08CRPV1tSeUB
MD5:	1EE3263E4897B786F005BE462B54B7EB
SHA1:	5FE1E85E217187C4C4C9BC4469B04B2B24A64515
SHA-256:	1AA1DE24F3175A8A779F8ADE093938BB617DC44F94563A08E42984F882A8ED34
SHA-512:	7810D5762BF036EE6A43DC6C449F3595A7835DECED43CE46747A40B59DF18238D29C3ED5C742C5EEBC734C6A7EF9AF115ED2599EA5D0B0CB5307117BCFEC9CE2
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=0.995..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.413..fWaveScale=0.418..fWaveSmoothing=0.000..fWaveParam=-0.660..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.626..fWarpScale=1.331..fZoomExponent=1.00001..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.08925..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.240..wave_y=0.440..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-5EFJR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11191
Entropy (8bit):	5.161972617806212
Encrypted:	false
SSDEEP:	96:PjdRTGsRa2kjaNBP7Cu5fyM4hu9fp4NNYow0D099WO5MHlWxUO5kYzyJuZquPWD9:rdRCq7VVpOo9cOrxKYWEZq/D7l+2d
MD5:	D1C5C52BFDCE782F717F9C1244E92679
SHA1:	64EBD49B560AB44C41244BB9D9CB9823D9EF971D
SHA-256:	9ACA4967A5B6754739D6EB8D458CBEBA0AFB76E30DE7534F4D02B0B0D48BFD1D
SHA-512:	ECC3833D9DB921C65D6B7ECEDB0CBAA4F00A1856BC09E01D9D2027894937E0DD01CDE51316FE43FFE7A82C4C4764879FA04218FB962B3E0B9B82252C326C6618
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=1.000..nVideoEchoOrientation=2..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=1.83149..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000..mv_r=1.000..mv_g=1.000..mv_b=0.000..mv_a=0.000..b1n=0.000..b2n=0.000..b

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-5JT8A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12731
Entropy (8bit):	5.2386567238261765
Encrypted:	false
SSDEEP:	192:rBRA5qSxM8xZHKaUsVVpLZLApk9YTZa7YsPt+IGz2O5:rBRmj/VVXLAy9YtUYq+b
MD5:	DBAD648BD8FEA8CA8D07B4818DBAD5AF
SHA1:	1925EAF30DFC78825C342E907AF5636E7BA0DA83
SHA-256:	425136AE341F67CCB819ADB421C9B5740F9F7300A9455CDFEF9CCC42B03EF906
SHA-512:	FD46CE33C9C24ECA53CEEFC23BA0E48B461E05DEB9027C117FCF191016B822C0B03CBAC7417C9181D2D4262207454443D01D43C61BF150B32DEE8AB57F3A745C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.762..fWaveSmoothing=0.900..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.408..fWarpScale=0.905..fZoomExponent=1.00000..fShader=0.000..zoom=1.02500..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.63735..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=1.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.000..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-66H2D.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15823
Entropy (8bit):	5.273795139766895
Encrypted:	false
SSDEEP:	384:r+R+2sVVXLA59zOUYsqusCEdEl7Ho4eQA:r+4XT+9zOUYvAEeneQA
MD5:	CE32F8F2CA046C5A5E0D3B07B8A20598
SHA1:	D9D8870F24EBC8D54F30797E4032E3F7A73B9D43
SHA-256:	D817E9B5DC8410E442B2EC2D81DD4E17EB74C156444FEBBBF93EC9DE8F7BB261
SHA-512:	FBBF8BA8C80AFF3C80F82993967D98BCE2FAD1BC48EE897D0B51BBAFD5AB5A4F9F655DAF4622B35BDED59D6334B2B8E06DAA3CD712954CEC5DD8E2E1110B019C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=2..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.311..fWarpScale=8.311..fZoomExponent=5.20652..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.13291..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-6N0VE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15603
Entropy (8bit):	5.260953552364014
Encrypted:	false
SSDEEP:	192:rWrKbO11Q+c7Nyg9VOnn4Y5dwaRqjwRKQlRWbgcfxT3PG:rWrlg9VOnn4YjqOKGWn5T3e
MD5:	DFE62ADC3B065A89EC9192E8C6B3E896
SHA1:	9FF4716CB79C6B45BD3FDEED67F1C87E55439D02
SHA-256:	5B60320B7BC7D456B9AB91FFA1B2AE0F3016C773D714519AA437E7F4622179CC
SHA-512:	67EC11A356C9CD9B0E161E568DB8508BEE11A08EE54BFC283BB6AEEC997D2E772A5CD19E64D63A488633B91A3F64E183545E4AF908DCEC0E71C64DF5C156CA6E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=0.585..fVideoEchoZoom=1.127..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.005..fWaveScale=0.167..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.817..fWarpScale=0.918..fZoomExponent=0.33077..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.55697..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.950..wave_y=1.000..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=34.560..nMotionVectorsY=28.680..mv_dx=1.000..mv_dy=0.000..mv_l=4.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-75DNA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17332
Entropy (8bit):	5.2819891321991115
Encrypted:	false
SSDEEP:	192:rzW+5qxlSnzTKFUBjrEyA1V8dE5ms+7QSzJP6V/Vrrs9Z9OOcMsdZwH4rlgswZ9A:rzWkn3rB/08l2RvFjeGinmf
MD5:	BCB8D691DF94AD345AF3A6C86010AED2
SHA1:	8C71BC7E0E3064B8044B34DA999D38324298CDC7
SHA-256:	7D8D387AE0366DA68CF8156AB03AEBCC604A3B122217197EBC38C7C4C2FAA90F
SHA-512:	9322EE4ADE878CF4FCAA99AB6E2D93BA734D29380678EB31015D51F63643BAEE2266174D8674DBDE81E7D4053F6A9069465822F0F4A1208DB14AE8C23565809D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000..fGammaAdj=1.000..fDecay=0.995..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.413..fWaveScale=0.418..fWaveSmoothing=0.000..fWaveParam=-0.660..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.626..fWarpScale=1.331..fZoomExponent=1.00001..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.08925..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.240..wave_y=0.440..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-7O2BM.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8493
Entropy (8bit):	5.223624111677369
Encrypted:	false
SSDEEP:	192:rj8XK6M9R7OEZnbXmYCKarq3SXZ7i8b+h/:rj8o9R7OEZnbXmYC/rq3SXk8a
MD5:	06F35861B17E519322D6463CEF736F50
SHA1:	A72A96806733D7982F12C68F591E98B168D6D119
SHA-256:	E3E32EBF5263A42B4395674659C34F913AE02550D842B736943FA312A7F60C4B
SHA-512:	152CC0917DBC71936EE24EB73F2D2565070E267B11E658019EFB41270D07A027B4E3B8003F7487CABBB25C5183E8C6E19D2F1D1327F4509425691DD5B8D28932
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.900..fDecay=0.850..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.000..fWaveScale=0.010..fWaveSmoothing=0.630..fWaveParam=-1.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=13.29089..rot=0.00000..cx=0.500..cy=0.500..dx=-0.28000..dy=-0.32000..warp=0.00826..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.050..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=1.000..ib_size=0.055..ib_r=0.000..ib_g=1.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-865TJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13411
Entropy (8bit):	5.249408111140833
Encrypted:	false
SSDEEP:	192:rsdRtqrVVpOz9ZMxtUYhmdqARlG/ZVyGL6x2neJ/:rARkrVVe9ZQqYhyqAmLyGL/eJ/
MD5:	4EF7357021C48743DE76764DF71446EF
SHA1:	3A635FECF00A68D9857338D61A7EF07D339780AE
SHA-256:	DC86870A8E523FCC1AF8A74DAE3BC0FA985A1D3728B87D18349AE4506DB04119
SHA-512:	4CA167DE310DF940534B66C40937F1C6AA3E95622D5DE7E77450B552C92AB99311AEF45C222EF010F2CC99A74746A2362DEDB715AE0FFA8F5B5E51473DD1409A
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.096..fWarpScale=1.442..fZoomExponent=0.05354..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-AGMRU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18393
Entropy (8bit):	5.249047174153907
Encrypted:	false
SSDEEP:	192:rLUZBOj4zvCSI73qRSHLROhsYCQtoxmrpPwyhb9Dyj7:r4ZWSvCH39HLROhsYCB+We9Dy/
MD5:	A8E6B2E2EEDF1367A89D3F7BB9CD8BBA
SHA1:	FB8430A9C71039B9E2474C917B27F76E952D47AB
SHA-256:	65C3B307835978552CB19C3779787713CAA5AD9B9CA87AF48437422100BFC224
SHA-512:	D1F1AF0E0C9334D0B877E6EE1D4A371A1186411598BC6CE32C067F6EF3371612CE3AEED2D1D1ABD4FE8DA6001291391605EDFC338845257122314F8781711D39
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.030..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.549..fWarpScale=2.940..fZoomExponent=1.03315..fShader=1.000..zoom=1.56481..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.45984..sx=0.93272..sy=0.89632..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-B81HA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15494
Entropy (8bit):	5.268734409950211
Encrypted:	false
SSDEEP:	384:rJRpWVViLAEG9COBnuYVopJlALzfCUST6k/bUbX:rJOG1G9COBnuYasLrCUQ69bX
MD5:	0239CCBEF5804858BDD0F86B95E890BF
SHA1:	9688771DBA12D3DB03D78815564B35FE225A7D46
SHA-256:	4900F06295802A43A1464E389497A586117934007094A4E9565A5C034E8CA354
SHA-512:	5F268BBC9867341339AC1DA417BB9FF353AA527638E7EA138E9F6699C7B1906F961D2BBBE252B760F7357D65C115A262908CFC77B4944BF9A1A7FA82E4001E1B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.037..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=1.83149..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.020..ob_r=0.000..ob_g=0.000..ob_b=1.000..ob_a=1.000..ib_size=0.030..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-C005E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18121
Entropy (8bit):	5.297769569014128
Encrypted:	false
SSDEEP:	192:rHW+5qxQmnzTKFUBjrEyA1V8BE5ms+7QSzJP6V/Vrrs9Z9OOcMsdZwH4rlgswZ92:rHWPn3rB/08h2RvFoV1tdeCjS
MD5:	178C7C3063E685BB0900B3C593C289E9
SHA1:	0C9D4062C3929078212600DBFAFDF4A720DD6B2B
SHA-256:	DB71A1381FD4A164CAE8A1916803FA269508BE6C6022BB712B9BF2F785DB0E57
SHA-512:	91683A5A324E089B5F1227D3B14D98F8AC146E20124242D08782488A65BD95958D7A253886F690A01C0A88AB69BFD18EBCA6C4E4A2AB548E39E2563E21709D78
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.995..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.413..fWaveScale=0.418..fWaveSmoothing=0.000..fWaveParam=-0.660..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.626..fWarpScale=1.331..fZoomExponent=1.00001..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.08925..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.240..wave_y=0.440..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-C4AHP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7710
Entropy (8bit):	5.095990577388658
Encrypted:	false
SSDEEP:	192:rt8mx6e9RhOrnRmYCKGUL2x/O43eMJxU22:rt8mx9RhOrnRmYCtUL2x/O43eYxe
MD5:	846F02C86C426083AD7D8DE5A6F7A4FC
SHA1:	0918A9B90366F0F849A2294D2C9652CF4FF85036
SHA-256:	933A7BF801E6DC4197CC2CF8BF1CAF563163DF67B2875D71770BE8AD30E6C2AC
SHA-512:	AF29F2E9377F45BA3DC896ABAB51B9CA56EA87DD3C583BD57DE1D43DB082771EF72F6DD508991D6A3B4E0AC1A14CB66B29F0E72BDA9C0D1748CFB337005C987B
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.950..fVideoEchoZoom=0.498..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.630..fWaveParam=-1.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=13.29089..rot=0.00000..cx=0.500..cy=0.500..dx=-0.28000..dy=-0.32000..warp=0.00909..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=12.800..nMotionVectorsY=9.600..mv_dx=0.000..mv_dy=0.000..mv_l=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-CEC03.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12727
Entropy (8bit):	5.241190225222269
Encrypted:	false
SSDEEP:	192:rYoh5qSZkLWj/a07euD+COvSZ9DpDOk9VZsZnb8Y1S8tl8wo2Xeb:rYoVeY+COE9DV2Znb8Yfl8Seb
MD5:	402B072B22E71160E83AEB780050C768
SHA1:	9CED754A3791238C821A48856BCF29BD1F735A67
SHA-256:	4990F9A589D5742A5C0877AD7D4DD0E3AC93176C569134A68B19799D996585F9
SHA-512:	B2609FB71A8D67F522B56415F7A145C8F7EEE2196B1F00CCA26B821D163D69B9D7947A280D374EB8F8D2245C075C5E8CB6BC5AF3E4E6511419856716AEF396CA
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=1.666..fWaveSmoothing=0.810..fWaveParam=0.000..fModWaveAlphaStart=1.400..fModWaveAlphaEnd=1.400..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=3.04777..fShader=0.000..zoom=1.01730..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-CGP1H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7609
Entropy (8bit):	5.124673045076285
Encrypted:	false
SSDEEP:	96:8+eMxcjedPcAje649Q+sTDOg8IaexkhnTvXH0nqmYzmKlTTcdDlPmJ8J22hyBU:rAedPJj+9xMOgZKnQqmYCKpGoU2eyBU
MD5:	650A68D55BE3792997B99A04927F8AC4
SHA1:	C610E98E3781A2BCA8757A11F4A24C550495A8C3
SHA-256:	43DF982AA8730E6E9CC510FE33CF7BCAD791DA78228864B4CFE7C69C8BA34020
SHA-512:	471D0D8BAE28FD0826A44B23EDD774EDCF6C5D514960C6B05AD3C3E6467F498E6C6186899DC413D5523F7A2F9E756CBED19BE0D9222E78E2A5CDB50053C36963
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.560..fDecay=1.000..fVideoEchoZoom=0.362..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.599..fWaveSmoothing=0.000..fWaveParam=-0.500..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=0.15840..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.510..wave_g=0.500..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.500

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-CODG7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15427
Entropy (8bit):	5.28002485023886
Encrypted:	false
SSDEEP:	192:rOFdRbM8xZHKaQ4VVpETPT3CBnlcJmqqlP32Ls/mWbdmM2nS:rOrRFQ4VVyryBnlkmq0J/mWBmy
MD5:	14D9FD01F268E23493ADCC7A1F55CA05
SHA1:	03C817B6AB5BE7A4D0AA5D6BF80283C8A4D907D1
SHA-256:	B59AA311C810CDED2FC8CC391A7721F9D0908064962A741926E67C9B3D22BB12
SHA-512:	CC17C980FBE4C345753700605CD33EC311773913B489F6B971B4669BB97A179A86DB2E9C14911C0375ABD44AB43C6987436CEF41F18725EAD3F6A2851C2AEC32
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92170..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.000..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-D3MPN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7144
Entropy (8bit):	5.098953814414541
Encrypted:	false
SSDEEP:	96:8+eMxwMHQV8Tos4L9R9j9AOg2EmzPhnbnv4qmYzmKlTUnhvcebY62dkhKSP8hf:rrHLU5L9RzAOgSZnbXmYCKyvc16MSEhf
MD5:	AA4FC53AA5F2F58AD9E6B0DDC7154816
SHA1:	0C2A07580CEAFADF5F7F96E8F7C07828D3660CE6
SHA-256:	845BE9AAEA3B5B6603140281BEDE42861DECE2E98BB8545E98A81007E2EEC54E
SHA-512:	5F9A0F8D631E54974C4E7313AAD0B3EE37ECB8CBBE27F4FED6E30EA3FC6540FA60690FD94D72C5AACDBD8B2185C7D01DCACBCD8F4ABB45A1815F2A22A578A477
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.900..fWaveParam=1.000..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=2.155..fWarpScale=0.591..fZoomExponent=1.00016..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00001..dy=0.00001..warp=8.31106..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.600..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.005..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.100..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-DMV8U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15439
Entropy (8bit):	5.298859378681389
Encrypted:	false
SSDEEP:	384:rKBrA0eY+CO/9xV2ZnbKYCBiXYgk7E1weGyee1smA5xe:rQrRvq9/2ZnbKYCd7E1weGUsmA5xe
MD5:	57844ACFB37F573F8B8B12944D4C0BD1
SHA1:	818A16A563578DEDA00D5E0E9B5FB119E1FD0932
SHA-256:	88BA80EB5731AC0AFA39CD9967722642A1FC57BFE2BDC32ABD3482796844F424
SHA-512:	EAF1B035257C803342382D39A15F4F5E975FBD2FE32E55C93B9181A82951AF9A0639B02DC2AB8D1EE8AF597349FBB2ADC9CA75EE5EA7943C579BF760746C4C79
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=1.224..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=1.000..fWarpScale=1.772..fZoomExponent=5.00873..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-EOLA4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16436
Entropy (8bit):	5.255892729891125
Encrypted:	false
SSDEEP:	192:rdrd8Qyui87XmW00shnlTf4K8opJTlQ83TJPIt2hfsN:rdZ8Z1W00shnB4FopJ7JPIssN
MD5:	4D9B91A1D691B4B2FDCD20C6FD7D662D
SHA1:	5A2885F10E8FD5AE1E4A8F03D294934DA5B558D7
SHA-256:	D42D7BE077FA3172756F523A79BE819BCF50FA44CB608CBFEB9423BAD3EE68D5
SHA-512:	DCCD912B4EF79147BE10EF0E93DA2A0DB7B7CB6A2BE0B1A188431A18E3A18B261902B4E3435E045624C897F7BBFC2CA28EE9632F484FFE5674EC46E23C8B22E9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=1.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-FG1SQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12125
Entropy (8bit):	5.284252815085411
Encrypted:	false
SSDEEP:	192:r4dLx65L9RzAOgSZnbXmYCKicSzCFWWEgTuxM3eYnO6NwEdt1/NhsqSJbG8:r0L0L9RzAOgSZnbXmYCkSzCFWWEgTux/
MD5:	AEB64004EC1B9690C825E93200EF3F0F
SHA1:	439093C05E461B74191C81F6935D896AAE1A5290
SHA-256:	2013B121CBC881D9736C0E221595A8C8A3CB0F8998A62DB0680E0086FD1D5092
SHA-512:	8DAC7975772E8F4E243ADCB1461D0ACD23F220F600A8D182B0B7A4206CBACAEFC375FF782D2A92A00E6A5EDD09F4B4E273F75A7CD70733C9A35F48687134B36D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.900..fWaveParam=1.000..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=1.766..fZoomExponent=1.00016..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00001..dy=0.00001..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.600..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.005..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.100..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GFDHA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13875
Entropy (8bit):	5.276439019410295
Encrypted:	false
SSDEEP:	384:rger8H+CO/97O1ZnbXmYCTBHHla0WVQpULMeeMzD:r/rEq97O1ZnbXmYCu0WVQpUoeesD
MD5:	C1C4DA24DF30EC2C636FDB987A044B65
SHA1:	9F6FAC362D6DAC960B1F6B3DAE6DD4E2FDF27647
SHA-256:	1B44C539749F6ECC4BACBF91717C8E1F913886344074E5B79362A69E9914C4A9
SHA-512:	5957270200C0BE72FF307E494B8344F32C9B4FBC6AC3D1B0D340FF11572E2C5BF117F81CCD22F68DCFA85C78E9ABBAD990EA4C6B227321E53A75FBD7FA60A40C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.000..fWaveScale=0.900..fWaveSmoothing=0.630..fWaveParam=1.000..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=2.007..fWarpScale=1.341..fZoomExponent=4.40100..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=48.000..mv_dx=-0.941..mv_dy=0.426..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GIO32.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15036
Entropy (8bit):	5.283083482381386
Encrypted:	false
SSDEEP:	384:rTexAeY+CO09RaV2Znb2YClUL2x/O43ejBZnbQZ923:rKWv99Rc2Znb2YCvZO43ejBZnbO96
MD5:	7E201A02D882D4B9A51E96DF1409BE30
SHA1:	C4C169660A660C9AA71704F9480D8435D00FEF80
SHA-256:	369EFE779C1270FC85446649B0B28B794667386390951E4D42EF8053829EB46E
SHA-512:	6EA8C4EDE799E47A74B005756DCFBF3D053277C30878C75EA3427DD28CC4BE19E51C726FBE98DE96186741086C2F60C6ED76FDBAD7A777CA016CC43A492C41E6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=0.983..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.19913..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01359..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.040..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.500..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GV0A1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14787
Entropy (8bit):	5.258528912092416
Encrypted:	false
SSDEEP:	192:rLR+n8xZHKasVVpLZLApD9zT6a7Ys5qu6JZ6LgP2ZtXtbtptmY:rLR+2sVVXLA59zOUYsqusC3dBn/
MD5:	BFCEEFB131C1F530D8ADDD44A705BB3B
SHA1:	A0F039FC7E7FB11324A8554C020A01E655772481
SHA-256:	53802F601CC5363BBC9D79CAE9080BFE63ECF13BBCE24097DEFDC2BEC5659A1D
SHA-512:	24194B44B0F7263F7D9C114E7F0D9720E06E39B4B531D4911AF852321EB90890BC5507753CAFF678FE81EB08AC8629CF4EA34B3F83E621768F49A7C5731C643D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=2..nWaveMode=1..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.311..fWarpScale=8.311..fZoomExponent=5.20652..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.13291..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.000..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-GVT2A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10879
Entropy (8bit):	5.254271527435026
Encrypted:	false
SSDEEP:	192:rmksk5qcNiVVUWP9tpJiAOgwZnbXmYCKosck6MaEeG7M28kJW:rTsrtP9YAOgwZnbXmYCuck6MreG7ckE
MD5:	BA7A94CFC7DF2B445B026A7279DA9596
SHA1:	71593AFD835D9EABD9DDF0DBC1F48E1AC283C0B4
SHA-256:	651E62661E8A25FF2DFBEAFE7FF471A2B4D038ECECA26BC05CFF8400AE937CDC
SHA-512:	481BFE814089D4409A4A71C3A9D57DE8EFD50AB1BC3C18BEFB1BF58B42774E0CCEF414017A88C9DF4BD657C5450BF35AFEA6E7D48B1DE35950D4E1110AFD5178
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=3.04777..fShader=0.000..zoom=1.01730..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-HAN6B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18946
Entropy (8bit):	5.262541989094811
Encrypted:	false
SSDEEP:	192:rQl0BOj4zvCSI73qRSHLROhsYCQUr6ir3vugUt+t1txtEQb:rQl0WSvCH39HLROhsYCB/3ISTfNb
MD5:	EF679AF7B69D6C771338D34A11C97F12
SHA1:	E65689A0B94DB866CE248EB8A1554FADF6882E87
SHA-256:	8BE0F816AE9518F22011884F511252128E5B5A2F6B4BA78487D556AF47B73B62
SHA-512:	1879AD684C994139D66E490668D22A1ED29A1353C5CFDF0E904928616BDA9B2971FE4A82AD185E53A9382F8DCFE2BDBC3FE8E70A0E0E18DCADDD404A3A2DDBA0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.030..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.549..fWarpScale=2.940..fZoomExponent=0.02049..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.45984..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-HR3R2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16036
Entropy (8bit):	5.286973052142249
Encrypted:	false
SSDEEP:	192:rKFdRbM8xZHKaQ4VVpETPT3CBnlcJmqqlP32Ls/mWbdmizRYS9Fx:rKrRFQ4VVyryBnlkmq0J/mWBmMYS97
MD5:	0F06511E8D23FB6A57038A4919C7EBB1
SHA1:	B5049A4222850F80EBD8BE2A6381165963EAE384
SHA-256:	96F76EE774C97829CD0EFCA384422FC85FC6078E05F9370A38C334658148F1F6
SHA-512:	5F125222938337748918CA1E9DD32DF14B89ED2BDAF89A481EF90621418F061566EF8B684929C8505D3D9D7112FFD681EFBC3FAF035F886D471853C89EF12D1E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92170..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.000..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-I5287.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6835
Entropy (8bit):	5.143148366777368
Encrypted:	false
SSDEEP:	192:r/VrAQ5qYFY9vWVZsZnbKYCoC6QHG2FeY0:r9rAd9eV2ZnbKYCEEe1
MD5:	74A9394279F667466D7362F1ED172598
SHA1:	04F522C6E6B2AE61869CD81DE6ACEE35BF9B7375
SHA-256:	8259395A4D337A303958053A1BCEC2AA7C32425CF09C8BCD578623EE790C85D7
SHA-512:	79A3EC634077FD39D84C7EC46E1B242811BCA2F94EF1D1B3DA90DB2929CD12622876513BF0DE798BB9FE6DE94F707C4A866DD768A30EB47AF8BB62FF22380DE0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.100..fWaveScale=1.508..fWaveSmoothing=0.000..fWaveParam=0.340..fModWaveAlphaStart=1.130..fModWaveAlphaEnd=1.360..fWarpAnimSpeed=1.000..fWarpScale=1.772..fZoomExponent=5.00873..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-IF9Q3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16105
Entropy (8bit):	5.226937866350775
Encrypted:	false
SSDEEP:	192:r6tlhBpX4zvCSI73qRSHD3OhsYCQo9YGCFLUh99fsa:r6tlhfSvCH39HD3OhsYCxYGCFLS9fP
MD5:	D20DA168DE0F7E5200A1E65BDEA7A3A3
SHA1:	44144DE6C2B2077F15FA298770E92FE30388DD47
SHA-256:	0C32265D8752973FB8CF064617A2F418BA517ADF2DE91B6A14171F9E3801AD12
SHA-512:	1F0BA915DB80815D74F4F63F6F34602357C6526C2A272166B20392D2D7A0A6B592757D86295BAE946D85ADFD1A41B0F9E30CF41273717F3FE8EB2554047F82F5
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.030..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=4.28632..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01743..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-IGSPU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8884
Entropy (8bit):	5.20551678218155
Encrypted:	false
SSDEEP:	192:r8MIRaPEVVpETPT3g4O/nCY9keGK632JuAu:r8MIR/VVyrQ4O/nCY2FQu
MD5:	C7E9333D01CD2F66CD8AAA8BDEB80728
SHA1:	AA134502878575EB9EA9A67EDEE8F8DFFDD2CFA1
SHA-256:	9AC3185F08C2270B69F779930B738DAAABF0E82E369F17023B98F1C40623763A
SHA-512:	249EAE5D6EA99289B7A053014EED3698BD1ECA31FFD778CFBC6F872135C442A1746FE6CE5FE9462E72107D8019F12DD5873DF5B8521E49886883304A4B3B4104
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=0.004..fWaveScale=0.295..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.228..fWarpScale=4.141..fZoomExponent=0.43865..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.18090..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=1.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.250

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-L4OAU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12266
Entropy (8bit):	5.2556957322555755
Encrypted:	false
SSDEEP:	192:riBrjU5qSZkLWj/a07euD+COv+9tpJDVZsZnbKYCola9eGyPp82OD:riBrjoeY+COW99V2ZnbKYCZeGyx8
MD5:	04669133D4F0EA548EAE8D4F8EB92F4D
SHA1:	8EF445F538DFDD57090D26D520AFA24DF259EB43
SHA-256:	149344F851960601C1729B14CC8892C8E771985E06FF132F1B464A23D78B75FA
SHA-512:	A47CCF67B1E3848148EE06D74C0013A1FE05B6D9B186EDEB2FBE7048346E2A4AF2F2D7F5837289A5356CEB48929DE16C1A87FAD1AB47B36E7B1D35C98003AA89
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=2.713..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=1.000..fWarpScale=1.772..fZoomExponent=5.00873..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.120..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-LJ5D3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12995
Entropy (8bit):	5.258566647762636
Encrypted:	false
SSDEEP:	192:r7H0+5qSZkLWj/a07euD+COv+9tpJDVZsZnb9YCVPtxPa9eGy372yf:r7H0aeY+COW99V2Znb9YCTseGy3Jf
MD5:	51A4D4A0BF37ECC1721A055D252D937D
SHA1:	CE6BE88120B49A8297F0931A167D8CD58558EDB0
SHA-256:	D8D6A5819FF39605AA3EFF881C2206F944A8899E655C64F183C3A93FCB3170F0
SHA-512:	B5E305A0A52CD204846245ADF363DF6138F074837955F0525FE87B33270F1BB3E8869194FFE931020E6E65F172D39EC4958D33BAB3F30F4D71D71880BCC033C0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=2.713..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00909..sx=1.00000..sy=1.00000..wave_r=0.440..wave_g=0.400..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-LNB69.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14187
Entropy (8bit):	5.250101956970909
Encrypted:	false
SSDEEP:	192:rgidlz8xZHKaQ4VVpETPT3o92lcJmq30lP3A5Yc2sN:rgGl6Q4VVyrY92lkmqW+Y8N
MD5:	006AB77A470D7035B6F396E065F32038
SHA1:	1DB00FBAD76DA4DED8CB93BB4FE5685F12761807
SHA-256:	87DC5F44BA05E62E262253D1577B5CCC2D682EF9860399FEA423718B853CC2E3
SHA-512:	5B9E82A62559BDC5137EB8F442B22182F554A34BF96EB4731B5F9B3422D9B5BDBCCED046C87D4A0D38A7B292B6B7BFB8F27A998E5AFF85EAB9BF443DA85DC20E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=2.789..fWaveScale=0.292..fWaveSmoothing=0.000..fWaveParam=0.120..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.200..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-M5DE4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19580
Entropy (8bit):	5.233171411014484
Encrypted:	false
SSDEEP:	384:rSYrVT0Cgy1C/9FOHanTYCjYrKxmSv4k8VFN:rdHgkC/9FOHanTYCU+0Sv4k8VFN
MD5:	90D4E3D04DB187892DEBDF4F3C3385B5
SHA1:	A4AAF18409864AA3E79233881BB7E2B51AFB0BD2
SHA-256:	93E74F8A7722D91F14E9504BDEAE22CB990B26CD4D642074AFC06B31DA1A5D75
SHA-512:	D552205DC6D649698A401485368CCC2E184C73BEF5409FD2B9BB6F9D5E6ACC6F900CB6B703C5AA7AA8F06F7504D404F2D462281C63522AA1AC37B0D4CC8DF4C1
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.900..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.005..fWaveScale=0.167..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=1.00183..fShader=1.000..zoom=0.96098..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.950..wave_y=1.000..ob_size=0.040..ob_r=1.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=-0.002..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-M69II.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9285
Entropy (8bit):	5.174610099282633
Encrypted:	false
SSDEEP:	192:r5rss5qxvNiEAWWP9tpJiAOgwZnbXmYCKrFgTcq286v:r5rsqvP9YAOgwZnbXmYC1Tqv
MD5:	29B45F8050A54FAF554B67293D34E0DB
SHA1:	70167E4448444726FEBAD215AB8E421377BC3A5B
SHA-256:	2A95A9A89535160DADEE74FA5F4D61EB9624B9564E3FEED38248AD132DC4F1D9
SHA-512:	939033D2FF54FD3C4337FE1C07E1B98FADFFEDB07AC4C9A9B59E83484BA8C4036DBC60EE9096FFE05DF84EAE5288429A8BA4C6D92BD0A6C696103B297279C7EB
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.560..fDecay=1.000..fVideoEchoZoom=0.362..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=1.00000..fShader=1.000..zoom=1.00000..rot=0.00600..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-MECI4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14222
Entropy (8bit):	5.26007733393532
Encrypted:	false
SSDEEP:	192:rNOd8eui87X4WV0qluf4KgopJIlQ86KeGCSh9lWa:rs8WZWV0qluf4BopJOeGBlWa
MD5:	211631C23C912C53DA291EB741A68247
SHA1:	936CFB2BD3297AE0C252B1277E37CEC9719AA356
SHA-256:	5357E789F35C519EC6E122FDB84E692015F9A225337DF14E894BABA84E0FFEA2
SHA-512:	FE78C231A76039212DD3969C02C9F115FA7BBD7250E8B4A8B7BF34CAB1C06A598364708DED4B99215ED571C47CAAA5DEEEA746B24DF78C5151E58ACE196173DD
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-MPQS8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	18020
Entropy (8bit):	5.189214329139215
Encrypted:	false
SSDEEP:	192:rGEdreX32FiOuVSoCQXcrPT3ZD1mX/9FOHanTYCJdCFnwUbVKrZcOyG2e:rGYrYG0Cgy1C/9FOHanTYCjwwuKXys
MD5:	7895308981DD6949F8757DD9D7BBCB80
SHA1:	F883AFB61B9C851F68ECB84A32D777EF77C41E02
SHA-256:	B2A780804EBA869AC30E0EFA9CFBB0B8B5D8083AFE32460B2F41F2BF30732662
SHA-512:	A50C80C6F2D6E971C1A200A5081487BD120A092E09FE68AF51F9E90A57CEFB4B910C60327B21AAB5400516D95AD648AF99BE46E6CCB23C3D3F31BAAAFD482B75
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=2.000..fGammaAdj=1.000..fDecay=0.900..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.005..fWaveScale=0.167..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=1.00183..fShader=1.000..zoom=0.96098..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.950..wave_y=1.000..ob_size=0.040..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=-0.002..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-O1SLI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12253
Entropy (8bit):	5.209679392441669
Encrypted:	false
SSDEEP:	96:8+eMxqXjdRTbRa2kqZN77Cu5fyM4hu9fp4NNYow09t9r+Gm11nZsrTHqTZvBtP10:rETdRJrVVpOz9O5x/VYW5BP6lfuWFhGK
MD5:	934538979EE865C8906BE281B1297A90
SHA1:	92E0D1A93A82B198381B8561DDAFBEB95AD34A46
SHA-256:	50B3739960EE16BF7DC34FF151072C8F8F6A47281264CEC35A0F78FF90149412
SHA-512:	BA88E2C3816F298FB51AE08C7E74ABA9ABA5783133B9D4582F7B25DF0041650F114E9CBEE1094DA5B1DE268179C34F6CE07ECEEDAABC71F5C1703C011FA423A6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=1.83149..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-OETFG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16307
Entropy (8bit):	5.257555095341916
Encrypted:	false
SSDEEP:	384:ryAOCxpQmRuJCsDlgYFZGVflcv6Ej4YUGWLR:ryDq1RKCuyYDClcJj4YUGWLR
MD5:	57EB842BD6F518B8252A5C0013E197EC
SHA1:	9CA395E369FDCBEF0CC484504573C9BFE4DC2186
SHA-256:	BEC8F874ACAAB5DA73ED63B608DFF2457D9A924DF88A86D32278A371D0570695
SHA-512:	8CE54BCA823EEB15EB131F4C079428AB6A055702C16AF4A1F13839CBECA85D111E61AD3C96EF69FABF71CC40FC9C7E212E54EB3C744E80A679C4D2A6A0EA1A78
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.545..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.100..fModWaveAlphaEnd=1.100..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=3.04777..fShader=0.000..zoom=1.01730..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-OFOE1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7512
Entropy (8bit):	5.14405279708544
Encrypted:	false
SSDEEP:	192:rNdPF5qt+9tOg/nGmYCKfTSCW82+GLvwv3:rzPP9tOg/nGmYCeThWuM+3
MD5:	6AAC55D21A5E09B4B88E559C124693F6
SHA1:	08EF48EB7FE6CB5744EB4CD11372BDE4B5CCF650
SHA-256:	D881AA2C574FF8483861FB06C91CA6575D072BEC6E8249096EE6E96FA6FFB503
SHA-512:	51DF58216E1B03928A15C84078C236C4A42990A2FE8A7AAE29D8E41FCE05AA3AEEFCD694AA3FA0349811E503F73DC6F58A3F568F30FFC9108F69E8F6077D83EF
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000..fGammaAdj=1.560..fDecay=1.000..fVideoEchoZoom=0.362..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.599..fWaveSmoothing=0.000..fWaveParam=-0.500..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=0.99952..rot=0.00000..cx=0.500..cy=0.500..dx=-0.00500..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.510..wave_g=0.500..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.50

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-OGSGC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17462
Entropy (8bit):	5.284292137307956
Encrypted:	false
SSDEEP:	192:rSWw5qeMznzTK1UB/rYyA1V8dE5ms+7QSzJP6V/Vrrs9Z9OOcMsdZwH4rlgswZ9R:rSW7zn37Fr08l2RvFAAmv
MD5:	31ED3C07F73199CB3A69CD5BC086126E
SHA1:	0C6651DC592A00BD55BDE5DA176A0D34FE770729
SHA-256:	DF8C2E515BE2A343EB31407B191A946D28E0E608D0D6BC92783EF595200155B5
SHA-512:	A6F6CF297ADFE6B63B1624075BC0B508D90A00288020EED5C6900349B3D183F3C02A55CCA0B63128EE69343A48FC3BD148393DF322322D529833DEE4E6634BD4
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.995..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.413..fWaveScale=0.418..fWaveSmoothing=0.000..fWaveParam=-0.660..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=0.626..fWarpScale=1.331..fZoomExponent=1.00001..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.08925..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.240..wave_y=0.440..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-PS2Q4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12260
Entropy (8bit):	5.265737689371034
Encrypted:	false
SSDEEP:	192:rLYrcQ5qtk67plD+CDvX96OrZnbXmYCKtbIpULSheeyhh9qGD:rLYrcJ+CD/96OrZnbXmYCkkpULMeeI9V
MD5:	9F80C1B8D0FBED41441D964D658C8F39
SHA1:	5F1331CA5553A1BCA733C6B4389164C0798AA6BC
SHA-256:	C9692CDEFC7E7546D2E05490372A12891EAEC25AEE0C1B184A944AB6936C3E50
SHA-512:	72E86CBA5826D4707D5AE8324D878A743171A1AE4A298C0538A9E0EE04D8E6EE5CFEA931A4A70E76018C4DA5831D710654FF6686FD212C53B832308231843CD1
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.358..fWaveScale=1.571..fWaveSmoothing=0.504..fWaveParam=-0.520..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=2.007..fWarpScale=1.341..fZoomExponent=4.40100..fShader=0.000..zoom=1.01100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=48.000..mv_dx=-0.941..mv_dy=0.426..mv_l=5.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-PTQP2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12588
Entropy (8bit):	5.262713175428146
Encrypted:	false
SSDEEP:	192:rEUYKGZkLWj/a07euD+COvs9R0VZsZnb2YCVkEwus9j3XbgS2yC:rEUYleY+CO09R0V2Znb2YCug4jHbggC
MD5:	99FC8226E0C7A8AFCA627E13907C3655
SHA1:	D807B8EEEEC4A3E1316D84FED788DE572C46A790
SHA-256:	0D2EAC4E5CDF81F129F5D3D5F4C640C2AF9369696A955A8E9411E6C46B04C809
SHA-512:	44A14672F56344891C91CC7FCFC6A2263DF05245C8E40BC3453B078D467A9F93CACE97F545A66FAC93C37C1A72F88DBAB38DDD28134DA0BCEFB23603EF2EBB3E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=1.554..fWaveSmoothing=0.756..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.26311..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01359..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=1.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.500..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-R0RJR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14771
Entropy (8bit):	5.3200023512403245
Encrypted:	false
SSDEEP:	384:rQFRc9nY9qXOSZY24rLXCUkkaqtixfpL9Q:ruWeqXOSZY3Lzrti9pL9Q
MD5:	0CC15DB2B83F49C2042CDF6619164091
SHA1:	4E184B507C3619DB895BE7CBDCA610D9F54EAA26
SHA-256:	46EBAC3BB8A2B37762A2868DC1F9A016EA1BAEE48EEE24F3ECFA1022C5D47FE0
SHA-512:	B1E6BA83778723E4C5B3C907DC645919F959F7218EE00E65F3622512077A5D83AEB080312EA98F1FBCF82C3406C1AA644139F9C16EEB63A15F1585E6662A8730
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=3..PSVERSION_WARP=3..PSVERSION_COMP=3..[preset00]..fRating=1.000..fGammaAdj=1.210..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.073..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=1.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.5

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-RCDRK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10090
Entropy (8bit):	5.228988879967555
Encrypted:	false
SSDEEP:	192:rErlB0G9RaVZsZnb2YCVNXZGbnBo0bALns9j3AbgYg0zc+d:rErlT9RaV2Znb2YCrJGzBTsL4jwbgOz5
MD5:	4A98C444EAF325CAD585EB73F227A5A0
SHA1:	C86A60B333202EA27A8891C17D339BB72C7C01E4
SHA-256:	E144C1E24F96323FDEC6E4DC2EEF5B3D2A15A17C104D8A61069241DBF55756A3
SHA-512:	AC55F6137B7AA07F27F76F66299F61F71392F3905C3B4FBCF64DBD45190849855E86692F489DC4CFCD58A94D164F6A6966DDA1B110487ECA81C83F876576F8EE
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=2.136..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=1.600..fModWaveAlphaEnd=1.600..fWarpAnimSpeed=9.861..fWarpScale=16.217..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=0.100..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-RJ4DC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16933
Entropy (8bit):	5.265948746660165
Encrypted:	false
SSDEEP:	192:ryrd8Fyui87XcW00sQnMTN4K8opJTlQ83TJPItYhIsVE6sc/:ryZ8cNW00sQna4FopJ7JPI3sVE6sA
MD5:	CC944B87C57D45F40835F86EC901EA96
SHA1:	FB5A006FD05CB076BF894C2ED7301CCD64E3F4B5
SHA-256:	74729BDF63B016114C3706DCD57E7C435667B454A2709E5FAC00217D72AFA03E
SHA-512:	B8DF24D983C7ED4BBA6D222C89BD554FD26C5C2B55FBC36F5ED4AF8BDDD6D0871ACD5BEC37AC68FDD28DD17D7AF5F9EB10AB84968C22B36EFE042743D6ACF2CE
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=1.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-RVD12.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8659
Entropy (8bit):	5.202676282642463
Encrypted:	false
SSDEEP:	192:r5+ly5qqUZ9WlOsInbCmYCzv8S8tVP+oJ4sz326F2Hwc:rQlT9iOlnbCmYCbdQhc
MD5:	B3DB7C36D014346E93308D5DF408A5C0
SHA1:	4660E2FA2262C1CE81DE55C924EE964F5CC97FAB
SHA-256:	BE1F50268F6F7EDEE60A1F084FB2EB04EBDF8912DBB8F76F3882D8AD5F1D98D7
SHA-512:	C8576E3892751CAA98CE3A8A66C8E01F6BE65FC5264AF3590DA937EB4CDB91D3DAB8B580CE3CE4D1F12A5DBF8F2A3778C4FCA2794C0F5B96577B4594490E0762
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.243..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=30.965..fWarpScale=2.572..fZoomExponent=2.00672..fShader=0.000..zoom=1.00901..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00054..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-S0D4Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19007
Entropy (8bit):	5.156279130112871
Encrypted:	false
SSDEEP:	192:rqH0+5qD1/D6XfMuc3AoTCdkO9OQUUngOVO+YdqOteo1sate26o:rqH0LdZACCdkO9fnggYcy1Lj
MD5:	795294103A2A98C6A1DBB9AB25083CF7
SHA1:	A6BE2488AA30A6C43A6F8A422B0F2ECBB95FF0DA
SHA-256:	53B41C1F76F4135490DDAFCE4AA80FEEE9ED013D00B2E2B266B0A7ECFED928D5
SHA-512:	CE3A0C35ECE5FE51083115C41075D57184F01CDD80E48293DD25CBA78EC640ACF6FA642AFFA74B5633AC89FAA65C847B7BF9A427E26419A5705A1C7DFD9EDCA6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=2.713..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00909..sx=1.00000..sy=1.00000..wave_r=0.440..wave_g=0.400..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SBFC4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11938
Entropy (8bit):	5.187145873239657
Encrypted:	false
SSDEEP:	192:rulaIhSNxZHKadIU92Og2nbcYCzLb2dLZoTb2:rulKdj92Og2nbcYCoLF
MD5:	0FF01D224C321C9CD20BBC6C28BE6430
SHA1:	0CD5C389C9E5985711DD603C885F3CFBCE99D616
SHA-256:	3A9E9764FFACC2DE47FE4E6EDE5C3D8011F7AD35720622A129829B8FA12D7D10
SHA-512:	480051AD5799B03566B75A20C73DA7ACCC34780653A551B55071C55E55ACD0203C79170292AFA9849B5F6E41D3BA662DBAB1C419DCAAE96318CDD96D45B2ACB0
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=0.900..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=5.715..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.162..fWarpScale=5.582..fZoomExponent=0.32104..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.11563..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SJPS8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10450
Entropy (8bit):	5.11183440299052
Encrypted:	false
SSDEEP:	96:YJdlYUe2un7IL00oEKNjdt9a9SiwOTRHthnTTN4YzmJlq76iXMX8Y5:UdlxHks0yKJdto9NwO9nTGYCJLi0
MD5:	EFCAD97128D0B79196F303840F518991
SHA1:	3AD2B7C84904D70FE4AC7B3C019E063373DCC2BC
SHA-256:	67F6FC18C6351C3D6BC2296EE14BD0C726849483CE457807AD180FAD6AECDE95
SHA-512:	0F7FD12BC98602014E826E7A4BB7D3FBCEE29FDD037D5858317780843D6AA077CC97EF6B29275494078ABCB4AE83C028BCDFCCCB0F5A158178A61A47DAE32032
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.010..fVideoEchoAlpha=1.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=5.715..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.32104..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.170..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000..mv_r=1.000..mv_g=1.000..mv_b=0.000..mv_a=0.000..b1n=0.000..b2n=0.000..b3

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SMCBB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14084
Entropy (8bit):	5.25089850295161
Encrypted:	false
SSDEEP:	192:ruOd8Dui87X4WV0qluf4KgopJTlQ83/JtM820UIs:rh8fZWV0qluf4BopJXJt6Is
MD5:	D2B4779F92BA171E796672911AF83659
SHA1:	F9031A8565481A302C52D9C31010AF2DC8754E04
SHA-256:	B7FB59B3AA699A3356521A820EE1A2CB86BD967B62C2D8E675D1C2E0A30C6CE1
SHA-512:	7FF24AE5080FE427BFAA7CA1256BE66A55C1F66D42E7D72F1632733DF0BAB633FBD391BA2F5F6A0B1A50D0322D72152A7850CB38DB6883EEA24CC53C9AE202D6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.92178..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SN7UB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13472
Entropy (8bit):	5.233283913482951
Encrypted:	false
SSDEEP:	192:rLgdR6rVVpOz9O5x/VYW5qARlG/7/8VP2ZXN:rL8R6rVVe9OD9Y2qAml
MD5:	F907CEE658C7959E73215ABAD07B3F92
SHA1:	0044192DD10A7B3B701FCC386D8FDC88C9C73738
SHA-256:	6C13C875695D706342C394138C30E847621D8A164F9D3BCCD096EF61FDC8F650
SHA-512:	8BAF50B4031EE72C7381A5D5E7FE4AC034EB6F30F5B7985290FE1C5EB73532A4ED5C38D06CECEEEFEC164D02E99C64CBA6CBCE7AF6EE053F429982B3D7EA0E0D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=1.83149..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=1.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-SVHO2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10603
Entropy (8bit):	5.240982854356227
Encrypted:	false
SSDEEP:	192:rTrZB0v9RaVZsZnb2YCVNXZGbnBo0F/KhbYGc3Eh2ZtXtbtptmY:rTrZq9RaV2Znb2YCrJGzBT1C8GoEIdB/
MD5:	A64A315C228294951FD39E88ACB94805
SHA1:	F4A4DB09FA509CA8ABCF8E30186407DA4E09BBAC
SHA-256:	D798077D914801822BB66AC3603CE8FE370357B6652311CD0DA0D26F86742BDC
SHA-512:	89A9EA5CAA0457AD54C862D5828D8F670DC2A8D3BC851E3E717474FB374C6B0FF9183BACC93EC2C995EF3201F933548D1A64E3086A7E49485416C255F56DE3FD
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=2.136..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=1.600..fModWaveAlphaEnd=1.600..fWarpAnimSpeed=9.861..fWarpScale=16.217..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.040..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=1.000..ob_g=0.100..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-T7IV4.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	17223
Entropy (8bit):	5.321855120983817
Encrypted:	false
SSDEEP:	384:rTsrtP9YAOgwZnbXmYCn4eoZVAJEx6X2LeG7Jwfgg:rTc9YAOgwZnbXmYC4eoZVAJEx6X2LeGa
MD5:	B056F612FA802669115FEE13C18575C0
SHA1:	530205F088E392DD179D97DED619DC753D50ECD4
SHA-256:	AC60D18FE66E1C30C9AE5E7EC35CAA45A2ADA51020B5BBA0E64E2DB3BDF73FA7
SHA-512:	C945AE7A941BA3884B5C78E5CFB1998F7E87779EF88E86367B66D12BB49704A6405CFB16736E47390B43C7D67D6A8E75B65A05D8C8B98F5797882AC3F47CE703
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.280..fDecay=0.800..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=3.04777..fShader=0.000..zoom=1.01730..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-U74IP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12512
Entropy (8bit):	5.262986402037684
Encrypted:	false
SSDEEP:	192:rUeMrGZkLWj/a07euD+COvs9RVVZsZnb2YCVCEwPe9j3wbgE2yC:rUeMAeY+CO09RVV2Znb2YC8ZWjgbg6C
MD5:	E9896E9DF0BDAD55C746892667B49EC3
SHA1:	E0B32C12D74AF8142FA12798543DAD70E7A28025
SHA-256:	7F842E284C17C65808413D061991701D0CE669BC552B2C69240CA9B7C48FD556
SHA-512:	408A38B415AF8276340FFC8518E8F959CA4C3421BC714794012AE8A383155E8B78F290958003862D84960509B8E906358CAFF111BD531B41A6AC01E8DDF15739
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.009..fWaveScale=1.554..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.19913..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01359..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=1.000..wave_b=0.040..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.500..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-V5TRR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9632
Entropy (8bit):	5.092796192137399
Encrypted:	false
SSDEEP:	96:T7JdlTi1VTV2un7IL00oEKPu9i9zVKQ3mqmZf83YzblqKuvFzUW1n:TNdlWYks0yKmA9ZOqY3QvFoE
MD5:	EC944E10CCCB95134F8807D9C329A5FA
SHA1:	65EB6339C718CD0B3BC9AAA23E84DA5B99C0268B
SHA-256:	0A01FEB25DD5FDC07FE818248A2FB12287D366859C113A7100C38227CBBCFEA7
SHA-512:	4360D489B571F375EE67A113515E88934B115A6660B7D809BDC078C637C4855E1BB327FAC96A739542191EE6CED3F527CF4307412F16DA60796B6A26DABB0BAF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=5.715..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.32104..fShader=0.000..zoom=0.99010..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=1.000..nMotionVectorsX=24.960..nMotionVectorsY=19.200..mv_dx=0.000..mv_dy=0.000..mv_l=0.850..mv_r=0.500..mv_g=0.500..mv_b=0.500..mv_a=0.000..b1n=0.000..b2n=0.000..b3n=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-V7PMR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16351
Entropy (8bit):	5.268082561376806
Encrypted:	false
SSDEEP:	384:rkrRr7VVBLAET9TOInXYEJGzBT9cPUc9I99VZ:rkrVV1T9TOInXYFz0PUj9VZ
MD5:	7DB940D2DAC4D0EDCA24955F204ED20F
SHA1:	BB4AA7543A14F740B49C279D55A7A0B67384E340
SHA-256:	DAE4064A6D6C54644722A14F98A6E0CABF87890F843758F9C5395858D4E3E124
SHA-512:	1EEDFEEBE41B41F1166F2CF8083B61B74F6F0A4AC1110AEAF219BDAAE3B77469392DEB43D7C04C38402AFE929BBE39C1E850D33418B71BDA1D1B8CEDE42572A9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004..fWaveScale=0.037..fWaveSmoothing=0.000..fWaveParam=-0.440..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=9.861..fWarpScale=16.217..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.040..ob_size=0.010..ob_r=1.000..ob_g=0.100..ob_b=0.000..ob_a=1.000..ib_size=0.050..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-VDS5H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6674
Entropy (8bit):	5.083556932602684
Encrypted:	false
SSDEEP:	192:rQr8y5qW6nL9RdAOgwZnbXmYCKIweH3oJ6hy7:rQr85L9RdAOgwZnbXmYCMeAj7
MD5:	8366AB02220D0D4FAE93027D671D586A
SHA1:	46B2930DF395106F218BCF4A29084C1E0344C4EC
SHA-256:	C55416EC9961D4F4615E480EF46F24484AFC33646E19784265593DB3E8B76FB7
SHA-512:	2D0F160F5B743564DD0E27A7DD49837E9910E93058E4FE46EBD2F03C9BBD7E7570DF2CD8353F9345A90CDC9F8122E631E576D5395262E6D4306DABA3AC89C522
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=5..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.000..fWaveScale=0.900..fWaveSmoothing=0.630..fWaveParam=1.000..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00600..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=48.000..mv_dx=-0.941..mv_dy=0.426..mv_l=5.000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\flexi\is-VUC2B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8573
Entropy (8bit):	5.193104942014643
Encrypted:	false
SSDEEP:	96:8+eMxAjedPcAje649Q+sTDOg8IaexkhnTvXH0nqmYzmKlTMllPmJY4LGU+J2rI6f:rIedPJj+9xMOgZKnQqmYCKnEUu286f
MD5:	2D21EF7BB9CA2E7271539D1C3BF81E8A
SHA1:	5E2ED40C17438944C272AA49EACF2A84092FA2F7
SHA-256:	2D574CC23F1B0415B75544475C3016C8E65774F0302F2BF636ECEC32A4ED5C82
SHA-512:	19A8C910ED592F6BD0C3E8BA30EE6D773C6DBEE373F3830AE59FA1F5C4ACCE9BEEE497CDC8A167E3F9391F61CCA7341E8256DC011F4FF79F41FE91C52B9849CD
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.560..fDecay=1.000..fVideoEchoZoom=0.362..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.599..fWaveSmoothing=0.000..fWaveParam=-0.500..fModWaveAlphaStart=2.000..fModWaveAlphaEnd=2.000..fWarpAnimSpeed=1.000..fWarpScale=0.107..fZoomExponent=0.15840..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.510..wave_g=0.500..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-0M8IT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9803
Entropy (8bit):	5.083356023854019
Encrypted:	false
SSDEEP:	192:T3JCsQW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvk:LJCmZR5V2nwfxmn290HEMtE9vLIkiKKt
MD5:	D28F02B196AE4906D2224886F4BA6250
SHA1:	6032F3BD5CBE7B3D6B76DAC49F197F580685CEFF
SHA-256:	42BDFF77B16D2640142DAFA3370E8030BBD57D6A7322A2AF1014365A42DF9A35
SHA-512:	AED550394510B6A5E7AD369C6D3E29545D62E6A2DA5D29D663956D719864C15C02703378F2342D00E8509A475409D874D442709F0BA326E44B04B3E0CBEA84F4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-0MGNH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12291
Entropy (8bit):	5.109910373786505
Encrypted:	false
SSDEEP:	384:fXR4B6dS23Tfn291uFMMFc2batFEGY6rSh7nSLiI01RlsvyFiGDqzBqaz4JyiGBR:fBKV23Tfn291uFMMFc2OtFEGY6rSh7ni
MD5:	BEF53FE1D06FFF4AA8CF870E2C2D11C7
SHA1:	304BF8060ECDDD461C00040433540BC48FACFA1C
SHA-256:	D2109B0631E5C0E33874399F842A464483BB55FF5D0A4B4DF0B6B8FADEABC508
SHA-512:	B87A41EC26DCC47EB7AF7BCF4BBD51D4E8C5FDB25DF2FD75E3614B318DAB117AC4540BB593EAE01CEAE7499E3D52F9EF9ADCD6418F8C4732A024A944C3B2565E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.965000..fVideoEchoZoom=1.483827..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=0.010000..fWarpScale=1.470245..fZoomExponent=4.778023..fShader=0.000000..zoom=0.998162..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.001828..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=1.000000..ob_g=0.500000..ob_b=0.500000..ob_a=1.000000..ib_size=0.500000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=4.800001..mv_dx=0.4

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-3NO79.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11379
Entropy (8bit):	5.11186941120127
Encrypted:	false
SSDEEP:	192:43JCsQW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvx:8JCmZR5V2nwfxmn290HEMtE9vLIkiKK0
MD5:	F564836DDFD72F73583462B6D03966FB
SHA1:	D93ED433A197FC0FA0E4D4E4DBB3796877164C9F
SHA-256:	820B49427FAB3D102BD60B753B9B55D6A50FC18868385E3970117E6F6B5148DB
SHA-512:	FA400CE159DD36D7240BD388AF4F77F002A8517C83564BF0E8FD8CDF14893AE27364C74D656F27DC829F2F2694389DADC77E86F4C3B76CCC9E8472014A0AE3F3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-3O3LH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6553
Entropy (8bit):	4.841311700226275
Encrypted:	false
SSDEEP:	192:+E73WSm1ttGqFnvc1RFDrFME92jh7I7FqTQLh7OrrCgivW58kN2rFb/DqzwDauF/:+sWScttGqnvc1zDpME92jh7I7FqTQLhJ
MD5:	573C7B17F16B880EB69CEB4632754BD0
SHA1:	7FFBF951B32F30E30020082CA7674D4784DE54F9
SHA-256:	67ED906985E66CD3A9C5CFDC371525973BFEC94B7676A648054F6FDC086ED9E9
SHA-512:	3E8A650A64BC4201372E64F7BF336FC7B030914C9A0453A56D13A377BD84C3597FF39A98D897FFA5A933C0FEADFA5F4F49145D42C5B6250A8B3D76CEE7CDD5DC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.210000..fDecay=0.500000..fVideoEchoZoom=1.001825..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=0.999998..sy=1.001800..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=0.000000..ib_size=0.005000..ib_r=1.000000..ib_g=0.000000..ib_b=0.300000..ib_a=1.000000..nMotionVectorsX=10.879999..nMotionVectorsY=11.520000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-4U6JP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10793
Entropy (8bit):	5.068995662308143
Encrypted:	false
SSDEEP:	192:w3JCHxW1rNwoewfk3nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvM:UJCqZR52nwfxmn290HEMtE9vLIkiKKTJ
MD5:	908B86437B5734DA2DD0768AC02057E6
SHA1:	40588BA1D0E4673CF51CD938AE39F9D92EECC920
SHA-256:	E4F83A0051121FAC6B771C5FA2BAC0F2A4C36729C389CAF462D7C1FA65103DDD
SHA-512:	8FF4A376B4B1509B63543748709CE8218F022C05625B7353823A963171B3C0E37A64D5DB9EF6D6A2E12F3966C6D1A34AA4D3B8C4FBE67E8E8F9AD9556B42D94A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.008151..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.400000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-5HRC7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6721
Entropy (8bit):	4.83284710471704
Encrypted:	false
SSDEEP:	192:7E73BhN7m1at9TqFnvc1RFDrFME9vjhBI70j6QFSr0wry7qYvdFTd58kNvrFbGDU:7sBv7cat9Tqnvc1zDpME9vjhBI70j6EN
MD5:	EB74E825A15456687FCE5DC64327C343
SHA1:	523178091F77CF30E9785A647C097D2C43F0E889
SHA-256:	BD8BC019A8749994C62CC14BBCA2F374BFF32F11725C7EC420D44629A395702D
SHA-512:	5D33A0EC16D6EA6D8856557C3D9E8552278B0CFE16406CC0590D31BAC9B4906DE8438A652FC8CCE9A0AA22C0066C5203C373F54EF015C667BD9E22460F3C9E6B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.210000..fDecay=0.500000..fVideoEchoZoom=1.001828..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=0.999998..sy=0.991909..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=0.000000..ib_size=0.010000..ib_r=1.000000..ib_g=0.000000..ib_b=0.300000..ib_a=1.000000..nMotionVectorsX=0.000000..nMotionVectorsY=0.000000..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-8K7TH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6226
Entropy (8bit):	4.814240041343113
Encrypted:	false
SSDEEP:	192:P3J7OE1+tWOmOvd1HFutE9v1IMiKTQLQ7OyrCIsHWd58kNvrFbyDqzwFOauFiAWI:fJ7O6+tWOmOvd1HFutE9v1IMiKTQLQ7r
MD5:	EF8002CF79D2125C0FB9633F2271ACC0
SHA1:	C6E120D0516A421104418EA45CE244CFA5A39742
SHA-256:	1BB6711EAB8DE70110E578DE257D611D2AD4FCFFED4F4302BCED1D0488CC7348
SHA-512:	4C5E744009556678FC39FA10055CC5FF2A78093A2501AFB23D4CADFE121E203C16ECD85A0F04DC0A8B1A053F90782652DD3EAE0EB60965266D5993118BF10139
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.980000..fVideoEchoZoom=1.001827..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.591236..fWaveSmoothing=0.000000..fWaveParam=-0.250000..fModWaveAlphaStart=1.000000..fModWaveAlphaEnd=2.000000..fWarpAnimSpeed=1.000000..fWarpScale=1.000000..fZoomExponent=1.000000..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=0.999998..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.015000..ib_r=1.000000..ib_g=1.000000..ib_b=0.590000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-919QQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10000
Entropy (8bit):	5.092461497146179
Encrypted:	false
SSDEEP:	192:J3JCHQW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsv5:ZJC9ZR5V2nwfxmn290HEMtE9vLIkiKKy
MD5:	1536D30E80FC9E1DC271E656ADE98B5F
SHA1:	226B1C668D23295677748BB346F449F95A18A221
SHA-256:	A847BD0BC68E553D7D72148B841862E31905990D3F0591F1A8038909F461C1F1
SHA-512:	6054A167B2588BAAD8A839C32AEB95FB292B2759059C779111839D9E5317E17F04CD84492483A88C7CB36D8EE31AE265278C16C3DA14532DB8A24C20DFB5CB45
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-97GMS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5654
Entropy (8bit):	4.783766180162297
Encrypted:	false
SSDEEP:	96:JFcr73JczW5m1RDt6n2Lt0HE1POehLacI7Uj6thr0CFtr9ZFzv6PsPLMlsvyFi/v:HE73JKW5m19t6n2Lt0HE1POehLxI7UjQ
MD5:	9226FF5E60FFC584A6B165D334FCD621
SHA1:	6F330CECE2BA145607949D37767195AD74F157B5
SHA-256:	8E1DA34D36EDE7BB421D8455D8844863354E965D8BFF7B699CC62045B4BEAFFD
SHA-512:	603C3AA30F5F033B1F577B8B9FD2A753214EBD87AA6CA31DCD4A156EB49A9D738476A5CB9DEEBFDE45CFF70C4185B575111461F28AB1BF88869B6645A5D24982
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.210000..fDecay=0.500000..fVideoEchoZoom=1.001825..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.001800..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=0.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.300000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-A8CC0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6012
Entropy (8bit):	4.824913004664128
Encrypted:	false
SSDEEP:	96:vFcre3Qnrlm1RDtTxn290HEwOeh2HzINaUlJQLtrPOtr9ZLuvNyLdplsvyFi/Dqk:9Ee3Qrlm19tln290HEwOeh2TINaUlJQX
MD5:	2EC2713F4A05C2D811BC001D4897BF5C
SHA1:	8AA8DC5D24EFBA685D8D2620BC5DD540C6C98AF1
SHA-256:	BAE6433DA47E87FD772C770F412F00324BC8F7D021DAD07DDE2FE1DFA4DE818E
SHA-512:	63E856455BFF3A956B20B4ED7D0F9676672BE5E07BE65809A175DB663D3C0AFE78D748D3FF98AB7334D729720FD751CD907AD9BF38548271ED5687B2D962AEE0
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.630000..fDecay=1.000000..fVideoEchoZoom=1.008151..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=1..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=8.311067..fShader=0.700000..zoom=1.000000..rot=1.000000..cx=0.500000..cy=0.500000..dx=1.000000..dy=1.000000..warp=0.010000..sx=1.001827..sy=1.001800..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.030000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=1.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.300000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-AOCDN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7634
Entropy (8bit):	4.9448580748000435
Encrypted:	false
SSDEEP:	192:bE73yfm1atTmFnv91RFDTMFc2SIe4j6QSr0wry7gpvO6lsvyFiGDqzwQauFiAWZL:bsyfcatT2nv91zDTMFc2SIe4j6QSr0wd
MD5:	329E6BF7F0EC4084D07556EFFEAC9EC1
SHA1:	5893C65C32A7BFD32F7C435203379B4D4E051851
SHA-256:	DD4654605DC34E033C8D195FBC08946531AD5D3AFFF88AE800CC020F4539DFFF
SHA-512:	1F07497663C0FBDE55D7D404DB727C126AFD64C2ABDC6F701637C1459448CBAD339F97749BB6714A377E8D9C24743A751DF03423C0ADA8CB9D9E1ABD9AA967E4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.280000..fDecay=0.500000..fVideoEchoZoom=1.001821..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=1.001829..sy=1.001800..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=0.000000..ib_size=0.000000..ib_r=0.000000..ib_g=0.000000..ib_b=0.300000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-EB9H6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9896
Entropy (8bit):	5.0874160606233385
Encrypted:	false
SSDEEP:	192:Y3JCsQW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvn:cJCmZR5V2nwfxmn290HEMtE9vLIkiKKI
MD5:	FE4187018BFB6E88F1AB5686435240E8
SHA1:	0450CF3C3BF18CC252492D616F0D818A0A61381E
SHA-256:	F077A9BC69917A5E1411D783488279FD139B97AB7C4942CE80787C51427ED237
SHA-512:	0A53ED534D2CEF90C28F31762EE4F433327CAEBC8602D117222A99397A22F99DE76B00AAB547E14BD84B4EB8B3FB6B24718A544E474758FE0FA275AC1491B602
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=2..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-F9M4T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9684
Entropy (8bit):	5.006651474153074
Encrypted:	false
SSDEEP:	192:wjE73JK/OGt8DRtUn2Lt0HE1POehvhShHpI7Uj6QShgnry7IolKmgMlsvyFi/Dqm:wjsJK/O/1tUn2Lt0HE1POehvuHpI7UjV
MD5:	8F2A1CC336C335204AAB4DECCBD0FCD3
SHA1:	A52AFE4EBDCCE9B6EABD2F706AF69B841E6E1304
SHA-256:	8E94D8522F7D5CB7FDBD434F133B6857E1EB977AA1C5D65075D74F1C7EC75028
SHA-512:	4F22D53DB6E045043E875447A4F1D50DC3A1FB72E0AC0FFB5B713590A705569F42AA69B5E322265EB9A2647FC7BC7C479E426EAE3B80B296E160562F62196CE6
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.700000..fDecay=1.000000..fVideoEchoZoom=2.220753..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=0.999900..sy=1.001800..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=0.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.300000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-GBCF8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9894
Entropy (8bit):	5.090996547827812
Encrypted:	false
SSDEEP:	192:i3JCseW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsv9:GJCsZR5V2nwfxmn290HEMtE9vLIkiKKy
MD5:	EFECA93C2573FAF1EE84A76ED12402B9
SHA1:	CCD2ED8D78DC1B9DCD2A82CFF25598A61F40D98C
SHA-256:	4BA6DBE77C656D7BDCD4470A91552725B2F7063008085D178ED7BBE31ED8C02A
SHA-512:	5B2E5E2B48E00972B3797B9622C3288B215F70DE0546D9BF71F0977690C807A62FF7428A229EEB0B2A0D9C15230847BD7ADD81721F7EF9EBF5B943D97C8BC16A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=5.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001827..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=1..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-HE288.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10895
Entropy (8bit):	5.106582992633673
Encrypted:	false
SSDEEP:	192:L3JCsMW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvv:DJC+ZR5V2nwfxmn290HEMtE9vLIkiKK6
MD5:	BB15E51F4BFB127EDA54C3D6A9951891
SHA1:	D386DBE3E891235803769B1D5077B5D56004654B
SHA-256:	BE2164FBB8DC42A86EC4857A7EC300BBE2C217050EEB6A2218CEEC0104DD5FC8
SHA-512:	A56B0B85D54183B7CA6B6E3944DE8B5E7527B68DBCFE07DD60DCBB32E84192E459FC389CD8A9C009BCB126AFC8B64DE68F33380C82CADD5FD32C31A372DEE3C2
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=63.936001..nMotionVectorsY=47.952000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-JI952.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9314
Entropy (8bit):	5.016341367024472
Encrypted:	false
SSDEEP:	192:P3JCsMW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvp:fJCEZR5V2nwfxmn290HEMtE9vLIkiKKI
MD5:	23C990D5CEDC6B18FE2CB59C251EEACA
SHA1:	69F1998B1D6AFA6BBC031C4534F2760276AE1E9D
SHA-256:	EACF6D3DE7C94A73B250D184490EA78C652DDA8DEC92E032F76F0F0BD6DA3E35
SHA-512:	1AEE873E5AFB6F6E2E8917C9E61A88E68C74E93AFDD21FC029DCEFD85131A531D65A8293F90D7ED600DC81BAAA02D5570428AAE4488560AAE60A4009C5A02C2E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850100..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-JSMUB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10402
Entropy (8bit):	5.110601824096671
Encrypted:	false
SSDEEP:	192:h3JCsQW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvk:RJCmZR5V2nwfxmn290HEMtE9vLIkiKK7
MD5:	CBAB845E542224852F3446936327E8A0
SHA1:	1A720F30FD9C4D2E6ADED0EBDDDCEAB3FB7D53FE
SHA-256:	4DD11D6BE30D8AB5475511723335CD87CB6EDCF3D49A5D7477263C2D4C429AC3
SHA-512:	BA9C6232494BBD678AD7A53B21B2AFB9784B827A9DB28F2F2F154E470569111620D6351EE1BDF9C48516C66EAE8870B638C4C7F0E739E0AFA0A25663C7E239F5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-KURAQ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9931
Entropy (8bit):	5.093693527902818
Encrypted:	false
SSDEEP:	192:J3JCs9W1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvf:ZJCFZR5V2nwfxmn290HEMtE9vLIkiKKi
MD5:	3CC653492F02C4B577F7316519ECF04B
SHA1:	AC94123DC2884E84FF46466B6B603AB59AEE7466
SHA-256:	E1103087DB9006AA3FF5418A5469E3C1AA015BAB6D5FC327CF431CEB4F4CA6CF
SHA-512:	8FE37D98DF42F5016C1C8E69CC31710F082690785DC52E7662B2CFDE30E9D0FB0211A76A988C725D31659A7782D58A5534E1ADE33E4A9F6BA612D4750241E492
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-KUUMV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6762
Entropy (8bit):	4.908469177499117
Encrypted:	false
SSDEEP:	192:1E73a7dYm19tHn2Lt0HE1POehvAI7Uj6thr0CFtr9Z9v4wlsvyFi/DqzBWaQ94am:1sa7dYc9tHn2Lt0HE1POehvAI7Uj6thB
MD5:	AEF8358B49AAB4DAE8AE1F22AEF99CB4
SHA1:	910D6E38DA860F0B8D1B1155A2A1F3926278743E
SHA-256:	3CF1E7EC777EF12ED66138C63D6CAC8007F9AE50469569FB217ADA67A2E81C6B
SHA-512:	42AA356D75C3853FBB3CB4A6A587083E6ABB8D20FC3EC0F5E3F163D6E4B738494ECC2AADDE050AC5F5E8A7C4D04EFEE9E49D18581ED48515AAD72136F4A64DA4
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.560000..fDecay=0.500000..fVideoEchoZoom=1.001825..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=3..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=0.001000..fWaveScale=0.625316..fWaveSmoothing=0.900000..fWaveParam=0.000000..fModWaveAlphaStart=0.880000..fModWaveAlphaEnd=1.980000..fWarpAnimSpeed=0.010284..fWarpScale=0.010000..fZoomExponent=1.000000..fShader=1.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.005000..dy=0.000000..warp=0.010000..sx=0.408350..sy=0.551440..wave_r=0.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.000000..ob_g=0.800000..ob_b=0.700000..ob_a=0.000000..ib_size=0.005000..ib_r=0.000000..ib_g=0.000000..ib_b=0.300000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-L3IK9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10226
Entropy (8bit):	5.098898578097204
Encrypted:	false
SSDEEP:	192:H3JCsVW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsv8:XJCtZR5V2nwfxmn290HEMtE9vLIkiKKf
MD5:	A88389BFA339D2A7416E7019F08D92C4
SHA1:	B1836E1FA0B62504B5E69283199E3F386ADCEAD6
SHA-256:	01B2730609D832DC3A9559A69639594A35A24368666B88A50DA5C8AE81EB82C3
SHA-512:	BFF013F20865B10C03C0B803AB467E317BDF3BCE4F1BB9EC1695B3FC58F82395F1DFBE467C90856C44755847F576C755C9FD494E4FC15A7244CDC88CE86DD5AC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-M7RLN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10477
Entropy (8bit):	5.098982863423964
Encrypted:	false
SSDEEP:	192:e3JCsBW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvR:KJCpZR5V2nwfxmn290HEMtE9vLIkiKKc
MD5:	033C17982384373B3A75B8A32D9D8686
SHA1:	CAA4807456CE1E7B26272FFE91FAC0708C2955F1
SHA-256:	7C85CBCEE66B62DBCA879ED0191317F8147DA1419ABCA44F9F10208FE51531CF
SHA-512:	FFFE8A5737506648401674CB97E5F3D468CD995474EEE873B6481B829AD55AB94DA83F2D3FC4AB2EC7D6DCAFAA7E21D6BE6D9BC275547CDAA50551FDA868217E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.015000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-PM9LG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9896
Entropy (8bit):	5.086931481569724
Encrypted:	false
SSDEEP:	192:j3JCsiW1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsvp:bJCgZR5V2nwfxmn290HEMtE9vLIkiKKC
MD5:	B8D412B955E49549D14ED9F3ACE6C04F
SHA1:	C1882C31FF9F781B87E82EA6B7C39F95699421BF
SHA-256:	8B7E533DE945AED9150ADB04131314100D3A360D62CF405D924803B0A62DDD5F
SHA-512:	88F6924AD5158E17DB1A2CF4B29FD35C5684E4298D5932361BB0FC22089FECB86A589A7B5419152ADD8C40AFFCA2E9231238F4CD812BC3650E16139D2D981A4A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.005000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=12.799995..nMotionVectorsY=38.400002..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\phat\is-SL607.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9219
Entropy (8bit):	5.011673822548755
Encrypted:	false
SSDEEP:	192:43JCsI/W1rNwoewH12nwfB3mn290HEMtE9vLIkiKKTQLQ7OyrCImtvdFTdH38lsM:8JCWZR5V2nwfxmn290HEMtE9vLIkiKKT
MD5:	227FBAA6EAA7D75A4A1E6529A8FAAEBB
SHA1:	5A8DE788E3205DED9310F20CFB6C5CBFF6636B6B
SHA-256:	0EFA91387694AF72EA35DD6BF9BCFB606FFCAF3ECEBF853506DA154C60D01F98
SHA-512:	16D687977EA04E3C6527364F5B8E46FBF64E1CC91A5DD49ABEA4FAE800BD2524074A7FEBB07157CD46BD541F179140BA7E413A48291E32A7BCDC4396C730D24E
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.925000..fVideoEchoZoom=1.001829..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=2.850136..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=0.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=1.000000..ib_size=0.010000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-01PA3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	19299
Entropy (8bit):	5.192039852531161
Encrypted:	false
SSDEEP:	384:prJgiMTaZPtJpfEOv91HFMtE9vJIoYa4jj6QSQCnyrCI/vPTd58kNvrFbGDqzB2R:RJhztJpfEOv91HFMtE9vJIoYa4jj6QS3
MD5:	B38CDD9F1885CEC4AD0BC87155E35A75
SHA1:	2E3AFE5F7752894ACAA44544545BCDFCCB81EBD0
SHA-256:	808A7C8B39DE0EFFFAC4F78C3F877CFDC125FF51DF1D78185F580C7A6D5D4C96
SHA-512:	E9A9F02AF0CDE785D5D9588B166CB059889A34FCC00B073C9887CAD45177D58A6E23AFD5F129937A05C3692661006D8EEED42A3192F72646BB018DE60481F6AC
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.700000..fDecay=1.000000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999510..rot=0.400000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.050000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-3MHBT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10111
Entropy (8bit):	5.036817001108676
Encrypted:	false
SSDEEP:	192:d3JgZyosRUv8a2BSkBhQtME1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHu:1JgYd7J6FtJpf7mOv91HFMtE96XIoYaU
MD5:	4430FECB886DB4829C3ABCD26313A793
SHA1:	0639C233E9123C29364149C580E3E17B1AD6E4A7
SHA-256:	CC2E2D6EB3117E3416649EBDC04BCCFAAB5353A4B59C0551EE940B8AE3A4F825
SHA-512:	60645ACA7FADCBD43CD1E85C2BAF114AB6FF228EA3C7B336CE6B3192FA8245399BD30BC67DB674406154773F60F182CD8B66D637FA10103C2DAF0EBD5BD8F40B
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.108925..fShader=1.000000..zoom=1.104085..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.600000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-4R72H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9149
Entropy (8bit):	5.051429085248897
Encrypted:	false
SSDEEP:	192:kgWCnoXjPCQmRQCt8pN6tqmn290HEMtE9vhIda4KK6QShCnyrCID0NWvpd5dkNvE:kgR2mHwetqmn290HEMtE9vhIda4KK6QA
MD5:	23C4623277DC24413D230FD8900B8BEB
SHA1:	FA90FF532931947569E60E2306D009FF9A769003
SHA-256:	D5C1692CE614279BACE29A12512E95B4AFB3D2CCBE6E0FB5AD103530609C605E
SHA-512:	E9A17C4B2BB33728ACAD2281B4B7C32BB26E0C5F23124F76658B38C9C0AB8D4CD7C2CBD16C6457CF381FC019C6CA94B36B5A4AED45651C8C2D9C8E0FE58DD3E3
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=5.428738..fShader=0.000000..zoom=1.009509..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.162174..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.010000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-60RK5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14089
Entropy (8bit):	5.077418181732513
Encrypted:	false
SSDEEP:	384:MJgG/mjFn290HEttEcvCRTIKTQLQ7Oyr7Ibs/nlsvyFi/DqaBjL3K4JyRGBIghhg:MJN/mjFn290HEttEcvCRTIKTQLQ7Oyrd
MD5:	4B8C0AE26E5079F770A105B59CD19BEA
SHA1:	78D52941BD098829D38DBF59746910DB61BF9B9A
SHA-256:	58AC8B7DA1471B12FBBC89ABABCE48C714524A4D6A4A0B92D93CDFFFBA7C32B8
SHA-512:	420D682057A63E098A25C9D05DD73C7E4A56453293D55F880749EC52C9B6BC581207F8C45F51239555362FADBD028C538E3A87143B518AB5B51ABA4CA4A29927
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.980000..fDecay=0.950000..fVideoEchoZoom=0.741631..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=1..fWaveAlpha=4.099998..fWaveScale=1.157176..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.842831..fShader=1.000000..zoom=0.970113..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.050000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.004000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-8FML0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	16862
Entropy (8bit):	5.203888734931201
Encrypted:	false
SSDEEP:	192:nH93s3esq53bACRhRuC3TLzZgGwc/CIHQBmH7yYBotL9z:1sqpBTLKgC4XuV
MD5:	46E6B6C8CD7F5C0D595B664E6B6C8502
SHA1:	5DAE7F253B79086606A12BE341A362B8AA57B20A
SHA-256:	18F05D7BFBBF8340DAE15B3C5DE45AF5C28478E4402F65B5DEC158AF2E5CF77B
SHA-512:	94A367A8C076EF489A517ABE14C939D206A7F9D05A43B5D5552B621FB234F92252D61A50460272F1A8A6DF38F0DDB52B442A89DCCEDA7CD1CC714EAE84785D5A
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=5.000000..fGammaAdj=1.0..fDecay=0.5..fVideoEchoZoom=4.946229..fVideoEchoAlpha=0.0..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.0..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1.0..fWarpScale=1.331000..fZoomExponent=0.999835..fShader=0.0..zoom=0.999512..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.010000..sx=1.0..sy=1.0..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.5..wave_y=0.5..ob_size=0.5..ob_r=0.010000..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.260000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..wavecode_0_enabled=1..wavecode_0_samples=512..wavecode_0_sep=0..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-90E27.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9961
Entropy (8bit):	5.031313653458147
Encrypted:	false
SSDEEP:	192:C3JgPwosRUv8l2BSkWhQtME1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHe:mJgIdcC6FtJpf7mOv91HFMtE96XIoYa8
MD5:	863437CFC16A66046875F616B04AAEA3
SHA1:	5CCDEB999066527402A1FEFF232AB917E7C3E2C4
SHA-256:	62FEF1E6919165AAFB692C9472041CD7AC6133E5BBB95F83C4217AFD8210454A
SHA-512:	A501B51839B9F8F18137DBC8FE35E7DF33681CFBCEF6BBAAAAC56CA69ECE9E263412BC9A032D6FE7F3A117647493CB20F9F210B5A7C75400D7FAD11404FFD019
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.108925..fShader=0.000000..zoom=1.104085..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-A4537.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12152
Entropy (8bit):	5.112670721706953
Encrypted:	false
SSDEEP:	192:73JgsQ74BVctwfGOv91uFttE96FlkPdIYaEK6QSQCOyrCHF5AtLPv8dKlNvrFb/a:zJg/7twfGOv91uFttE96gIYaEK6QSQC+
MD5:	A3BCF67DAA861C901F6D50184F578E0A
SHA1:	6B8D4FE3F68AF4905131163CAC8D60C1385968D9
SHA-256:	86D37935FAE549E94862B2F5E9ADC28BD29C0A55EECA4477CDF6627632CBFF00
SHA-512:	2CD5F0DD3DAA6EE314676EF938DB8177EAB7B5FBF2DB7322DC53A2EC1D3D81E3E3A839DBB4A12A166271BC15E92AD53F8D9761D180C726685881DBCC15A7EB83
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=2.960001..fDecay=0.910000..fVideoEchoZoom=1.347319..fVideoEchoAlpha=0.800000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999513..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.000000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.000000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-CO769.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10018
Entropy (8bit):	5.033138559677862
Encrypted:	false
SSDEEP:	192:r3JgPwosRUv8l2BSkWhQtME1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCH/:jJgIdcC6FtJpf7mOv91HFMtE96XIoYa5
MD5:	6D91C98ADAE69685B5B1AAAC991F4DA9
SHA1:	67CF1B54687F6B3C747CAA7107F1584858C0FFF3
SHA-256:	84B1BA245CF5A2BB9BAB05C798697808ED44E704EC28656A93C471C7DC680DF5
SHA-512:	CD2EAD68F7FF62EEF0FA49E8580C1E0B5280FE25324C4BFD561777FC7B7BDFBBA9B873519A0B0CBB1BC9C3335CD66F08FB755F6432017DF74F672E231F3F27CF
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.000000..fDecay=0.950000..fVideoEchoZoom=1.006596..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.108925..fShader=1.000000..zoom=1.104085..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-ES736.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11711
Entropy (8bit):	5.078023145438744
Encrypted:	false
SSDEEP:	192:E0n4gPwKt1e1ntef7mn290HEttE9v2ElCa4KjTQLhCnyrCHF1vdFTd58kNvrFbG6:EhgIKt10ntef7mn290HEttE9v2ElCa4u
MD5:	9C6F4279E937351297F9EADC6E1BA951
SHA1:	5A5315DD434750A3F960E22AA51255DD6DBE3A25
SHA-256:	8E725218D335C348A50391D07AD30186DC3091E6F6D7B7C7C56865AACB9F2483
SHA-512:	B3FDE7FEFA8F744F3FCE66DE2D433BF34EC5F1411D8A61D07222EBF1F7465DA8B8419FE36634E9D50EE438F1814649BAC98522F50376133BA190E87DB22B6872
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=0.900000..fVideoEchoZoom=1.104100..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.259900..cx=0.320000..cy=0.289900..dx=0.000000..dy=0.000000..warp=0.011046..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-FFKRD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12443
Entropy (8bit):	5.125502662381909
Encrypted:	false
SSDEEP:	384:u7ppYAhl7tPqmn2c1uFttE9vXIoYa4jj6QSQCnyrCl1vPTd58kNvrFbGDqzkDaOa:ulP7tPqmn2c1uFttE9vXIoYa4jj6QSQM
MD5:	ED51BAFDEA0A7292BD4099AD74D27F38
SHA1:	D8E3FBA86E81595F5E8D151F44FF42F29DB6311B
SHA-256:	341FA442C76E237C84FFC0D610EE6D06B95A1586E43441D3280EA5E6BEC2ACF7
SHA-512:	7B3381B6CBB7A43947EB29A9E0FAD2C932F0F718FF7CD7ED4C98ADECC4D3B93A92945F9DE4838837073A7D82DD60C90619A667635E52B78680DC9AEED06EFAAB
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.350000..fDecay=1.000000..fVideoEchoZoom=2.144269..fVideoEchoAlpha=0.310000..nVideoEchoOrientation=3..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=-1.000000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.721420..sx=1.000000..sy=0.980296..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.500000..ib_r=1.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-H2KGO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13958
Entropy (8bit):	5.200875963285419
Encrypted:	false
SSDEEP:	384:rUJfkAbTGFMjtwMO290HEMtE9vpIpakdKTQSQ7nyrCI1v9dljkHArEbGDqzB7Da0:rUJbtwMO290HEMtE9vpIpaCKTQSQ7nyY
MD5:	F6F41349C3153F45BF3C6A65ECD16AB0
SHA1:	87D2E034EC5290C79654FFA01A5D7384D5EFBF5E
SHA-256:	0EEA9B96F81A645A17330E7445AAAB5AC4BFEF3DEF3EAFE5A845D549E7CE5860
SHA-512:	1B281A024C188A7ECF54A9E18C0A57BBA123CA68AA7FCB02522DDB96A4FDD15119655981B450E39D919F0D99ACA5288C302F6FF2A34BDF755C0B7813D831BE18
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=0.999797..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.004538..fWaveScale=0.167026..fWaveSmoothing=0.000000..fWaveParam=0.000001..fModWaveAlphaStart=1.000000..fModWaveAlphaEnd=1.000001..fWarpAnimSpeed=1.000000..fWarpScale=0.106584..fZoomExponent=4.100456..fShader=0.000000..zoom=1.000000..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=1.000000..wave_x=0.950000..wave_y=1.000000..ob_size=0.005000..ob_r=1.000000..ob_g=1.000000..ob_b=1.000000..ob_a=0.000000..ib_size=0.000000..ib_r=1.000000..ib_g=1.000000..ib_b=1.000000.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-I6COH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	31060
Entropy (8bit):	5.162412986614949
Encrypted:	false
SSDEEP:	768:3J8U5B3y2CSYvjRqEEMtMn290HEttE9vjRIKTQLQ7nyrCIovV9t9OvXci/DqakZT:3J8I3ISARgMtMn290HEttE9vjRIKTQLs
MD5:	206EA51D6471979306CC2D83DB555DEE
SHA1:	A1FA303649010693CDD48EF0BDBF6DB8D0AB4B3D
SHA-256:	DF3A6FB147142843F869231DFD7A5120EB0CB7CE225D279A9ACE77D831F8D364
SHA-512:	18F027D4563B9D3BFE851B3D5957A3F797098EE6A9AD5ACC115236E455D6962F7C3D22964439FB2AD4EC3ECA1623863DA9648EE7A957DDD7E69610105036041D
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.998789..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=1..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=11.200613..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.540000..fModWaveAlphaEnd=0.000000..fWarpAnimSpeed=0.010000..fWarpScale=1.331000..fZoomExponent=2.216699..fShader=0.000000..zoom=0.999922..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.020000..ib_size=0.500000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.020000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-J3PVB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7794
Entropy (8bit):	4.9982359770638825
Encrypted:	false
SSDEEP:	192:7EgMM1LtNf7mOv96u4PPtE9vuaDKTQSh7OyrCIbvZdplsvyFbGDqzBwA74aSyA/S:QgZLtNf7mOv96u4PPtE9vuaDKTQSh7OK
MD5:	24E4EB86F2319A4085AC120A203F86A9
SHA1:	401C5FAC95628FA861D201D78CF32F216B676E48
SHA-256:	A0779BE2BCAB9AA455AC320B17C7DA7E957BEF6D07FE27165608036D9A41970D
SHA-512:	4E4D3F2C955E3B95D4057C4A7CB3EDE998EFD964DE9E17547972AD770FAAA26778ABD2D8DB2E6B44078FC295F0037401DD8638C22295243EBD9B905E22E76098
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.940000..fVideoEchoZoom=1.104430..fVideoEchoAlpha=0.850000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=0.010000..fWaveSmoothing=0.630000..fWaveParam=-1.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=0.796895..fWarpScale=1.331000..fZoomExponent=0.741798..fShader=0.000000..zoom=13.290894..rot=0.000000..cx=0.500000..cy=0.500000..dx=-0.280000..dy=-0.320000..warp=0.094414..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.020000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.050000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=1.000000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_d

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-JN0E3.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8098
Entropy (8bit):	5.004904081000866
Encrypted:	false
SSDEEP:	192:p53JgPwZyc+F17trf7mOvj0uFMtE9vDjIGakKTQLQ7nyrCIfNaGWvLn8lsvyFiGi:pJJgIZyt77trf7mOvj0uFMtE9vDjIGaP
MD5:	4C6C601B00CEE2D6424B3E5E56137115
SHA1:	E1726BA1C1D114F8925C44AC21F03EE0495C39F4
SHA-256:	3D10EA4C0A28D9049F4965C145F20F554151A632E398ADB1C15AED624081D3D1
SHA-512:	45589D44842D2194DE8B94B30E33D3EAA6F00BB72ECFA0E23B99CDB5908DD8E34E0CC9E016F6A7E06363E16B486ADA4176EACD00E7E7634FC6E9265AEC9D1EC7
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=2.000000..fGammaAdj=1.700000..fDecay=0.980000..fVideoEchoZoom=0.999609..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.644619..fShader=0.000000..zoom=1.029800..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-K1670.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10011
Entropy (8bit):	5.007114763101438
Encrypted:	false
SSDEEP:	192:wo3JgPwZSkvBgJxvW2YCvL1FtLFpf7mOv91HFMtE96FXIEFYa4jj6QSQCnyrCHF6:wsJgIdvmFtJpf7mOv91HFMtE96XIoYa2
MD5:	3ADC4ACA1F09C840D35194D7896DC429
SHA1:	4D087E7DF4CF9C988F16CE0C738FAD5BB8D3988B
SHA-256:	16889FA42A9B7ABDDAB4D93980E4475FF3F63937F26AC5E4C1DEB17AA4FFD5E0
SHA-512:	EC156D9F5DA44660F19038284C01D1BB0F1CDBB82FEF294DF58D355B8F7C85C07E0FDE9D4C92F07AAAFB556FEA3307B0F25F9B22DB65C46746E8E773C17A6D71
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=3.000000..fGammaAdj=1.700000..fDecay=0.950000..fVideoEchoZoom=0.999608..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=1..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.010000..ob_g=0.000000..ob_b=0.000000..ob_a=0.000000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-MB9VL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	29732
Entropy (8bit):	5.149568487449266
Encrypted:	false
SSDEEP:	768:bJbQh2rAdKMPMn290HEttE9vHRIKTQLQ7nyrCInsXlsvyFiGDqzBUah4JyRGBIgO:bJbSWCPPMn290HEttE9vHRIKTQLQ7nyf
MD5:	E0FBB6929825342FAFB6E93EB1893109
SHA1:	FE95720F5494B0FE36ED48DE80312750BE3645FB
SHA-256:	179678E6594C5EC3DC5BB94C38A10B46AFA3EC8933E9915B0EC6108DC94EDFFF
SHA-512:	CBF929F1B3880B09DF032187EF4A1EFC84187513909D219A540A2CCE256EFDF0E50567871D6A4741EF93B9910FEBA78A174AA0F6089659CD747AF2CCF7EE0AE1
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=0.500000..fVideoEchoZoom=1.000000..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=3..nWaveMode=1..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=11.200613..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.540000..fModWaveAlphaEnd=0.000000..fWarpAnimSpeed=0.010000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=0.000000..zoom=0.999922..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=1.000000..wave_g=1.000000..wave_b=0.000000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.020000..ib_size=0.500000..ib_r=0.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.020000..nMotionVectorsX=12.000000..nMotionVectorsY=9.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-OTQNB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7448
Entropy (8bit):	4.935425353859409
Encrypted:	false
SSDEEP:	192:c3JgIP2rw53tPqmn2c1uFttE9vXIEFYa4jj6QSQCnyrCHF1vdFTd58kNvrFbGDqs:IJg9CtPqmn2c1uFttE9vXIoYa4jj6QSs
MD5:	B4C2AED7F6918A468BA89D727EE98525
SHA1:	700F1DC61F14226DECEF14A5305E175FFB8314C3
SHA-256:	4A841C9A5B2127CAC388618BC6319AD30F10D35974C8C1049748F64DE90051BA
SHA-512:	C363492319D86BD561B612FFA7CA08C2D5F980DF7ED69590F7299974D22C438B05DDFB53483EB0376E6ADF1391470394AF63680153A9CC59540C9774390309D5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=1.000000..fGammaAdj=3.869999..fDecay=1.000000..fVideoEchoZoom=0.996630..fVideoEchoAlpha=0.500000..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=1.000000..fShader=1.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.500000..ob_r=1.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.050000..ib_size=0.500000..ib_r=1.000000..ib_g=0.000000..ib_b=0.000000..ib_a=0.050000..nMotionVectorsX=64.000000..nMotionVectorsY=48.000000..mv_dx=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-RTU2L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8923
Entropy (8bit):	5.214958400465844
Encrypted:	false
SSDEEP:	96:8+eMrVx9O6d5qi1i/lmUUOdM6t5mqlnDN/wGd9T/C6I4kD8iVA8xso68ZFFa6ZJs:r/9Om5qi1idmhOS6tb8wgswZL32pq07
MD5:	5F689375E824692C8A739BB7E7EAB79C
SHA1:	48CD371BAD7CA870DFB804ACAE2A61F717582465
SHA-256:	9ADD4EE2F5536B68CF6C1B9B1934A0A509AE9BB511E78445453801CFE79A42E8
SHA-512:	9B8030134297D0DB8E856B0F947FF7538CAFF49960157DACC5170E87680AF889C82224B365B5180B2038B51FD59EAD840713AE164310B4C73BA3E659FBBFA657
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=2.4..fDecay=0.975..fVideoEchoZoom=1.051..fVideoEchoAlpha=0.5..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.0..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1.0..fWarpScale=1.331..fZoomExponent=1.0..fShader=0.0..zoom=0.85235..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.01000..sx=1.0..sy=1.0..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.5..wave_y=0.5..ob_size=0.5..ob_r=0.010..ob_g=0.0..ob_b=0.0..ob_a=0.0..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1.0..mv_a=0.0..b1n=0.0..b2n=0.0..b3n

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-UD7PD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15393
Entropy (8bit):	5.23459335696819
Encrypted:	false
SSDEEP:	192:rcN3skhNsVakfwWWhi/Rvr76jYoCgws/gFjCre6oK1a:rsskh+IWXvrupwpF61a
MD5:	FD4D0242AA003D312482328241916D11
SHA1:	064D1DC348A77F47F0ED2E8A3B66A3D3E633E743
SHA-256:	EC8B1340EE6CD99A6EB1C297791230255F72E2CCD153583591FFBFAB881B3299
SHA-512:	F9B68B2CA74626546114B33CBEF7C97AAE72CBA78E17987EB7FBDADB7F243C27A800FF0FF73D4241DC260B1A30B057F166374E9440D199F6F3C83655FA1C5CED
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=0..[preset00]..fRating=4.000000..fGammaAdj=1.0..fDecay=0.9..fVideoEchoZoom=0.999607..fVideoEchoAlpha=0.0..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.099998..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.0..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.3..fWarpAnimSpeed=1.0..fWarpScale=1.331000..fZoomExponent=0.999836..fShader=0.0..zoom=0.999511..rot=0.0..cx=0.5..cy=0.5..dx=0.0..dy=0.0..warp=0.010000..sx=1.0..sy=1.0..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.5..wave_y=0.5..ob_size=0.005000..ob_r=0.0..ob_g=0.0..ob_b=0.0..ob_a=1.0..ib_size=0.260000..ib_r=0.25..ib_g=0.25..ib_b=0.25..ib_a=0.0..nMotionVectorsX=12.0..nMotionVectorsY=9.0..mv_dx=0.0..mv_dy=0.0..mv_l=0.9..mv_r=1.0..mv_g=1.0..mv_b=1

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\shifter\is-VOAGD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13855
Entropy (8bit):	5.145269122851786
Encrypted:	false
SSDEEP:	384:xJgZTi0/C/DtCf7fOvk1uFMtE9vBI+/jK6hLQ7syy7IXzuvBdX8lsvyFi/DqzwYY:xJUTzStCf7fOvk1uFMtE9vBI+/jK6hLv
MD5:	32CB5E08351035E533C65520160C8786
SHA1:	69BFABAC0AC41081D4D87E07073BD77B5A566A9A
SHA-256:	8DE6F66658AA8A23ECA9319FC8BB4F980AE2689E98D51DCEA9F0BFA4C1F9260B
SHA-512:	5765B35E0B2228479AE733AE05C1825369826A6ADFC44C2AFE4EB4C5D1B402987EA87A78B947DC7A919657DF51C77801FAAB654BA69433BF3987615BDB28DED5
Malicious:	false
Reputation:	low
Preview:	[preset00]..fRating=4.000000..fGammaAdj=1.000000..fDecay=1.000000..fVideoEchoZoom=1.999894..fVideoEchoAlpha=0.000000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=1..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.001000..fWaveScale=1.285751..fWaveSmoothing=0.630000..fWaveParam=0.000000..fModWaveAlphaStart=0.710000..fModWaveAlphaEnd=1.300000..fWarpAnimSpeed=1.000000..fWarpScale=1.331000..fZoomExponent=0.999900..fShader=0.000000..zoom=0.999514..rot=0.000000..cx=0.500000..cy=0.500000..dx=0.000000..dy=0.000000..warp=0.010000..sx=1.000000..sy=1.000000..wave_r=0.650000..wave_g=0.650000..wave_b=0.650000..wave_x=0.500000..wave_y=0.500000..ob_size=0.005000..ob_r=0.000000..ob_g=0.000000..ob_b=0.000000..ob_a=0.300000..ib_size=0.260000..ib_r=0.250000..ib_g=0.250000..ib_b=0.250000..ib_a=0.000000..nMotionVectorsX=6.399996..nMotionVectorsY=4.800006..mv_dx=0.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-101PH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8393
Entropy (8bit):	5.215302619094062
Encrypted:	false
SSDEEP:	192:rCnVjM9R1dZ4amYCKZBLn5BF2/DYx2CGhI5M:rCnG9R1dZ4amYCw/KYx2C0I5M
MD5:	781AB6C50016BF4478C29CC06CFDEF91
SHA1:	562A76322F33F1DB81D3946130BB3C74135E65B2
SHA-256:	FE615D4F5B38F09F5112279A9F40EB5E2CC4619FFD3963AA3EF8D076967706EC
SHA-512:	3CB4CA5717DF7A1404F1893622AAFBB81BDCB0AC927B7AD9920F51A3AAB6684E16CC43F6D18D7A459F80825ADFEE2F424EAFD1CB9AAEE1C7C83754B7E4DB672C
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=2.000000..fGammaAdj=1.000..fDecay=0.500..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.311..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.000..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=0.010..fWarpScale=100.000..fZoomExponent=0.19913..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01359..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.700..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=1.000..ob_b=0.000..ob_a=0.030..ib_size=0.500..ib_r=1.000..ib_g=1.000..ib_b=1.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-131I8.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11722
Entropy (8bit):	5.208615926345122
Encrypted:	false
SSDEEP:	192:rcr8L6Re9RTjraOgei2nbLTmYCKJXZGbnBo0N/KACU18H2Z3o76M7:rcr8Qe9RTjraOgei2nbLTmYCqJGzBT98
MD5:	729C3DF1E3F072F45F16F4692D2776F2
SHA1:	4B1B26DC49E98377D41CFAC0AEC31021792977A3
SHA-256:	CDB9AB1ACA180EAB244CD20FFBD4B7936965D538AA8A8C9B3FFF4580FD9FE5B1
SHA-512:	EFEEB57ABD850C6AD589DF259B968BC8A0BA5713C1800D295956121729E9A3063901A7C0A0E5458B6F9A4A56EAFD046C46EA1FDE808F5CF2FB59EB529487588E
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=2.630..fWaveSmoothing=0.360..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=9.861..fWarpScale=16.217..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=0.100..ob_b=0.000..ob_a=1.000..ib_size=0.050..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-213AR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12188
Entropy (8bit):	5.2599662251580686
Encrypted:	false
SSDEEP:	192:rNrakxsoL9RCLJKAOg9AgHZnbjZmYCKJXZGbnBo09AwULP1XPU17HGg0Ijhb9Dyd:rNraiL9ROKAOgJHZnbjZmYCqJGzBT9ta
MD5:	496359A4721D7C346A05AC94106736F3
SHA1:	31294F617C4922EDCCE4F4D18D5B4F38A8A21868
SHA-256:	B0AC4982240696F2E1E837CF7B4B9929C953ADA31AF43FE912D59D5B082B2E8F
SHA-512:	47924591D65C21F7C9ABB9CCA069EE696AC59BD733F64251D54B2708A552AF8BC95F8D9B94327864D4D82F5A315E325E61B21B68A9F7860BE80CB6D201515528
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.500000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.640..fWaveSmoothing=0.270..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=9.861..fWarpScale=16.217..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.960..ob_size=0.020..ob_r=1.000..ob_g=1.000..ob_b=1.000..ob_a=1.000..ib_size=0.000..ib_r=1.000..ib_g=0.750..ib_b=0.750..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-362OL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6913
Entropy (8bit):	5.122257177744542
Encrypted:	false
SSDEEP:	192:rWDaddc5qV6nL9RdAOgwZnbXmYCKr/8c42ZtXtbtptmERY:rXdiL9RdAOgwZnbXmYCATdBn/RY
MD5:	E25AD36B1DAE5DDCC522BB56F1DE194B
SHA1:	BC57FE07F223E7A241CD2C41EDD957E9FAF3A4D4
SHA-256:	58AA702A8900B3E5AD758AEE1589564DBAC58E7A0BC929C86B947486D36615C7
SHA-512:	B09362F1E2802615DC5E7385DB0424AF572AAF8870FBF5B567E9ED8AD02C9032B556F8D3931D7D9D1DF348C0F27D579E78B9B8E2736C6A7E94770A520EF0D1C9
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=0.000..fGammaAdj=1.140..fDecay=1.000..fVideoEchoZoom=1.002..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.577..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.240..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=32.544..fWarpScale=9.738..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.000..ob_size=0.005..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.600..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=16.000..nMotionVectorsY=16.800..mv_dx=0.000..mv_dy=0.000..mv_l=0.15

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-5L897.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7416
Entropy (8bit):	5.131018922043477
Encrypted:	false
SSDEEP:	192:rIqy5qq6nL9RdAOgwZnbXmYCK01CaHfILd/7L:rIqtL9RdAOgwZnbXmYCX1l21L
MD5:	D60C740E0653C6DC1EA83353A1F5C1D2
SHA1:	15C179C46FAFCB1A78E5EBF75E2B287C5C9EFC71
SHA-256:	4945326D00A65F84269BCD3325538F0BB9AF1DA2FF0A7B2B270D6857BF42ABD2
SHA-512:	C908ABE6B9295B8F1478A1E5D1AFB07F2A3D45D1868188EC23EA6ED57BEFF9BA63B15AAFD7FBECF9DB2D40EEEE1E7D39E3D94B12A20F92B7B67082ADA52EC439
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000..fDecay=0.990..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=5..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=2.965..fWaveScale=23.563..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.830..fModWaveAlphaEnd=1.150..fWarpAnimSpeed=1.000..fWarpScale=3.138..fZoomExponent=1.00000..fShader=0.000..zoom=1.05300..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.26300..sx=1.00000..sy=1.00000..wave_r=0.490..wave_g=0.490..wave_b=0.490..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-6QMIJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8629
Entropy (8bit):	5.19313906777355
Encrypted:	false
SSDEEP:	192:rBvd8+5qxV9im0XqWHAOgwZnbXmYCKOWKvI22ZtXtbtptmY:rBl8CYWHAOgwZnbXmYCHPvIJdBn/
MD5:	E4E726D3FE3239ADE08014AA228E0662
SHA1:	876819111115382633AA847037A0844D5B2E467A
SHA-256:	C84DA525E9FEB1B22B593F36558A8C8D8E7A396F558AF039EC84BBD7A980D8E2
SHA-512:	C605FE09AB37E4D6A843A1D0B2D9864624E521AAF60FD5D52A3B7A7C3B36326EA6CD948EA9DF0DFB5F7414F2CE25184B4737AAB67DD75791926CFF671679FBE6
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.25486..fShader=0.000..zoom=0.97012..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-8B4US.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8283
Entropy (8bit):	5.2080218297034735
Encrypted:	false
SSDEEP:	192:rRpDdo35q9kLu59R1tmeAOgfnbSOpAmYCKXbvHIO20Tkz:rRpRob29R1tmeAOgfnbwmYCaPIQE
MD5:	50203BCB475B4A040808A502BBD47A93
SHA1:	3B2B5AD861D8D37861C0A27A607E864792AFCAD0
SHA-256:	A11176BA033FDCD0E6F77C62A81820784F3D0C4D622575C8E483C1E6CB862B43
SHA-512:	2DF315CD911AD86F44ACD4381A1E8ADCFDF476A40E53B9B7A07C0743AC94CEF1A3B8709A4828D32094365DCB771B16726AA709FC6FECAC5644BBE44BDCC1DA7D
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.880..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=100.000..fWaveScale=0.590..fWaveSmoothing=0.000..fWaveParam=0.700..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=0.42000..fShader=1.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.00

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-9E62S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	26473
Entropy (8bit):	5.163663403935307
Encrypted:	false
SSDEEP:	768:rmcv4Rju9RAOgwZnbXmYCzNzJgQLc2nNER:6s9RAOgwZnbXmYCxze
MD5:	FD56279AD850D3AA87454766302DACF1
SHA1:	613E8BF4D0AFFA05643DF8CBA4CD4D2034345C19
SHA-256:	7D5EAE139A2915B31A82A08BFD10C0280BC9794A111C2F564BAC56E4F1FAEBD2
SHA-512:	302BA7366A9808C3DD913F37C9F8B8D68E5DF595A0BC139AEAF9641A6101D9E57354D29DC6A1BBE5999BB7C453A251F3B29527C2616516216E14FCD89B0BCD72
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000..fGammaAdj=2.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.905..fWarpScale=0.010..fZoomExponent=1.00000..fShader=0.000..zoom=0.96098..rot=0.08000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.250..ib_size=0.180..ib_r=0.300..ib_g=0.300..ib_b=0.300..ib_a=0.090..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-9JC75.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7532
Entropy (8bit):	5.155129317370052
Encrypted:	false
SSDEEP:	192:rL4R3r5hHnuR9G4AOgwZnbXmYCKmIGR4Zg51ia:r8dr5hg9tAOgwZnbXmYCKvJa
MD5:	9E73FB16743551CE3178D8D84B08C7CD
SHA1:	C1C6A9DF19EF3CDF6185C5DFF16443AF722DE21C
SHA-256:	1BBE68D9E40AF25532A51281DD8B67CD85579B86EEF8AA3DD53F590E19FE9FE0
SHA-512:	F46CA29AEB737CC6E1FB17ACF29C19FB76464832C00FA4F26FC9848E561A2CC11ECDF6B8690E47C887A23E279A18556ECCFE13A8C962B1A9F2F8727D89DA344F
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.985..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.000..nVideoEchoOrientation=3..nWaveMode=4..bAdditiveWaves=1..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=0.331..fWaveScale=0.898..fWaveSmoothing=0.108..fWaveParam=0.100..fModWaveAlphaStart=0.720..fModWaveAlphaEnd=1.280..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=1.00000..fShader=0.000..zoom=0.96190..rot=-0.01000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.540..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.500..ib_g=0.570..ib_b=0.400..ib_a=0.000..nMotionVectorsX=24.800..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.160..mv_l=1.500.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-ANB10.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7766
Entropy (8bit):	5.136527916960875
Encrypted:	false
SSDEEP:	192:rjrA26Y9v+IZnbemYCKqWGCHlSPG2LvLLu2G:rjrAI9WIZnbemYCiH4umw
MD5:	7C5FB9B8CE1CFFCD6A7F4100A8DA15CC
SHA1:	0DD5F8D78FF6943AE0CA9336D6B157150BE403DC
SHA-256:	6E1B2071B1DFACBC2CC61FDE64D9036DE6596603F29D4D0AEB65BB83CB9A9E4B
SHA-512:	B3FC6CA024DA1114CB42BBC931AE4A2D290E69ADAE8304A0272442509AF7EBD4FD21903AFF2BA9E31F068D3D1056E207FEF294873047F5CE514494D74452F222
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=1.000..fGammaAdj=2.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=2..bAdditiveWaves=1..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.100..fWaveScale=2.850..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=0.99990..rot=0.10000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.100..ib_size=0.500..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-CGMCJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	14046
Entropy (8bit):	5.282410493862382
Encrypted:	false
SSDEEP:	192:riH0+5qSZkLWj/a07euD+COv+9tpJyZSPnVor0xPa9eGy392ZtXtbtptmGS:riH0aeY+COW9Agv3seGy3kdBnrS
MD5:	D81AB09257A1BBCA870E5AC9468C884D
SHA1:	6BB455F8E1C55B533EB469D61D22448B6F9B9A0E
SHA-256:	8F92DCDE1FF066DD870B663F172BBB737FFC06F86627810DD9EDF86DC0AA8AFE
SHA-512:	6180C5E2F6DA6163F0752AACA68555B8419B1A30FF86930C06A791BBB13CACFD743EDC48D77087660D9B9B800804B0C8841B2AEBF0EC6F79CC65F47B0FA989AF
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.003..fWaveScale=2.713..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=1.200..fModWaveAlphaEnd=1.200..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00909..sx=1.00000..sy=1.00000..wave_r=0.440..wave_g=0.400..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.850.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-ETBAB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8261
Entropy (8bit):	5.189780275732437
Encrypted:	false
SSDEEP:	192:ret+dlh5qq6r9RxaOgMunbabYCzNfldEtF3kRU20TEP:rewl49RxaOgMunbabYCbdEtF3k8EP
MD5:	E9361E525DA83A072943955C524C3404
SHA1:	5436C1E619A728860160CDD12E86000F974F5F15
SHA-256:	E5201C78FE760B86A845E27CDFF17B6DAA9C11D028D98339872ACC6159F82A7C
SHA-512:	2F1A26063043028EB282C603A35E6B1B1D38F1A53B086BC0FA8806F03989199EDD2BE027FA690E18883B420E7EAB8097CC1F008096D3EAF8571A18C2C5A9E6FD
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=1.700..fDecay=0.955..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=1..bInvert=0..fWaveAlpha=1.059..fWaveScale=0.706..fWaveSmoothing=0.126..fWaveParam=-0.280..fModWaveAlphaStart=0.810..fModWaveAlphaEnd=1.350..fWarpAnimSpeed=5.278..fWarpScale=0.010..fZoomExponent=0.29999..fShader=0.000..zoom=1.05101..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.000..wave_b=0.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900.

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-F3N0J.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8298
Entropy (8bit):	5.205205906065278
Encrypted:	false
SSDEEP:	192:rKQy5q7yinL9RdAOgwZnbXmYCKzTgF72Rg0EYq4Jj:rKQDL9RdAOgwZnbXmYCUhhEYq4Jj
MD5:	2CF354F16B5238EECA9364495377BF73
SHA1:	7C32448E1440345E7DD9C38FE8FE160EA3069833
SHA-256:	DDE914B1D74C24B749367A5129EE51C7AC2CB3D5DF19FB54FE9B15B1DDD67AB5
SHA-512:	3D67B794CD94A4F5AC388FAAE1E17D923D01FDCDCBB979C45848F93BD1EFCCAA0847E55C579597FB047033CFAD314D9A201B26294E4AB724C14A6B0340FD28D7
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.000..fDecay=0.955..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.619..fWaveScale=0.628..fWaveSmoothing=0.900..fWaveParam=1.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=1.000..zoom=1.00796..rot=0.02000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00016..sx=0.99967..sy=0.99990..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=1.000..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-FIN83.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15231
Entropy (8bit):	5.341833655174419
Encrypted:	false
SSDEEP:	384:rUAReL9RdAOgwZnbXmYClMmNmfjUX8SY3eEpVkLzuC:rU5L9RdAOgwZnbXmYClMmNmfjUX8r3e/
MD5:	4B29144F2E83274B0C2EC957E2F173AC
SHA1:	80D3E548121290AABA20DFA2457AFF133C6CE39E
SHA-256:	5EF883191A25C8907CCFF2E48A2DFF7F01F7599EBCED637259D8B503A1AF0DC0
SHA-512:	FF079484A5E43DB034B16231263ACCB32095D2987E30D9B5665A62D70C2CC964A6F36A643CB77434E825F647E52C5D1253F6385BECA5EAC89E8E6825EF9D9918
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.625..fWaveScale=0.242..fWaveSmoothing=0.000..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=13.29089..rot=0.00000..cx=0.500..cy=0.500..dx=-0.28000..dy=-0.32000..warp=0.00909..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.080..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.050..ib_r=1.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-JIF4L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	12511
Entropy (8bit):	5.214775921819049
Encrypted:	false
SSDEEP:	384:rNrLfO57fOeGBOjx/OQsB+ibnbbCYWQCKvy:rNrjAMQm+ibnbbCYpPa
MD5:	F39B6174D6C40CBE3F77C65E6AAF786D
SHA1:	BF7268975E4C6F049F02F75DC198F053D9FC4A02
SHA-256:	4FBB74A45205B6301DAB5F32F03F4C2DB2DD0A2802604FEDBBF79A7DECC41CC8
SHA-512:	3B66F38565F069F4FAEC0D199926789554AB2BE7EB91C39610395F5B81B22813BB003C01058CB78B37B2382FA6A78D06929CE61F5BF4859EF825A1EC0D1195BE
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.069..fWaveScale=2.115..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.772..fZoomExponent=5.00873..fShader=0.000..zoom=1.04163..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.000..wave_g=0.300..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-KLR7F.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6133
Entropy (8bit):	5.025542155454455
Encrypted:	false
SSDEEP:	96:8+eMr6I6zeBH62SF9B+0AOg29vDPhnbnv4qmYzmKlTs0scJ2M//ek:rmIse56209dAOgwZnbXmYCKi0h2U/ek
MD5:	441D7240C4AB4B56BA67307F92432543
SHA1:	059F0C26F43E3942A59B7E8FBD4B577F014DCD15
SHA-256:	136C8EF65F7AE6EA0C8FD28FA4BF7E01E07CD665C423BBA79B2D3FD754501C0A
SHA-512:	57689B5078D7F50C07B95FDC157604B911F0DF593F0444CCD7BDEE3B1D587AD587702FF9E262A4B6E1CAFC0CAABD1D26C6DF00C9523120E88241A94FD5FA8239
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=0..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.700..fDecay=1.000..fVideoEchoZoom=0.997..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=6..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=2.803..fWaveScale=0.060..fWaveSmoothing=0.750..fWaveParam=1.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.14947..fShader=1.000..zoom=0.94204..rot=0.00000..cx=0.650..cy=0.350..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99999..sy=0.99999..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=1.000..wave_y=1.000..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=5.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-LJSRE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11007
Entropy (8bit):	5.270086764837012
Encrypted:	false
SSDEEP:	192:rWBrAL6C9RmAOgwZnbXmYCKJXZGbnBo0N/KtdEl7Ho629RIZAL:rkrA39RmAOgwZnbXmYCqJGzBT96dEl7y
MD5:	73B8215CF6542E514A21583D5DFFDBC8
SHA1:	981CD778A0EE4793A84B3C394AD1228356C8A591
SHA-256:	3245A8C7DEB3099A34821AD383933F1961E703FAEC0D8ED5E91DA7222416AD27
SHA-512:	CEDE54733B06E257E9A9AFA3EEB6A5220732234DB964A058787F32316869086EDC5D7D76F441F65634F04C0A0240903D87CBBB30366E69D533758E7B411BB522
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=2.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=3..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.800..fWaveScale=16.217..fWaveSmoothing=0.750..fWaveParam=-0.440..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=9.861..fWarpScale=16.217..fZoomExponent=1.50374..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=1.00000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=1.000..ob_g=0.100..ob_b=0.000..ob_a=1.000..ib_size=0.050..ib_r=0.000..ib_g=0.000..ib_b=0.000..ib_a=1.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-M3E5B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6460
Entropy (8bit):	5.077928746422446
Encrypted:	false
SSDEEP:	192:rUd46+5qSz6nL9RdAOgwZnbXmYCKBHOCM2ZXo74Mp:rI46MML9RdAOgwZnbXmYC3Cxo74Mp
MD5:	E696B6FB692E785EC71C10512BB2C442
SHA1:	A09444DFCF14AF57C26E9EC1A91BE24545EF43DB
SHA-256:	891A7BDCD8038EA8C340428E70553D227F252D04B326AD01D04EDF6B9DA729CA
SHA-512:	F2CE1B05FA8565461A470CEAA717301D1B2458167B7E245F411A1D5154F5BA7982FE4CD4186EFB9EBD73314D130104D5B22633DA0D4F674510BE6C3DF13508FE
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.973..fVideoEchoZoom=1.047..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=1..bSolarize=0..bInvert=0..fWaveAlpha=1.000..fWaveScale=0.439..fWaveSmoothing=0.500..fWaveParam=0.000..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99951..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.976..ob_size=0.500..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=0.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.000..m

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-MFEBE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21888
Entropy (8bit):	5.156284657819161
Encrypted:	false
SSDEEP:	384:rg7rvf0nBBTWjRlDQ6QAOgwZnbCyYCSr3fFw8:rirX4/KHbQAOgwZnbTYCUPf
MD5:	BFEC394ED0C4AE41ED46F1FE7D8A2ED1
SHA1:	42F69EF2A55086E2B4084B30CE3BAD7C639871B8
SHA-256:	C9C5A9D269CAFD83CA83053ACEED9FB818AA63A9990023431EAE6A16E02B3F63
SHA-512:	2E492C4E624BD51D901EEA4D8DE9E2663CA5D6B6BDAE1870CC7887ECE1A53498E7EA234FD7C686541CC30C12F3C7B809D9DA5884722FCE0434FCC40A71558839
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.000..fVideoEchoAlpha=0.500..nVideoEchoOrientation=1..nWaveMode=2..bAdditiveWaves=0..bWaveDots=1..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.012..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=2.853..fZoomExponent=1.00000..fShader=0.000..zoom=1.05101..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.400..wave_b=0.300..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=0.000..nMotionVectorsY=43.200..mv_dx=0.000..mv_dy=0.000..mv_l=1.000..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-MVIAJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6602
Entropy (8bit):	5.112371642352496
Encrypted:	false
SSDEEP:	192:rnroy5qq6nL9RdAOgwZnbXmYCKt269l2ZtXtbtptmGS:rnrotL9RdAOgwZnbXmYC1zdBnrS
MD5:	B473DC20DAAF084E6E59FA38E7E69BF6
SHA1:	EB456F635688196171B2ABE6910D4D5D6C9DEE96
SHA-256:	E8AF144AE7DE9D7CB6273312D5D9D005CFF9A1956332A0731D2D82E026D08E56
SHA-512:	8613E7BE215140F65D637FDCFCE167428D43CBCF081CB59B9D303CA4C040B624253AE5A34D22A66CFF26A6A23E4334FD7DB702A14192ABB1A623BBA6988EA141
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=5.000000..fGammaAdj=1.500..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=2.707..fWaveScale=1.862..fWaveSmoothing=0.000..fWaveParam=-0.200..fModWaveAlphaStart=0.770..fModWaveAlphaEnd=1.010..fWarpAnimSpeed=1.000..fWarpScale=1.772..fZoomExponent=4.40100..fShader=0.000..zoom=1.03100..rot=0.00300..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.00000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.010..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-Q9Q9O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6772
Entropy (8bit):	5.110842696376446
Encrypted:	false
SSDEEP:	192:rWDaddc5qV6nL9RdAOgwZnbXmYCKr/8c42ZtXtbtptmY:rXdiL9RdAOgwZnbXmYCATdBn/
MD5:	8A249D79AFC6D624EB2BDAD366F4D5F2
SHA1:	B42E325B66E57578D9FB420FD03A9CB23087E05C
SHA-256:	6DC111CA1BEE803B56DE0851E06989B75356C059ABF65F73CF50B987787AD9EA
SHA-512:	AF99690D666D88AAFD13B30E58363D2B6E0AEB64040B61F44871C12B232011062019C916D9DAB5807BD0F6CEC315916F2F026284A52F920BD17C2CE3E23066DB
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=0.000..fGammaAdj=1.140..fDecay=1.000..fVideoEchoZoom=1.002..fVideoEchoAlpha=0.000..nVideoEchoOrientation=1..nWaveMode=4..bAdditiveWaves=0..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.577..fWaveScale=0.010..fWaveSmoothing=0.000..fWaveParam=-0.240..fModWaveAlphaStart=0.500..fModWaveAlphaEnd=1.000..fWarpAnimSpeed=32.544..fWarpScale=9.738..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=0.500..wave_g=0.500..wave_b=0.500..wave_x=0.500..wave_y=0.000..ob_size=0.005..ob_r=0.010..ob_g=0.000..ob_b=0.000..ob_a=0.600..ib_size=0.260..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=16.000..nMotionVectorsY=16.800..mv_dx=0.000..mv_dy=0.000..mv_l=0.15

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-RA8VD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8610
Entropy (8bit):	5.180414001872709
Encrypted:	false
SSDEEP:	192:rKoo5q+X4O8DpSh9UV+LgYORnBero4UYo9i626t:rKoyozm9UV+LgYQnBE4i8
MD5:	16AF1223EAE34F0BDEC23CF4053EDC79
SHA1:	807F4685FCBD178DE65F968A8424C989C5BFE67C
SHA-256:	32986D5C6B3E8189B5EF28E3C4A166153D311A741EE05F1E4BA5DEE875777A61
SHA-512:	5DF74B4D4BCFE5F011F22BC65C033AAA84FDD778D3A891F1048F2CB0E44C8E0CCD1048C6EDDF4ADEEE6E5F5325D6E3F6ECFDC8B906438ECB03DD5E4A6060501A
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=0.325..fWaveSmoothing=0.900..fWaveParam=0.000..fModWaveAlphaStart=0.880..fModWaveAlphaEnd=1.980..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.00000..fShader=0.000..zoom=1.13500..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01605..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.000..ib_size=0.000..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=1.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-RSV67.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8859
Entropy (8bit):	5.171582908439854
Encrypted:	false
SSDEEP:	192:r/eUV9im0XqWHAOgwZnbXmYCKXo269w2MdnOU1QG:rmtYWHAOgwZnbXmYCs3F9+G
MD5:	FA952F3F87DB656BC6F75DA90F477F28
SHA1:	BB868CDE0D83DE75F1D8EEE13DA7C12F5DA1462D
SHA-256:	6868A5C582A835A47155AACD267D27A4BEB7A4580B491912BDCF4C45144FA790
SHA-512:	D84899F18B9AF083B93A04A7D317D97C9D3DA45A61F4D5262B6656CDB513B4816D84826D815D1BEEA1B16C37DE27DA0D5DD36781D951CC9388835158221B9A35
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=4.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=7..bAdditiveWaves=1..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=0..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.286..fWaveSmoothing=0.630..fWaveParam=0.000..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=1.000..fWarpScale=1.000..fZoomExponent=1.31060..fShader=0.000..zoom=0.98030..rot=0.00000..cx=0.650..cy=0.350..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.99999..sy=0.99999..wave_r=0.650..wave_g=0.650..wave_b=0.650..wave_x=0.500..wave_y=0.500..ob_size=0.000..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.075..ib_r=0.200..ib_g=0.200..ib_b=0.200..ib_a=0.050..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.0

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-U20J0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6920
Entropy (8bit):	5.074141856933304
Encrypted:	false
SSDEEP:	192:rLcyR16nL9RdAOgwZnbXmYCK1SuHDab269b2d/b:rL1aL9RdAOgwZnbXmYCuSumSxb
MD5:	292B60A60DAB2692F6BC7CAE82833B6A
SHA1:	DD51998B8A3D25774180625F37BCB32D5F5EB397
SHA-256:	4FBAFE64B3239E5117E0A39F31E45D10F2CE99FEA40539AC502E919F1A969428
SHA-512:	7CDAF5D506C2F47809F2C6C6E0543E75EA010266AD6C208B61CF605D52FF10C151E97FD92209B5DF292B11BB75283809ED30E06F102FF61ADEF212521F582144
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000000..fGammaAdj=1.000..fDecay=1.000..fVideoEchoZoom=1.007..fVideoEchoAlpha=0.500..nVideoEchoOrientation=3..nWaveMode=0..bAdditiveWaves=0..bWaveDots=1..bWaveThick=1..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=1..bDarkenCenter=1..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=1.000..fWaveScale=0.797..fWaveSmoothing=0.000..fWaveParam=-0.500..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=1.000..fWarpScale=1.331..fZoomExponent=1.00000..fShader=0.000..zoom=0.99950..rot=0.04000..cx=0.560..cy=0.800..dx=0.00000..dy=0.00000..warp=0.01000..sx=0.97237..sy=1.00000..wave_r=1.000..wave_g=0.700..wave_b=0.500..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=0.200..ib_size=0.005..ib_r=0.000..ib_g=1.000..ib_b=0.000..ib_a=0.310..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.9

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-V5G3N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10398
Entropy (8bit):	5.184128039098001
Encrypted:	false
SSDEEP:	192:rL0T6nDnRG89fYgLGXGR2bPTu6kdYCZGVUpb20JxUeOjQRtACU18u:rL0EDnRvfYgNR2budYCwUb4tCU6u
MD5:	29AFFBB43A6D7A7F5172613790B52CF6
SHA1:	352A19E695C13A26EFF7EB812E41C7F14E1F55D2
SHA-256:	92935A7C450580A3524AC766F604D05CC0294073352DA6C6364292FF9A985A0E
SHA-512:	E4ACCDDCD5A0E07757D0E5287D095337026954DDC7736B824ACBCA935EDDAB42D3716228D6805C095871FB246EA91BF29DEEEA459F0D5FBADB2E99976999EFFB
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=0..[preset00]..fRating=5.000000..fGammaAdj=1.900..fDecay=0.980..fVideoEchoZoom=1.169..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=6..bAdditiveWaves=1..bWaveDots=0..bWaveThick=1..bModWaveAlphaByVolume=1..bMaximizeWaveColor=0..bTexWrap=1..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=4.224..fWaveScale=3.672..fWaveSmoothing=0.666..fWaveParam=0.100..fModWaveAlphaStart=0.710..fModWaveAlphaEnd=1.300..fWarpAnimSpeed=0.037..fWarpScale=0.015..fZoomExponent=1.00000..fShader=0.000..zoom=1.00000..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.03300..sx=1.00000..sy=1.00000..wave_r=0.100..wave_g=0.100..wave_b=0.100..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.005..ib_r=0.000..ib_g=1.000..ib_b=0.000..ib_a=0.000..nMotionVectorsX=64.000..nMotionVectorsY=48.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.8

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\presets\stahlregen\is-V5VLI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6677
Entropy (8bit):	5.045146957080457
Encrypted:	false
SSDEEP:	192:rkdoh5qq6JL9RxCAOgMPZnbaRmYCKz6PJeqhP:r4oIL9RxCAOgMPZnbaRmYCRQA
MD5:	F832A6E115F35300388230F8BEA14365
SHA1:	DFAAF52A6665A7A46BBA160C0BBBD349E9E8A9D5
SHA-256:	9B0F8C2C19306C02D5165B4615B6BD7DC48B1120EF3ED79AE402F8DACC3389E3
SHA-512:	E62A2FD0A769272646910EEA071CB5531539D7296468772C0014B17CEFCB42A60CD8838247E0B8C5A89196531B22B9735E33C5E24C6EADAE71442CF3836AAE94
Malicious:	false
Reputation:	low
Preview:	MILKDROP_PRESET_VERSION=201..PSVERSION=2..PSVERSION_WARP=2..PSVERSION_COMP=2..[preset00]..fRating=3.000..fGammaAdj=2.000..fDecay=0.980..fVideoEchoZoom=2.000..fVideoEchoAlpha=0.000..nVideoEchoOrientation=0..nWaveMode=0..bAdditiveWaves=0..bWaveDots=0..bWaveThick=0..bModWaveAlphaByVolume=0..bMaximizeWaveColor=1..bTexWrap=0..bDarkenCenter=0..bRedBlueStereo=0..bBrighten=0..bDarken=0..bSolarize=0..bInvert=0..fWaveAlpha=0.001..fWaveScale=1.000..fWaveSmoothing=0.750..fWaveParam=0.000..fModWaveAlphaStart=0.750..fModWaveAlphaEnd=0.950..fWarpAnimSpeed=5.278..fWarpScale=0.010..fZoomExponent=1.47412..fShader=0.000..zoom=1.03030..rot=0.00000..cx=0.500..cy=0.500..dx=0.00000..dy=0.00000..warp=0.01000..sx=1.00000..sy=1.00000..wave_r=1.000..wave_g=1.000..wave_b=1.000..wave_x=0.500..wave_y=0.500..ob_size=0.005..ob_r=0.000..ob_g=0.000..ob_b=0.000..ob_a=1.000..ib_size=0.010..ib_r=0.250..ib_g=0.250..ib_b=0.250..ib_a=0.000..nMotionVectorsX=12.000..nMotionVectorsY=9.000..mv_dx=0.000..mv_dy=0.000..mv_l=0.900..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-5JEAU.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	22333
Entropy (8bit):	7.957667824258167
Encrypted:	false
SSDEEP:	384:ZWNA2UWLTEsQuhVszQjulXBO/u93QOKKz/M4HAC2J5wKCorm/Jffh4wuyBJZr:ZYhVszQ6lXBXJDdADSor4hGyrZr
MD5:	9EEF6E2F773101BE86AF0F22A9015C6C
SHA1:	2A1A986A34155A039AD1731D019397FE9D9E3FD6
SHA-256:	37EFB7A166E94F4FA5328114860B05812434953DF045FF9C8C91B96E63471A99
SHA-512:	7C0AEA1164C81D4F6A31ECAB0E51924789A86792716B26E4DD914A01B50B4C2FC107A23B8E3469F75E8A6A768C062DEB18434972BEAEE4C86AFDBDF3543AA5E9
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C.....................................%...#... , #&'))..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((...........".......................................:.........................!1AQ."aq....#2.......B.3R$br%4S.............................%.......................!1"A.Q.2#Raq............?.Q.qW.....K.}Ga...s..YiM1..M&B.g.on....~..J.H.&2..a.....zb.q.......WLfG..k..o..a:He...]...0..Hk.D.P...O'.p.F&.J.FJ#.%....m._..r.e..\|..V>...a.$.q..rL.."c..h...(;.........R.Ec.......5P.K).,vq....nsF.`....L3!+%..;...u..s.E2259'L...A......QB[......K.a........tW..1Y...J.4y.4.<6...%..........&..H.3.b..N....\...P....,..^@\..$......C..kk..&.C.......88Mt.^.'c.c1.Z...w.`...Y.`A.7..J......h.......v....2....-E....m......fN...$,.]...;.O....fQ@+B...~U\..J.7..m...L.2.%....@.X......D+.aKh..8.]..?....)..0..}.....w.9....R%-MSRXH.3...v..lf.'..j'J...H..d[.....?..Y..1.R.p..x...0OES1..P.\.u....~....I...../..f.vo.i......=

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-8E46K.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	28690
Entropy (8bit):	7.865568826254863
Encrypted:	false
SSDEEP:	384:oP+xLqu8d2GOI6sDvYY4UzSIa208VK7C7YRKCyXmQGgfzlVAE+E7HV9U9AhDaT1A:Ocuu8gGOIBL4tEExgEAj7fU+hDH9H
MD5:	4B1595D93DAA79206A2D1DBEB92F2333
SHA1:	8A99F032E88AF4A1AD56A70EFCC848FF2285EDCD
SHA-256:	259E5122C42220369B8EE2F3570858E08DB668BDA9832CD96233ED4E11AE9E25
SHA-512:	045A4E94754CF0F2A0A105446E21C950D7E6B92EA80536D7A3D3E08CDCF4DD96FFC8A527AD887864DDF3D30C6432D0204277D21F91E8067EF2EC1F5ABFB1AF13
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H......Exif..II*...............z...................................................(...........2.......................i...........J...Canon.Canon PowerShot S400............H.......H.......2004:10:16 21:27:37...................................0220........>...........R.......................n...........v...........~...............................................................\|...N...............f...........0100............................................................................................................................................................................2004:10:16 21:27:37.2004:10:16 21:27:37..................................................................................................................................................................................................................................................................................... ..._... ...(......................._... ....... .............\.................

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-94IJH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	53403
Entropy (8bit):	7.959768117855196
Encrypted:	false
SSDEEP:	1536:aUy+JDCoCuGtvCdWrSTfeF0bhnpme0GDn/:aUtJA/rSTfeqb+XGD/
MD5:	F115AAD85B01C031F20A39DB34C1D2F1
SHA1:	A6B64C4D19B73EA051408CC9577645578C654AD8
SHA-256:	73C63DAFB7F61EA742BA0612CD9B070A62D66E5E4C28ABFAC738ACFA9AAEEAF8
SHA-512:	2AE4EFFBD3DC8368275E443A63C0187E84641552177E2A9F27DC721711F5B583389F6776A0FE457E7C757F3FDCB8A7E296D9D7F6480C6BE02F0A2E052F35C079
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C............................................................................".........................................<............................!.."1.#A.2Q..B$3aCRq.%4b.&DS..................................7......................!..1A.Qaq.".......2.....#B.3$Rb............?.U....q...b.e=T..L1G.`......u.{[.tHQ_R[_....D.U.Xf.....lJ.......B{.m...C..Z)!_:.T> ....F.-.k..'c8S..v.Qb".jU....d..u!...B.T..O...).q..z6C.....9.)..[...+i/._..m.. ..W_.....z.......$+...mq.Z.xI-"T&...Kc.qpGQ.j..;..r=4....+..'.e.h+Q[.%N.t.@....eg.-..}25.j...P.k..S..S)C..=B..q'd..d.G...$.{4..G..\|.~[....4i.u.j.W....)Z[B..J.TS..?..%g.u..4.r....W.u%1+..n.MK`.:f4..J.RU.AJ.h.[....%.......oo.1.;/...m...S.4m..B..fE..}....g.,.R..<..\.!G.R....>}f._.M.j......8..$0".:JR:$.u!JV....../.["r.+..Mi._..n.....u6..(o.......8...CC...2.L_...a]..P.w%%.p..4...".XZ>0....IX..g.y].FoJ.%)J.7<$........W..+q..:...

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-AJ8FR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	21118
Entropy (8bit):	7.972084919532467
Encrypted:	false
SSDEEP:	384:vNpLh/kAv9YFyBkiC+TVlD6MqwG9LNcQ0GSuWBitAL86FWp2S1k/Od:JMM9ev+VlPwhiudWUmL44Xo
MD5:	7DA42D9E6D66B268E72286021A90FCF5
SHA1:	5AAC0DB0FE03629F1FE290C238E52F36D1EA3950
SHA-256:	D2DD6468E1417DF888CFA4EEC2FE6F7DB740649B70B8B7AFC9D5E58FDD0EDD68
SHA-512:	BBD894D51824BEDCE74B67F4607C809A9A94DF7F6B7FD8C82B05D45DC7F454A72E5EE5474AE5965577B686FDFB02BD05881193C379CE44D5941015095D897BAD
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H.....C................ .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO...C.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K....".......................................S.........................!.1AQ..."2Baq...#34CRTr......$5Sbs...%DUc..E....&6dt...e.............................$.....................1.!AQ..2"a3B.............?..?.RM.....\..j).$Au....>..SB\|G@.&..&.........v....1..@..RD.....<... ...)\..<......&q[.l.......[.#._:.....N...Y...Lv4.T....t.....2.M..o...0.2.Y..".C...._#09.).Jj..X0.b..yk@y..T......q..T....fk.fwJ...iO...c...)..,....WP.~I..".M.#6..n!$.8.[........iO..}..f.<.g..^......P6M.r..>z~..>..P.J...{.u.6..^......W..`......"....g{'....6....^..h.hy\|.wZ..nN.......bC&.{J'.z..}....Z._3.]....]3....L........L.....N....t../....Ct.......WfS%........\a...._.......>..h..hc...\|.vad.m.2q.AT..%.i.....>.t../....@.v.{.k.;.[.Y/......K.t.....u.hS.....E.h......ad..$.*).@l.f..a.!..$hWdQ.../....F-KG..}..GT.-C...X...n..

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-D3KQF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	34369
Entropy (8bit):	7.956335554000816
Encrypted:	false
SSDEEP:	768:H4oCxy9FesfSIfIz95xUl+X5A8dBEP+rPon0OOuEPB5c:H4oQwf1e5icX51CEPonJEZ5c
MD5:	09342CB0CB519C159F9C6108EE5BF90A
SHA1:	3D449529ABC691DD93ED6445CD3960F664F0E469
SHA-256:	3994768679343CD562E41F3A1743CDBAF892B1F93A258075B10EBDB59420AFF6
SHA-512:	ED08A633CEC1126B84AB0889F1DA1CE3754FD872D356EB3F3CC347B52B903DF782631AE35F3159D50F1F72C56A7D51D75DA592CFD7B730FA513C9F947A20C29D
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C............................................................................"..........................................?..........................!..1.A"Qa..2q....B.#....R.$3b.%4.rC................................6.......................!.1.AQ."aq.......2....#.BR$3r............?..zh..q.h{r@B.&bG)G.uX.M6...3.ASrk.2.:r.........lm.?.m......m.....#=.y.'......"..4...`z.\w..d......$.....WA...R.V..p.}O.'mn..u\n\.^J.w/.....5m..;ow..,.....4.~/.9..ol,...Gu.1.T..W.........M.q&.I....l!............B..{m..WJZ.'.....*.o....v...O.<....W.........V.#....c.a0c\R..?..[...>.....o.F..fT.(.Z.j..R.?..B..U#...O....q...wU.=..j\..I...d.w{..B..%.....A..I.......J..J...t.. .C.P._....&.c!.K..FP.\|..c.?...hNN=i..J."}M'#...Uy....~?@...x..x.;.:..h.L16.L.O.A'.H.lv.mX.X2..-!....2.s..E..F.B.Z..?...em........4P..l...s?....p....x..........]a..H.J'.A.%.s....X;.....c..[...5w.ZJ.O.........P

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-KLMMO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13613
Entropy (8bit):	7.543156944962432
Encrypted:	false
SSDEEP:	384:7BgQtjDHWq0KphtEizWTSXaOq5YxB3mrhE6jpCkD2:tn2XKRE9SqOq6xB2rO6VCN
MD5:	C73D8683B3557F84D3B6E95FD2B27778
SHA1:	23FC83839B603BE9F05504FC8F140B20E53A1BAB
SHA-256:	25A2555BDB48676F7F09E03C25A1EF922FC5B3B24156C29BDE907C3BC233D2E0
SHA-512:	EF1E18D0E0D2A5EA272898374FE102BDA55677516E04388FC3DBE24B925C9A9F5F5D8A7A2AABD6B6C09B06D076A003B690E409943181E20B258CB2821A66CDE1
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H......Exif..II*...............z...................................................(...........2.......................i...........z...Canon.Canon PowerShot S410............H.......H.......2005:03:12 14:47:02...................................0220........>...........R.......................n...........v...........~...............................................................\|...~...............f...........0100............................................D...........,...........4...................................................................................<...................2005:03:12 14:47:02.2005:03:12 14:47:02.................................................................................................................................................................................................................................................................................`... ..._... ..........................._... ....... ...............................

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-LJ9UO.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	27622
Entropy (8bit):	7.955348411082234
Encrypted:	false
SSDEEP:	384:cJdjmWpxqb18EVlE2NkKDmdoHv7K3DFR4cfG44mL9ZVA8cUkFaELZ0YS:cJdrp0pfsqkKaC78RN79ZVA8NZm0x
MD5:	E175053CC488ED7C4F79FA3742C2D13B
SHA1:	EAEDDDE026BB1D989AF9AAB7CDC8B726F9B7C06E
SHA-256:	4815995B55060430723358D097D3A25363A635317B44ACCCEFE5E092F2134587
SHA-512:	691C7469FAC5300FC2117EDC9F483864A5638995A1EB109DE790BD2E7DF8890F4CB9A4AF837E7D7F208DF653EA56A4E8401AC9F787471F055B04E1FA3AA3C44D
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........GG.....S%..li.b.....yO..dd..I..mG\?.......x....w.........?.....~..r.^I.)).._.k...R....knz.J......KNI.ml.6UR}.k.....e}k.../K....[D.CI..!.$.k.\|k.^.kU..d?.p..c]...+...T...._%..K...G=A...,.Z.=N....+..w.9..W.............!.^=._...x.[......`rFq..).l....O.............=...,..x..u...\.{-.......r....@.s.v..X).GN.-%(..b..z>.........0$...5......<.2Go/..=K..?.}w

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-N044A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11354
Entropy (8bit):	7.475668120584531
Encrypted:	false
SSDEEP:	192:7xNZ7c1eOe43yYD+iiPhqTcZDgFjiPQxMVSXFNdgItkPhRweZa:7nZ7cQOe1F/PKcJgXhkPhRw9
MD5:	523C6BC9481FEC51811DA75B7076226F
SHA1:	53EBAD08DF858682D0E0BCDE91121A335B8852FD
SHA-256:	F0F718609C5A911B4A394C750F6FFB8AF531EF8551657EA03DC1F688127E0302
SHA-512:	5CF7C511D2D026BF65C07A93E3DAFEECF6BDE3258486CE0857062B8AA4D6281CC602CBAB7C5F3CD0B4959C5630E2F3627E68C633548F9C8D0AB72D0882C7AF47
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H......Exif..II*...............z...................................................(...........2.......................i...........J...Canon.Canon PowerShot S400............H.......H.......2004:10:16 16:52:26...................................0220........>...........R.......................n...........v...........~...............................................................\|...N...............f...........0100............................................................................................................................................................................2004:10:16 16:52:26.2004:10:16 16:52:26..................................................................................................................................................................................................................................................................................... ....... ...........G..............._... ....... .............\.................

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-O9KBH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	11067
Entropy (8bit):	7.595193642357555
Encrypted:	false
SSDEEP:	192:vuNke3bw+PcQLPEO9Os90qvAoUTHWSBMhj+vVQev6Zw0rM8SsuK:vCkaw/GcYgBMhidQeiO0dfj
MD5:	A70B0492594D1AA3D2FA803859E2E420
SHA1:	DCC264FBE34B26260BB6BDFB329FA8053F6FD3F6
SHA-256:	6348BD19522F2C6A27F76844A4588FE0327C9D9414EAEEEC4162895F085D4268
SHA-512:	368670F7A4E99EA6344B7A90F17A5D447E5FF0A3FEE95E9B7773E80D6D46571C7C771FBBC947367AD44240293210F216156BD5D1AE22A23F8EB580448563E6E2
Malicious:	false
Reputation:	low
Preview:	......JFIF.....H.H......Exif..II...............z...................................................(...........2.......................i...........f...Canon.Canon PowerShot S110............H.......H.......2002:01:19 17:33:20...........V...........^...........0210....................".......................>...........F...........N...........f...........n...........v...................................~...\|...................6...........0100............................................0........... ...........(...........................................2002:01:19 17:33:20.2002:01:19 17:33:20.................................................................................................................................................................................................................................................................................... ....... ...........H................................... .........&...............h...........p...........x.....................

C:\Program Files\FlashIntegro\VideoEditor\Templates\AudioVis\textures\is-U53T5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	30493
Entropy (8bit):	7.955137040448158
Encrypted:	false
SSDEEP:	384:Rwbu9sg7/eqIM70SyyvV/2Az5eWJ7WYs80587TmyYc0wsMZ2DN9+Xw4zPUTpUKVk:1tWqIMHbJ7W15yWcWMZQNsg4zsRVKdpb
MD5:	EE008615F879CDCB72A80FAFAA386175
SHA1:	06306BBB4557BDDA40C3BFED2CB8C672DA64497E
SHA-256:	57E7EB55D35A96158B97CC1F025F294D07F99A3355B4C8571D95A82A47B1B0DE
SHA-512:	7597D5F430C92D115777EA274BB0D1F4D806A24FED1E960B7E0C9F4A986264ED835E3082D9A85BBDF09D57CACE97549CC27A65E74D0A4D507C4303B92E1BF95C
Malicious:	false
Reputation:	low
Preview:	......JFIF.............C....................................................................C............................................................................".........................................F..........................!.1.."AQ.a.2q..#BRb...$3...%Cr...4S..&c...................................5.......................!.1.."AQaq.2....#..B...$3r.............?..p...R.....z...)M(r..r;.M.r.}...)P.%..u..t..\.$.. '.rx.E.p........)K.8...v....'.....ZSt.)I[E$...N4.p..]\|.....R}.....u..z{....l.)..I..$j....Y.>.!...e...=.4c.f`u...4..JR?A.J.JC.jR.J.RC...7...>Gq.j....:........\|%.d.O<...w.z.}...........-..IWJ.Y<.\|g=.j..R......B......0..........J}N2.._Z.....".LR^....N.q....P ..:...Ju.e.PoG. H..4..d.[B....W$....Y+K.ZB.+qJK...}.xU.+.YZ.ZxZ..'.:...Ty$....X>..:C.;....}..E..yHR\J.(..>u.....!...R..<..J..%..x.@r...1.9...}<.....7Q..[[....+.d.r.'.,...NG.hB...j6.=.i0.z\|..ECQ...2......8.D..J...A..`+.'....}.;.\|.wJUn...C2W.. <..8..........<56..Ly=q....C..;.G...2..<!.H9

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-0P374.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9490
Entropy (8bit):	3.4273353891983014
Encrypted:	false
SSDEEP:	96:rswy4K+rEOZAsqa+M6N0bhexWHG9l8rXhF3Urjo6hQgCwZuO1MSc+36FNL00Z828:wF4K+KBl8P9mBULe
MD5:	0871AABBB223D0FB55540FE7ACBC51CF
SHA1:	085476DFE9B8F75A11399008E4AD6E931C3505D5
SHA-256:	90AA62BAA98F460F4911C1D7794E54B1697C524A82229C62F632627A9339EDBA
SHA-512:	FECF554978ACD9E5A03FE7BD987DB75190B5759275867B6119E95581A09F0ADA68CA30BD07BED91C46D80683B4A8E412721FCBF776DDEEB5AD655804A6EC0699
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.s.p.a...o.l. .(.S.p.a.n.i.s.h.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.I.n.f.o.r.m.e. .d.e. .e.r.r.o.r.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a. .d.e.j.a.d.o. .d.e. .f.u.n.c.i.o.n.a.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.o.r. .f.a.v.o.r. .e.n.v...e.n.o.s. .e.s.t.e. .i.n.f.o.r.m.e. .d.e. .e.r.r.o.r.e.s. .(.%.s.). .p.a.r.a. .a.y.u.d.a.r. .a. .s.o.l.u.c.i.o.n.a.r. .e.l. .p.r.o.b.l.e.m.a. .y. .m.e.j.o.r.a.r. .e.l. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...Q.u... .c.o.n.t.i.e.n.e. .e.s.t.e. .i.n.f.o.r.m.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.p.o.r.c.i.o.n.e. .i.n.f.o.r.m.a.c.i...n. .a.d.i.c.i.o.n.a.l. .a.c.e.r.c.a. .d.e.l. .p.r.o.b.l.e.m.a. .(.r.e.c.o.m.e.n.d.a.d.o.).......Y.o.u.r.E.m.a.i.l.=.S.u. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.a. .e.n. .p.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-26N17.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8632
Entropy (8bit):	4.307855702994277
Encrypted:	false
SSDEEP:	96:rswBarEOKEiiYi3x+XHARPSlcNFbP8fowiOxJYzHxhEjK6qM9zprAiKqDxG6ZO1w:wONQ8CbFoAhEFjK6qyzpr9IM7
MD5:	7133F35C69E84C9BFF0899DAD8B36C07
SHA1:	9B71C69D46A9436E3E1C3A7E6517508668162CB4
SHA-256:	AA3B6F6245B27E2D58D3C164264AF853FE6E718BB03D1C6F77B159616C768CEB
SHA-512:	9DBBB09646F74F9DBBC32169489E48CD3801BC00A78566A6CD5DCBC47C33EEC5141C9AF56FF226EEEF3A85FD3B3474C05CA60E2912F040F0DACD5E83F25B1E3F
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=. .C.A.A.:.8.9. .(.R.u.s.s.i.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=...B.G.5.B. .>.1. .>.H.8.1.:.5.....H.e.a.d.e.r.T.e.x.t.=.%.s. .?.@.5.:.@.0.B.8.;. .@.0.1.>.B.C.....S.u.b.H.e.a.d.e.r.T.e.x.t.=...>.6.0.;.C.9.A.B.0.,. .>.B.?.@.0.2.L.B.5. .=.0.<. .M.B.>.B. .>.B.G.5.B. .(.@.0.7.<.5.@. .%.s.).,. .G.B.>.1.K. .?.>.<.>.G.L. .8.A.?.@.0.2.8.B.L. .>.H.8.1.:.C.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.'.B.>. .A.>.4.5.@.6.8.B.A.O. .2. .>.B.G.5.B.5.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=...@.5.4.>.A.B.0.2.8.B.L. .4.>.?.>.;.=.8.B.5.;.L.=.K.5. .A.2.5.4.5.=.8.O. .(.@.5.:.>.<.5.=.4.C.5.B.A.O.).....Y.o.u.r.E.m.a.i.l.=...0.H. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=...?.8.H.8.B.5. .2. .=.5.A.:.>.;.L.:.8.E. .A.;.>.2.0.E.,. .:.0.:.8.5. .4.5.9.A.B.2.8.O. .?.@.8.2.5.;.8. .:. .>.H.8.1.:.5.:.....M.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-4CTD0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6012
Entropy (8bit):	5.008950496948138
Encrypted:	false
SSDEEP:	96:rsdsjz2Yy5EOzwyYgZvNR/4YlfcRYsXXveLVbK6sbHBU2cwQRfgZwNMqhjlfDk+:wa8H2y6jkwon/k+
MD5:	734EDE39B3C0908BBA4C4DFD4D94CCFB
SHA1:	79BF0855227E8F30C5C8374A60B24BA6FC631BF0
SHA-256:	E5E774D8EA8EE657A8E25E0F90F0FA18DB40BDADBD47A6939473557508D8A7A6
SHA-512:	2EF962E808EA8F58CAA29937AD4684D115AA9A21D56FFEF70351EDB517712CBCF58608F8EADCBB4696E43410273B8CCB6ADB26663F541345E59C98733508BAC0
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.D.a.v.i.d. .M... .C.o.t.t.e.r.,. .d.e.v.i.l...t.a.m.a.c.h.a.n.....A.u.t.h.o.r.E.m.a.i.l.=.d.a.v.e.@.k.j.a.m.s...c.o.m.,. .d.e.v.i.l...t.a.m.a.c.h.a.n.@.g.m.a.i.l...c.o.m.....L.a.n.g.u.a.g.e.=.J.a.p.a.n.e.s.e.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=..0.0.0.0.0.0.0....H.e.a.d.e.r.T.e.x.t.=.%.s. .o0.R\O.0\PbkW0~0W0_0.0....S.u.b.H.e.a.d.e.r.T.e.x.t.=.S0n0.0.0.0.0.0.0n0OUL..0.OckW0.09e.UY0.0_0.0k0.0.0.0.0.0.0.0.0 .(.%.s.). ..0...OW0f0O0`0U0D0.0....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.S0n0.0.0.0.0k0o0UOL0+T~0.0~0Y0K0?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.OUL.k0..Y0.0...R.`1X.0eQ.RW0f0O0`0U0D0 .(..chY)..0....Y.o.u.r.E.m.a.i.l.=.J0.[.in0.0.0.0.0.0.0.0:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=..0.0W0Q0.0p0.0.0.0.vMRn0.d\O.0!\|Tok0...fW0f0O0`0U0D0 .:.....M.y.C.o.n.s.e.n.t.=.[..0.0.0.0...O]. ..0.0.0.0.bY0S0h0k0.0c0f0.0x..bW0_0.0.0.0.0n0.Q.[k0.\|..W0f0D0.0S0

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-5TUHG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8346
Entropy (8bit):	3.749763960246923
Encrypted:	false
SSDEEP:	96:rs533qW9PwtEO40PyZA8tUZDOnRSVAYcqxy6/MaBCK8KVQ8UtS3oqcUYkDOYyDL7:w536W9Pwq4+wBp06VQ8U23SDLUGCXMwQ
MD5:	8E1574B9F46EC84C1C471C76ECDB5E78
SHA1:	F91E0E641F3D4F9F2D2AC4DFD3635FCE386EB487
SHA-256:	5B5B3113C0A23400FB11D311995F82F96AD30792C700F09F35BB40D63987F302
SHA-512:	579607BFFD41ADA4EAFB547ECB1582EFDFCE8C3D44A4F12B0B95CABC5EFC23D986604381E906690C6B8A13F4852F349BA667D39524793511C5276EE0895C3D35
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.P.a.w.e.B. .A... .J.a.n.i.c.k.i.....A.u.t.h.o.r.E.m.a.i.l.=.p...j.a.n.i.c.k.i.@.f.g.2.4...p.l.....L.a.n.g.u.a.g.e.=.P.o.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.R.a.p.o.r.t. .b.B...d.u.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.r.z.e.s.t.a.B. .d.z.i.a.B.a.........S.u.b.H.e.a.d.e.r.T.e.x.t.=.U.p.r.z.e.j.m.i.e. .p.r.o.s.i.m.y. .o. .w.y.s.B.a.n.i.e. .d.o. .n.a.s. .n.i.n.i.e.j.s.z.e.g.o. .r.a.p.o.r.t.u. .b.B...d.u. .(.%.s.).,. .a.b.y. .p.o.m...c. .n.a.p.r.a.w.i... .i. .u.s.p.r.a.w.n.i... .p.r.o.g.r.a.m.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o. .z.a.w.i.e.r.a. .t.e.n. .r.a.p.o.r.t. .b.B...d.u.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.D.o.d.a.j. .d.o.d.a.t.k.o.w... .i.n.f.o.r.m.a.c.j... .o. .b.B...d.z.i.e. .(.z.a.l.e.c.a.n.e.).......Y.o.u.r.E.m.a.i.l.=.T.w...j. .e.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.O.p.i.s.z. .w. .k.i.l.k.u. .s.B.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-609T5.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8706
Entropy (8bit):	3.418128050943717
Encrypted:	false
SSDEEP:	192:w0DiqO3rAVfZZz15oZKY/VekjYT0nOz3vt:w0Dibro770Zat
MD5:	7946240B3F0A4F4690A606E99D033D80
SHA1:	3F1EED3D945155BB9805D3D8A7AB8AB46AEF93E5
SHA-256:	668861ED83446DDD88A52D1DA75B26F81FBBFBD28BEF799DFFD81545B6620929
SHA-512:	6D185ABEF33B9DBEE082161DD0C9DC85D85A23641EA87D02A998B45A9CF9D4E11F5844611A337ADE63BD71D5F8DB436B9A0080B402ACEA7370D63173F5AF79F2
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.D.a.v.i.d.e. .Z.a.c.c.a.n.t.i. .-. .Z.a.k.S.o.f.t.......A.u.t.h.o.r.E.m.a.i.l.=.t.e.c.h.s.u.p.p.o.r.t.@.z.a.k.s.o.f.t...c.o.m.....L.a.n.g.u.a.g.e.=.I.t.a.l.i.a.n.o.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.S.e.g.n.a.l.a.z.i.o.n.e. .e.r.r.o.r.i.....H.e.a.d.e.r.T.e.x.t.=.%.s. .s.i. ... .i.n.t.e.r.r.o.t.t.o.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.I.n.v.i.a.n.d.o.c.i. .q.u.e.s.t.a. .s.e.g.n.a.l.a.z.i.o.n.e. .(.%.s.). .c.i. .a.i.u.t.e.r.e.t.e. .a. .m.i.g.l.i.o.r.a.r.e. .i.l. .p.r.o.g.r.a.m.m.a. .e.d. .a. .c.o.r.r.e.g.g.e.r.e. .q.u.e.s.t.i. .e.r.r.o.r.i.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o.s.a. .c.o.n.t.i.e.n.e. .l.a. .s.e.g.n.a.l.a.z.i.o.n.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.r.n.i.s.c.i. .i.n.f.o.r.m.a.z.i.o.n.i. .a.g.g.i.u.n.t.i.v.e. .(.r.a.c.c.o.m.a.n.d.a.t.o.).......Y.o.u.r.E.m.a.i.l.=.L.a. .t.u.a. .e.-.m.a.i.l.:.....D.e.s.c.r.i.b.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-638JN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8214
Entropy (8bit):	3.46410018464503
Encrypted:	false
SSDEEP:	96:rsw6o2KPZEOTWSucfgjfJpkiZJpkiVxoVrOSBngI3NnS0FivuiLugXeTmZ4dIc8k:wlo2K/uKFVVgOgncoW
MD5:	771DA39B527E886A247A0C0A33FFB715
SHA1:	CB762ABE50294A08A7823C246E02CD9347555B49
SHA-256:	763F0FE5AF80055827FB2563AF696BD1452C39BE080720AB483D0CE6AC36EE92
SHA-512:	628382CF8A6035275B48D6FF3CF0DC17C2B61F65E4EF0F138990A09FD0CF09A4F821E2CB5780A3FDDB49A01E3F6AF1F379ED44BEF290D39B0D04D5E110B7D9A5
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-FAIB7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9150
Entropy (8bit):	3.4945763167127226
Encrypted:	false
SSDEEP:	96:rsw6KEFzpEOfykDiY8E1VwyS5mYFDMdaCF4wvXT4trYy9CwjewTs0Rj0DyfmEW/U:wtKsD5OFgD4E4xt0wVYZyfYK1
MD5:	088F56F41CAE74E6C399FAD788829B93
SHA1:	59E3C6542B92ECF5A63CB9BCA529823498721437
SHA-256:	562B71D6B0340D8F5D881198A164FA857A646F4E43D01C76270A71D65588E605
SHA-512:	9A95E2C09AEEF76B55B9021D151A5914802D0A5E7E17DA6128D5165FA8F338ECF5BD38CD056A43A3041C1893299FD0002186B756245A4534FE7752C5D9E03BDC
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.D.e.u.t.s.c.h. .(.G.e.r.m.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.F.e.h.l.e.r.b.e.r.i.c.h.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.t. .a.u.f.g.e.h...r.t. .z.u. .a.r.b.e.i.t.e.n.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.B.i.t.t.e. ...b.e.r.m.i.t.t.e.l.n. .S.i.e. .u.n.s. .d.i.e.s.e.n. .F.e.h.l.e.r.b.e.r.i.c.h.t. .(.%.s.).,. .u.m. .u.n.s. .z.u. .h.e.l.f.e.n.,. .d.a.s. .P.r.o.b.l.e.m. .z.u. .b.e.h.e.b.e.n. .u.n.d. .d.i.e.s.e. .S.o.f.t.w.a.r.e. .z.u. .v.e.r.b.e.s.s.e.r.n.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.a.s. .e.n.t.h...l.t. .d.i.e.s.e.r. .B.e.r.i.c.h.t.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.B.i.t.t.e. .g.e.b.e.n. .S.i.e. .u.n.s. .z.u.s...t.z.l.i.c.h.e. .I.n.f.o.r.m.a.t.i.o.n.e.n. .z.u. .d.e.m. .P.r.o.b.l.e.m. .(.e.m.p.f.o.h.l.e.n.).......Y.o.u.r.E.m.a.i.l.=.I.h.r.e. .E.m.a.i.l.-.A.d.r.e.s.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-FPN7G.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8706
Entropy (8bit):	3.418128050943717
Encrypted:	false
SSDEEP:	192:w0DiqO3rAVfZZz15oZKY/VekjYT0nOz3vt:w0Dibro770Zat
MD5:	7946240B3F0A4F4690A606E99D033D80
SHA1:	3F1EED3D945155BB9805D3D8A7AB8AB46AEF93E5
SHA-256:	668861ED83446DDD88A52D1DA75B26F81FBBFBD28BEF799DFFD81545B6620929
SHA-512:	6D185ABEF33B9DBEE082161DD0C9DC85D85A23641EA87D02A998B45A9CF9D4E11F5844611A337ADE63BD71D5F8DB436B9A0080B402ACEA7370D63173F5AF79F2
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.D.a.v.i.d.e. .Z.a.c.c.a.n.t.i. .-. .Z.a.k.S.o.f.t.......A.u.t.h.o.r.E.m.a.i.l.=.t.e.c.h.s.u.p.p.o.r.t.@.z.a.k.s.o.f.t...c.o.m.....L.a.n.g.u.a.g.e.=.I.t.a.l.i.a.n.o.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.S.e.g.n.a.l.a.z.i.o.n.e. .e.r.r.o.r.i.....H.e.a.d.e.r.T.e.x.t.=.%.s. .s.i. ... .i.n.t.e.r.r.o.t.t.o.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.I.n.v.i.a.n.d.o.c.i. .q.u.e.s.t.a. .s.e.g.n.a.l.a.z.i.o.n.e. .(.%.s.). .c.i. .a.i.u.t.e.r.e.t.e. .a. .m.i.g.l.i.o.r.a.r.e. .i.l. .p.r.o.g.r.a.m.m.a. .e.d. .a. .c.o.r.r.e.g.g.e.r.e. .q.u.e.s.t.i. .e.r.r.o.r.i.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o.s.a. .c.o.n.t.i.e.n.e. .l.a. .s.e.g.n.a.l.a.z.i.o.n.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.r.n.i.s.c.i. .i.n.f.o.r.m.a.z.i.o.n.i. .a.g.g.i.u.n.t.i.v.e. .(.r.a.c.c.o.m.a.n.d.a.t.o.).......Y.o.u.r.E.m.a.i.l.=.L.a. .t.u.a. .e.-.m.a.i.l.:.....D.e.s.c.r.i.b.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-GC7SG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9340
Entropy (8bit):	3.451418069049947
Encrypted:	false
SSDEEP:	192:w0Zfj6VP8dYFdYJ2Tgk4OzuNfPDCPnymnTMcDPETUTH+iJQV:w0Zb6VP8aFaNOzuNnDUjWYCoe
MD5:	733051CB5BF0A0E194C171380884328A
SHA1:	CD3106376F42E9E30F02F11D60DD7636DC81E944
SHA-256:	8837AAAC9D6071256514C7B9BC7DFC87F485036403C29DB778B3CBE6DF7C7D89
SHA-512:	B136BAA49EB8B4636DD29403E19991DA5FA027F849EEF16EC9BD6E4B51E04C4254F566E5EC36E0FCA97F809B8AC2B2041D82DD0631EE910FFBF7D6184C4352B3
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.F.r.a.n...a.i.s.e. .(.F.r.e.n.c.h.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .a. .c.e.s.s... .d.e. .f.o.n.c.t.i.o.n.n.e.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.S.'.i.l. .v.o.u.s. .p.l.a...t. .e.n.v.o.y.e.z.-.n.o.u.s. .c.e. .r.a.p.p.o.r.t. .d.'.e.r.r.e.u.r. .(.%.s.). .p.o.u.r. .a.i.d.e.r. ... .r...s.o.u.d.r.e. .l.e. .p.r.o.b.l...m.e. .e.t. .a.m...l.i.o.r.e.r. .c.e. .l.o.g.i.c.i.e.l.....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.Q.u.e. .c.o.n.t.i.e.n.t. .c.e. .r.a.p.p.o.r.t. .?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.u.r.n.i.r. .d.e.s. .i.n.f.o.r.m.a.t.i.o.n.s. .s.u.p.p.l...m.e.n.t.a.i.r.e.s. .s.u.r. .l.e. .p.r.o.b.l...m.e. .(.r.e.c.o.m.m.a.n.d...).......Y.o.u.r.E.m.a.i.l.=.V.o.t.r.e. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D...c.r.i.v.e.z.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-HSQHC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6218
Entropy (8bit):	4.911207792201517
Encrypted:	false
SSDEEP:	96:rswlzaDKEOLXtRkh//gEMKM7vszf+OW0004AMwkqsVMfYZTkiut2:w+5XoXM1IhW0001O
MD5:	BA8EB6172962837D3C32D1800A33049B
SHA1:	77C7328D3873092AF2C8A36B29B8A427A4FFD059
SHA-256:	F88BCBA711B9D014DD028FFF3D22FF6C67E094D7263D0F90F34252C3A0F9B381
SHA-512:	E14E663A6505B547639C1AC46BAC84543D5A10B31E9021E6BE808DF524E0ACC74CEB138339ED100E24B4F095AB33216AF6AF1E59EE0728457E47FAF521FD948D
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.... .(.K.o.r.e.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.$.X. ..........H.e.a.d.e.r.T.e.x.t.=.%.s.t.(...). ....D. .H.......S.u.b.H.e.a.d.e.r.T.e.x.t.=.8...\|. .....X.. .t. .........\|. ... .X.0. ...t. .t. .$.X. ......(.%.s.).\|. ..... .......$.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.t. ......... .4...t. ...h..... ......?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.8..... ...\. ..... .....\|. ...%.t. .......$.(.....).......Y.o.u.r.E.m.a.i.l.=...X.X. .... .T.\|.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.$.X. ..... ... .4...D. .X.. ........ ..... ... .t. .......$.......M.y.C.o.n.s.e.n.t.=.. ..... .....0.. ...\|. ...t.t. ...X... ...... .....D. ... .L.. ...<.p. ...x. ..... ..... .).h... ..X.X.. ...<.\. .....).........M.y.C.o.n.s.e.n.t.2.=.. ..... .....0.. ...\|. ...t.t. ...X...

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-LEDT9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8286
Entropy (8bit):	3.737493027902729
Encrypted:	false
SSDEEP:	192:wMLEp1uveWEPzzGA0xKuxBn8ge863B+npfG:w+Ep1uvezrzGxM88ge863B+1G
MD5:	B6AC6EB650D062D043CF4030196B9798
SHA1:	CC43EA49FE9C007494A1EC1D9AC086CC2DDA6CC6
SHA-256:	8D96400D7159C90D7CE290006790399AC2100080D7280134E7371CC1DB011970
SHA-512:	A8110FF38A36E1D4DAA392209EBB497BB041332F0125FB30FA1D9EE775F34925D2A704A5FEE594739AE0909F34DFC06448884A6A3B926C88362B3B98042686DE
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.P.e.r.t. .P.y.t.e.l.k.a.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.C.z.e.c.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.H.l...a.e.n... .c.h.y.b.y.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.Y.e.s.t.a.l. .p.r.a.c.o.v.a.t.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.Z.a.a.l.e.t.e. .n...m. .p.r.o.s...m. .h.l...a.e.n... .o. .c.h.y.b... .(.%.s.).,. .p.o.m.o.~.e.t.e. .n...m. .t...m. .z.l.e.p.a.i.t. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.C.o. .t.a.t.o. .z.p.r...v.a. .o.b.s.a.h.u.j.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.o.s.k.y.t.n.o.u.t. .d.a.l.a... .i.n.f.o.r.m.a.c.e. .o. .c.h.y.b... .(.d.o.p.o.r.u...e.n.o.).......Y.o.u.r.E.m.a.i.l.=.V...a. .e.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.P.o.p.i.a.t.e. .n...k.o.l.i.k.a. .s.l.o.v.y.,. .c.o. .j.s.t.e. .d...l.a.l./.a.,. .k.d.y.~. .d.o.a.l.o. .k. .c.h.y.b...:.....M.y.C.o.n.s.e.n.t.=.S.t.i.s.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-M9F7B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9340
Entropy (8bit):	3.451418069049947
Encrypted:	false
SSDEEP:	192:w0Zfj6VP8dYFdYJ2Tgk4OzuNfPDCPnymnTMcDPETUTH+iJQV:w0Zb6VP8aFaNOzuNnDUjWYCoe
MD5:	733051CB5BF0A0E194C171380884328A
SHA1:	CD3106376F42E9E30F02F11D60DD7636DC81E944
SHA-256:	8837AAAC9D6071256514C7B9BC7DFC87F485036403C29DB778B3CBE6DF7C7D89
SHA-512:	B136BAA49EB8B4636DD29403E19991DA5FA027F849EEF16EC9BD6E4B51E04C4254F566E5EC36E0FCA97F809B8AC2B2041D82DD0631EE910FFBF7D6184C4352B3
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.F.r.a.n...a.i.s.e. .(.F.r.e.n.c.h.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .a. .c.e.s.s... .d.e. .f.o.n.c.t.i.o.n.n.e.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.S.'.i.l. .v.o.u.s. .p.l.a...t. .e.n.v.o.y.e.z.-.n.o.u.s. .c.e. .r.a.p.p.o.r.t. .d.'.e.r.r.e.u.r. .(.%.s.). .p.o.u.r. .a.i.d.e.r. ... .r...s.o.u.d.r.e. .l.e. .p.r.o.b.l...m.e. .e.t. .a.m...l.i.o.r.e.r. .c.e. .l.o.g.i.c.i.e.l.....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.Q.u.e. .c.o.n.t.i.e.n.t. .c.e. .r.a.p.p.o.r.t. .?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.u.r.n.i.r. .d.e.s. .i.n.f.o.r.m.a.t.i.o.n.s. .s.u.p.p.l...m.e.n.t.a.i.r.e.s. .s.u.r. .l.e. .p.r.o.b.l...m.e. .(.r.e.c.o.m.m.a.n.d...).......Y.o.u.r.E.m.a.i.l.=.V.o.t.r.e. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D...c.r.i.v.e.z.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-MHS1N.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6012
Entropy (8bit):	5.008950496948138
Encrypted:	false
SSDEEP:	96:rsdsjz2Yy5EOzwyYgZvNR/4YlfcRYsXXveLVbK6sbHBU2cwQRfgZwNMqhjlfDk+:wa8H2y6jkwon/k+
MD5:	734EDE39B3C0908BBA4C4DFD4D94CCFB
SHA1:	79BF0855227E8F30C5C8374A60B24BA6FC631BF0
SHA-256:	E5E774D8EA8EE657A8E25E0F90F0FA18DB40BDADBD47A6939473557508D8A7A6
SHA-512:	2EF962E808EA8F58CAA29937AD4684D115AA9A21D56FFEF70351EDB517712CBCF58608F8EADCBB4696E43410273B8CCB6ADB26663F541345E59C98733508BAC0
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.D.a.v.i.d. .M... .C.o.t.t.e.r.,. .d.e.v.i.l...t.a.m.a.c.h.a.n.....A.u.t.h.o.r.E.m.a.i.l.=.d.a.v.e.@.k.j.a.m.s...c.o.m.,. .d.e.v.i.l...t.a.m.a.c.h.a.n.@.g.m.a.i.l...c.o.m.....L.a.n.g.u.a.g.e.=.J.a.p.a.n.e.s.e.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=..0.0.0.0.0.0.0....H.e.a.d.e.r.T.e.x.t.=.%.s. .o0.R\O.0\PbkW0~0W0_0.0....S.u.b.H.e.a.d.e.r.T.e.x.t.=.S0n0.0.0.0.0.0.0n0OUL..0.OckW0.09e.UY0.0_0.0k0.0.0.0.0.0.0.0.0 .(.%.s.). ..0...OW0f0O0`0U0D0.0....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.S0n0.0.0.0.0k0o0UOL0+T~0.0~0Y0K0?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.OUL.k0..Y0.0...R.`1X.0eQ.RW0f0O0`0U0D0 .(..chY)..0....Y.o.u.r.E.m.a.i.l.=.J0.[.in0.0.0.0.0.0.0.0:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=..0.0W0Q0.0p0.0.0.0.vMRn0.d\O.0!\|Tok0...fW0f0O0`0U0D0 .:.....M.y.C.o.n.s.e.n.t.=.[..0.0.0.0...O]. ..0.0.0.0.bY0S0h0k0.0c0f0.0x..bW0_0.0.0.0.0n0.Q.[k0.\|..W0f0D0.0S0

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-N2LQP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9490
Entropy (8bit):	3.4273353891983014
Encrypted:	false
SSDEEP:	96:rswy4K+rEOZAsqa+M6N0bhexWHG9l8rXhF3Urjo6hQgCwZuO1MSc+36FNL00Z828:wF4K+KBl8P9mBULe
MD5:	0871AABBB223D0FB55540FE7ACBC51CF
SHA1:	085476DFE9B8F75A11399008E4AD6E931C3505D5
SHA-256:	90AA62BAA98F460F4911C1D7794E54B1697C524A82229C62F632627A9339EDBA
SHA-512:	FECF554978ACD9E5A03FE7BD987DB75190B5759275867B6119E95581A09F0ADA68CA30BD07BED91C46D80683B4A8E412721FCBF776DDEEB5AD655804A6EC0699
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.s.p.a...o.l. .(.S.p.a.n.i.s.h.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.I.n.f.o.r.m.e. .d.e. .e.r.r.o.r.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a. .d.e.j.a.d.o. .d.e. .f.u.n.c.i.o.n.a.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.o.r. .f.a.v.o.r. .e.n.v...e.n.o.s. .e.s.t.e. .i.n.f.o.r.m.e. .d.e. .e.r.r.o.r.e.s. .(.%.s.). .p.a.r.a. .a.y.u.d.a.r. .a. .s.o.l.u.c.i.o.n.a.r. .e.l. .p.r.o.b.l.e.m.a. .y. .m.e.j.o.r.a.r. .e.l. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...Q.u... .c.o.n.t.i.e.n.e. .e.s.t.e. .i.n.f.o.r.m.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.p.o.r.c.i.o.n.e. .i.n.f.o.r.m.a.c.i...n. .a.d.i.c.i.o.n.a.l. .a.c.e.r.c.a. .d.e.l. .p.r.o.b.l.e.m.a. .(.r.e.c.o.m.e.n.d.a.d.o.).......Y.o.u.r.E.m.a.i.l.=.S.u. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.a. .e.n. .p.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-PT0C2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5194
Entropy (8bit):	4.934990217399529
Encrypted:	false
SSDEEP:	96:rs49VxEOEQbecIBPPF+ZmsDoV0LB6W8lcJELyKBKR1TxZTkiut2:wOIQG+Zzk0L38lUwy
MD5:	4CA209C131119E28C581447D10F5F9DB
SHA1:	9F49C9C89E0A7149A8F3A9451A58D6D5EBED05C4
SHA-256:	EB3DD1604138B82F9BA13A180D71E513599D201B4A6EABA814179D12BFE97ABB
SHA-512:	CB0F404D8D9044FA92F15FCADBAFCC3BDE75C7BA33DD58E26B2FCE7656847F757F7F2947F52D587205544FFCF0B29C05865350E98D4F6840A657B787D0E02701
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].........A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=..{SO-N.e .(.C.h.i.n.e.s.e.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.............[.M.a.i.n.D.l.g.].........D.l.g.C.a.p.t.i.o.n.=....bJT....H.e.a.d.e.r.T.e.x.t.=.%.s. ..]\Pbk.]\O....S.u.b.H.e.a.d.e.r.T.e.x.t.=....\,g...bJT(.%.s.)..S...~.b.N...^.R.b.N.Q....T9e.U,go..N.0....W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=..bJT.S+T.T.N.Q.[......P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=..c.O.f.YsQ.N@b.Q.s...v.Oo`...^.....0....Y.o.u.r.E.m.a.i.l.=..`.v5uP[...N0W@W......D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=....{.w.c...Q.s....e.`ck(W.L..v.d\O......M.y.C.o.n.s.e.n.t.=..c.N. .S...bJT. .c....sSnx...b.q.`.bJT.Q.[.N.c.S.0...y?eV{.0ag>k.0....M.y.C.o.n.s.e.n.t.2.=..c.N. .S...bJT. .c....sSnx...b.q.`.bJT.Q.[.0....P.r.i.v.a.c.y.P.o.l.i.c.y.=..0...y?eV{.0....I.n.v.a.l.i.d.E.m.a.i.l.C.a.p.t.i.o.n.=..eHe.v5uP[...N0W@W .....I.n.v.a.l.i.d.E.m.a.i.l.T.e.x.t.=....c.O.gHe.v5uP[

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-Q60U2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8514
Entropy (8bit):	3.6760387725466406
Encrypted:	false
SSDEEP:	192:w4C/vhOSsOClqGbpa1PPzfBqZBQKYcgtHAOQsOSRfPja:wl/pOSsOsqGbMdPbBoBOgOQsOSRfPja
MD5:	2F97D087B9D2B9A04325F54D0BC65235
SHA1:	770BD8B419D1D7614D8FE7F7523060F8B8AFEF2C
SHA-256:	4CF9914EDE1297C37BB194C65729D44BC9C48C0434F566E80185FA9EB86D0EBD
SHA-512:	0D917DE5D20BF1F0FAA4DAC30FAABD0B7BFF36787443B0A089905B9C3C7399E059B507E76DE0A53E85A3D713711EFB61AE36BC95F2BD7FA03B6B8E80BB585098
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.Z.o.l.t.a.n. .T.i.r.i.n.d.a.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.S.l.o.v.a.k.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.H.l...s.e.n.i.e. .o. .c.h.y.b.e.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.r.e.s.t.a.l. .p.r.a.c.o.v.a.e.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.Z.a.a.l.i.t.e. .n...m. .p.r.o.s...m. .t...t.o. .c.h.y.b.o.v... .s.p.r...v.u. .(.%.s.).,. .d.o.p.o.m...~.e.t.e. .t...m. .k. .v.y.r.i.e.a.e.n.i.u. .p.r.o.b.l.e.m.u. .a. .a.j. .k. .z.l.e.p.a.e.n.i.u. .s.o.f.t.v...r.u.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...o. .t...t.o. .s.p.r...v.a. .o.b.s.a.h.u.j.e.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.o.s.k.y.t.n...e. ...a.l.a.i.e. .i.n.f.o.r.m...c.i.e. .o. .p.r.o.b.l...m.e. .(.o.d.p.o.r.....a. .s.a.).......Y.o.u.r.E.m.a.i.l.=.V...a. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.P.o.p...a.t.e. .n.i.e.k.o.>.k...m.i. .s.l.o.v.a.m.i.,. ...o. .

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-QDAKE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8322
Entropy (8bit):	4.353613255564818
Encrypted:	false
SSDEEP:	192:wFGk8sWYOcdCjdvZHxCSQGKgrFvPDV/V0feOWwyldbtdaJLNJQN:wFGk8snOcdCjdvZHxCSDKmFvLV0eJwyf
MD5:	80F518D5E437F08859716F164E3DC503
SHA1:	1277A14A7978168A7EFD6BFA779C124E37AA3FE8
SHA-256:	84AE05D640D8F05D6C9C97194734E0CB54AD74661EBA12076225D74EB11FE85E
SHA-512:	5D0718A9D4A60680811BADF291EE7DE702853831D950EAE32825ADD2E80E8D54DE26B47B011A725BCDEA8CFAA44C4D0EAF3E7ABBC81CA24C8C0A0570CADEA64D
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.9.?.(.M.&.@. .(.H.i.n.d.i.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.$.M.0.A...?. .0.?..K.0.M.......H.e.a.d.e.r.T.e.x.t.=.%.s. ...>... .,...&. ...0. .&.?./.>. .../.>. .9.H.....S.u.b.H.e.a.d.e.r.T.e.x.t.=...C../.>. .9...G... ...8. .$.M.0.A...?. .(.%.s.). .0.?..K.0.M... ...0.(.G. ...G. .2.?... ...&.&. .8...8.M./.>. ...K. . .@... ...0.(.G. ...0. ...8. .8.I.+.M...5.G./.0. ...G... .8.A.'.>.0. .-.G...G.........W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=...8. .0.?..K.0.M... ...K. ...M./.>. .6.>...?.2. .9.H.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.8...8.M./.>. ...G. .,.>.0.G. ...G... ...$.?.0.?...M.$. ...>.(...>.0.@. ..M.0.&.>.(. ...0.G... .(...(.A.6...8.?.$.).......Y.o.u.r.E.m.a.i.l.=......>. .....G.2.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=...A... .6.,.M.&.K... ...K. ...*. ...M./.>. ...0. .0.9.G. .%.G.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-TDM5E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8998
Entropy (8bit):	3.4597037095028043
Encrypted:	false
SSDEEP:	96:rswS1Cyet/EOzItdnEudNGedEVsLahUUMeJnL+67RJpx0MGg7/ynU/LcoTVZr/cW:wxCyhf8L+cyMLcoBFKOj+I
MD5:	5B42EDF21C241F237C407BF42803A8A6
SHA1:	A28B2520476D0E9FABB6DB143F42DD31F677E02F
SHA-256:	444F8659317ABADB97626385615C65CCBAAE846D6ECC58966829071518512CF9
SHA-512:	0663753E724FF4E80DC2379F412B8999985B34EE3152B334E2A1E2D0D932B1EE1C4B297A266F1A142D0C68640639AB2BE17BBFF20672DE2B794C260321B29D71
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.P.o.r.t.u.g.u...s. .(.P.o.r.t.u.g.u.e.s.e.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.R.e.p.o.r.t.a.r. .e.r.r.o.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.a.r.o.u. .d.e. .f.u.n.c.i.o.n.a.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.E.n.v.i.e.-.n.o.s. .e.s.t.e. .r.e.l.a.t...r.i.o. .d.e. .e.r.r.o. .(.%.s.). .p.a.r.a. .a.j.u.d.a.r. .a. .c.o.r.r.i.g.i.r. .o. .p.r.o.b.l.e.m.a. .e. .m.e.l.h.o.r.a.r. .o. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.O. .q.u.e. .e.s.t.e. .r.e.l.a.t...r.i.o. .c.o.n.t...m.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.r.n.e...a. .i.n.f.o.r.m.a.....e.s. .a.d.i.c.i.o.n.a.i.s. .s.o.b.r.e. .o. .p.r.o.b.l.e.m.a. .(.r.e.c.o.m.e.n.d.a.d.o.).......Y.o.u.r.E.m.a.i.l.=.S.e.u. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.e.v.a. .e.m. .p.o.u.c.a.s. .p.a.l.a.v.r.a.s. .o. .q.u.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-TMCVL.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8214
Entropy (8bit):	3.46410018464503
Encrypted:	false
SSDEEP:	96:rsw6o2KPZEOTWSucfgjfJpkiZJpkiVxoVrOSBngI3NnS0FivuiLugXeTmZ4dIc8k:wlo2K/uKFVVgOgncoW
MD5:	771DA39B527E886A247A0C0A33FFB715
SHA1:	CB762ABE50294A08A7823C246E02CD9347555B49
SHA-256:	763F0FE5AF80055827FB2563AF696BD1452C39BE080720AB483D0CE6AC36EE92
SHA-512:	628382CF8A6035275B48D6FF3CF0DC17C2B61F65E4EF0F138990A09FD0CF09A4F821E2CB5780A3FDDB49A01E3F6AF1F379ED44BEF290D39B0D04D5E110B7D9A5
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-TSN75.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	9150
Entropy (8bit):	3.4945763167127226
Encrypted:	false
SSDEEP:	96:rsw6KEFzpEOfykDiY8E1VwyS5mYFDMdaCF4wvXT4trYy9CwjewTs0Rj0DyfmEW/U:wtKsD5OFgD4E4xt0wVYZyfYK1
MD5:	088F56F41CAE74E6C399FAD788829B93
SHA1:	59E3C6542B92ECF5A63CB9BCA529823498721437
SHA-256:	562B71D6B0340D8F5D881198A164FA857A646F4E43D01C76270A71D65588E605
SHA-512:	9A95E2C09AEEF76B55B9021D151A5914802D0A5E7E17DA6128D5165FA8F338ECF5BD38CD056A43A3041C1893299FD0002186B756245A4534FE7752C5D9E03BDC
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.D.e.u.t.s.c.h. .(.G.e.r.m.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.F.e.h.l.e.r.b.e.r.i.c.h.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.t. .a.u.f.g.e.h...r.t. .z.u. .a.r.b.e.i.t.e.n.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.B.i.t.t.e. ...b.e.r.m.i.t.t.e.l.n. .S.i.e. .u.n.s. .d.i.e.s.e.n. .F.e.h.l.e.r.b.e.r.i.c.h.t. .(.%.s.).,. .u.m. .u.n.s. .z.u. .h.e.l.f.e.n.,. .d.a.s. .P.r.o.b.l.e.m. .z.u. .b.e.h.e.b.e.n. .u.n.d. .d.i.e.s.e. .S.o.f.t.w.a.r.e. .z.u. .v.e.r.b.e.s.s.e.r.n.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.a.s. .e.n.t.h...l.t. .d.i.e.s.e.r. .B.e.r.i.c.h.t.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.B.i.t.t.e. .g.e.b.e.n. .S.i.e. .u.n.s. .z.u.s...t.z.l.i.c.h.e. .I.n.f.o.r.m.a.t.i.o.n.e.n. .z.u. .d.e.m. .P.r.o.b.l.e.m. .(.e.m.p.f.o.h.l.e.n.).......Y.o.u.r.E.m.a.i.l.=.I.h.r.e. .E.m.a.i.l.-.A.d.r.e.s.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-UA69A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8632
Entropy (8bit):	4.307855702994277
Encrypted:	false
SSDEEP:	96:rswBarEOKEiiYi3x+XHARPSlcNFbP8fowiOxJYzHxhEjK6qM9zprAiKqDxG6ZO1w:wONQ8CbFoAhEFjK6qyzpr9IM7
MD5:	7133F35C69E84C9BFF0899DAD8B36C07
SHA1:	9B71C69D46A9436E3E1C3A7E6517508668162CB4
SHA-256:	AA3B6F6245B27E2D58D3C164264AF853FE6E718BB03D1C6F77B159616C768CEB
SHA-512:	9DBBB09646F74F9DBBC32169489E48CD3801BC00A78566A6CD5DCBC47C33EEC5141C9AF56FF226EEEF3A85FD3B3474C05CA60E2912F040F0DACD5E83F25B1E3F
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=. .C.A.A.:.8.9. .(.R.u.s.s.i.a.n.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=...B.G.5.B. .>.1. .>.H.8.1.:.5.....H.e.a.d.e.r.T.e.x.t.=.%.s. .?.@.5.:.@.0.B.8.;. .@.0.1.>.B.C.....S.u.b.H.e.a.d.e.r.T.e.x.t.=...>.6.0.;.C.9.A.B.0.,. .>.B.?.@.0.2.L.B.5. .=.0.<. .M.B.>.B. .>.B.G.5.B. .(.@.0.7.<.5.@. .%.s.).,. .G.B.>.1.K. .?.>.<.>.G.L. .8.A.?.@.0.2.8.B.L. .>.H.8.1.:.C.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.'.B.>. .A.>.4.5.@.6.8.B.A.O. .2. .>.B.G.5.B.5.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=...@.5.4.>.A.B.0.2.8.B.L. .4.>.?.>.;.=.8.B.5.;.L.=.K.5. .A.2.5.4.5.=.8.O. .(.@.5.:.>.<.5.=.4.C.5.B.A.O.).....Y.o.u.r.E.m.a.i.l.=...0.H. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=...?.8.H.8.B.5. .2. .=.5.A.:.>.;.L.:.8.E. .A.;.>.2.0.E.,. .:.0.:.8.5. .4.5.9.A.B.2.8.O. .?.@.8.2.5.;.8. .:. .>.H.8.1.:.5.:.....M.

C:\Program Files\FlashIntegro\VideoEditor\Tools\Localizations\is-VJVTV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	8998
Entropy (8bit):	3.4597037095028043
Encrypted:	false
SSDEEP:	96:rswS1Cyet/EOzItdnEudNGedEVsLahUUMeJnL+67RJpx0MGg7/ynU/LcoTVZr/cW:wxCyhf8L+cyMLcoBFKOj+I
MD5:	5B42EDF21C241F237C407BF42803A8A6
SHA1:	A28B2520476D0E9FABB6DB143F42DD31F677E02F
SHA-256:	444F8659317ABADB97626385615C65CCBAAE846D6ECC58966829071518512CF9
SHA-512:	0663753E724FF4E80DC2379F412B8999985B34EE3152B334E2A1E2D0D932B1EE1C4B297A266F1A142D0C68640639AB2BE17BBFF20672DE2B794C260321B29D71
Malicious:	false
Reputation:	low
Preview:	..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.P.o.r.t.u.g.u...s. .(.P.o.r.t.u.g.u.e.s.e.).....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.R.e.p.o.r.t.a.r. .e.r.r.o.....H.e.a.d.e.r.T.e.x.t.=.%.s. .p.a.r.o.u. .d.e. .f.u.n.c.i.o.n.a.r.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.E.n.v.i.e.-.n.o.s. .e.s.t.e. .r.e.l.a.t...r.i.o. .d.e. .e.r.r.o. .(.%.s.). .p.a.r.a. .a.j.u.d.a.r. .a. .c.o.r.r.i.g.i.r. .o. .p.r.o.b.l.e.m.a. .e. .m.e.l.h.o.r.a.r. .o. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.O. .q.u.e. .e.s.t.e. .r.e.l.a.t...r.i.o. .c.o.n.t...m.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.F.o.r.n.e...a. .i.n.f.o.r.m.a.....e.s. .a.d.i.c.i.o.n.a.i.s. .s.o.b.r.e. .o. .p.r.o.b.l.e.m.a. .(.r.e.c.o.m.e.n.d.a.d.o.).......Y.o.u.r.E.m.a.i.l.=.S.e.u. .E.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.e.v.a. .e.m. .p.o.u.c.a.s. .p.a.l.a.v.r.a.s. .o. .q.u.

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-05DK1.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	77312
Entropy (8bit):	5.949116783185662
Encrypted:	false
SSDEEP:	1536:MdeOokSKXoVZAxAHPJaReWDFDXEhQTMIVrCuM:MDCZAxKaRihQTM7
MD5:	74D51C229D699F4454ED569B31CA52AB
SHA1:	9C003787D4D37D49DBECF681A4383F720D644368
SHA-256:	6257771F2C5CDBE1DFE61867D40078142B22EF9E66C6A4F584A429AF70EC60DC
SHA-512:	C49DFB18334962D80B1E7B1B5915345FC0A3A9FA551DA805E107D83FD089A8EC963FE0956DF22644A5A5DBE60971F45B086900BBC67C7FC0A4C4F3B98E389C4D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..$...........B... ...`....... ...............................=....`.................................[B..O....`..............................pA..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H.......l........................@........................................{......(......-..(.....(....+..}.....{....(....-..{....( ...&....0..c.......r...p(!.....("...-..r...p(!.....("...-0r...p(!.....("...,..r7..prE..p(#.....rQ..p(....r{..ps$...z..0..K........("...,.r...ps%...z(&.........o'.....{..........((...(....(.....()...~......0..C........("...,.r...ps%...z.{..........((...(....(......(...,..(+...~....*..0..x........("...,.r...ps%...zs,.....{..........((...(....(

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-0O32B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	700336
Entropy (8bit):	5.9289057284451445
Encrypted:	false
SSDEEP:	12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
MD5:	6815034209687816D8CF401877EC8133
SHA1:	1248142EB45EED3BEB0D9A2D3B8BED5FE2569B10
SHA-256:	7F912B28A07C226E0BE3ACFB2F57F050538ABA0100FA1F0BF2C39F1A1F1DA814
SHA-512:	3398094CE429AB5DCDECF2AD04803230669BB4ACCAEF7083992E9B87AFAC55841BA8DEF2A5168358BD17E60799E55D076B0E5CA44C86B9E6C91150D3DC37C721
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................f....`.....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(......(....^.(...........%...}....:.(......}....:.(......}......(....:.(......}......{......(......(....:.(......}......{.....(.............}.....(......{.....X.....}......0...........-.~.....~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z.....{\.......-.....0...........-.r...ps....z.o......-.~....*.~....X...+....b..

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-18751.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	10911
Entropy (8bit):	5.269029177798379
Encrypted:	false
SSDEEP:	96:xWLwOhoyTVnDXBriOR1C5tIeDSyMlk0kekrAkx1k2PCxkj3fkk+ikcwkXgksXIkU:oRLrZ05tIeCWRfrVk2KaIk0clX1s9reZ
MD5:	6B904507A20B700F246303EE0FCC2642
SHA1:	37C1EA0039CF5C6362778DE067C5833E21BC912D
SHA-256:	0F6A1E16BB54F071287C2D576F5D6EBFC8C896EB65AA1E40C090992648902C19
SHA-512:	FB97AAB78FE319D676B37B1FCEF4AB6E1C169482B615D6DA1DA46A62BE2FC71AAB97F9D45BC0BD6DD70290451F5134579AB325F36C3FB1C06306FD9F19CD5DF9
Malicious:	false
Reputation:	low
Preview:	.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="YouTubeUploader.exe" version="1.0.0.24" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" type="win32" />.. <description asmv2:iconFile="ytup_vsdc.ico" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <application />.. <entryPoint>.. <assemblyIdentity name="YouTubeUploader" version="1.0.0.0" publicKeyToken="1580E747634FA303" language="neutral" processorArchitecture="msil" />.. <

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-3G6AI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	590632
Entropy (8bit):	6.463330275333709
Encrypted:	false
SSDEEP:	12288:Mt8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3Ho/:MCMm9pyp35bQEKZm+jWodEExg
MD5:	E74CAF5D94AA08D046A44ED6ED84A3C5
SHA1:	ED9F696FA0902A7C16B257DA9B22FB605B72B12E
SHA-256:	3DEDEF76C87DB736C005D06A8E0D084204B836AF361A6BD2EE4651D9C45675E8
SHA-512:	D3128587BC8D62E4D53F8B5F95EB687BC117A6D5678C08DC6B59B72EA9178A7FD6AE8FAA9094D21977C406739D6C38A440134C1C1F6F9A44809E80D162723254
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n..............w.(...#...<........../.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;......(A......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9HOFC.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	337696
Entropy (8bit):	6.010310833200254
Encrypted:	false
SSDEEP:	3072:uMCZbDoSbwlSCpYQfj+f1D0I/esAjznECGJGSuyuMiQdqyHGxRCcXYJ7q5g03Lbh:uCXSUYQeisA3EJnkgCbDmgpbPSNA
MD5:	9FF7C9FF349B13430FD4575556ED3A15
SHA1:	CED03401B3FFA7BF372B6E7B9CE3D6856D646373
SHA-256:	C04C348CF3CB28A550ADC72D40F7473D03F1EAC63F3B945A6A56C476265295A7
SHA-512:	CB656E556EC12CE5A8979C69C777ABC83B5E8023E90F7A0DC206FEF9DF8C04B96B70CCBCE4F563265392E313AE6E4C4DC2E5A2FDFACA32AB0E167E45C7581374
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.M...#...#...#.....#..."...#...&...#...'...#... ...#......#...".l.#...*...#...#...#......#...!...#.Rich..#.........PE..d...T:.^.........." .........f......P~.......................................0......M.....`A.............................................>..d...,................ ...... A..........`...T...............................0............................................text...V........................... ..`.rdata...v.......x..................@..@.data...(.... ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-9UITF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	44328
Entropy (8bit):	6.631745572973897
Encrypted:	false
SSDEEP:	768:uJnUUV7xPg4RdPvv1DHkhhFAWN6srByiYzC:uaY7XN7Ih4CIiYzC
MD5:	21AE0D0CFE9AB13F266AD7CD683296BE
SHA1:	F13878738F2932C56E07AA3C6325E4E19D64AE9F
SHA-256:	7B8F70DD3BDAE110E61823D1CA6FD8955A5617119F5405CDD6B14CAD3656DFC7
SHA-512:	6B2C7CE0FE32FAFFB68510BF8AE1B61AF79B2D8A2D1B633CEBA3A8E6A668A4F5179BB836C550ECAC495B0FC413DF5FE706CD6F42E93EB082A6C68E770339A77C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..j...j...j....l.h....y..h...cq..a...j...[....y..o....y..m....y..p....y..k....y\|.k....y..k...Richj...................PE..d...Q8.^.........." .....:...4......pA....................................................`A........................................Pk.......k..x....................l..(A......8...(b..T............................b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-BKS6A.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	7984800
Entropy (8bit):	6.272041525985463
Encrypted:	false
SSDEEP:	98304:JF48l22uzwexC2Dl2ns4mjYhOWz03Eqk9iPUXnq1yXDcY9Ji:JF5229exRKmHExAIi
MD5:	F133260D9835F52E985CBC1AEB5F8B7B
SHA1:	B2F18BB79D9BB8D2F7773336BFC6C57FCBE27F5B
SHA-256:	FBFF63D151A2BCC73023B3E1424D1E4A85B90AFFCF4ECF67C3FBC89742943A42
SHA-512:	081081B5F2EA8B5160E9566EE40136983EDA3256AE306CE69BA608055EEE5761E279FCFB30CFCB3179B8EDCBFF477D73D4B23F1F60ED6AFAC211E2FBF022B84A
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d......^.........." .....`R..T'.....0.Q.......@...............................z.....O.y.............................. ................[.......Z.TK...`d..n...._..e....y.......\..]....................................................[......@[.^....................text...._R......`R................. ..`.data.......pR......dR.............@....bss......... Z..........................idata..TK....Z..L....Z.............@....didata.^....@[......ZZ.............@....edata........[.......Z.............@..@.rdata..E.....\.......[.............@..@.reloc...]....\..^....[.............@..B.pdata...e...._..f....^.............@..@.rsrc....n...`d..n...Jc.............@..@..............z.......y.............@..@........................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-C5B5H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	293888
Entropy (8bit):	5.919342875264611
Encrypted:	false
SSDEEP:	6144:JONxsGWqOztd+EJfOoFlklv0B607hv3yvo41wfrnlsjWqsZbrn:JOyzyv0Auhf5ijnIbrn
MD5:	C57E88DA49C4F14F297AFCE389038A56
SHA1:	E069A2DF5FAC10CCB3FEA99A8F480D16FDEF7C0B
SHA-256:	8976A4E668D6A1B6D99DD2EF0F07958814A46181AAFECF1717EA2670A3A1323F
SHA-512:	73E0485ACB90D7734CEDEAE4AC60FAB800DC2531036CAF7F1A5BC4DA9305F6AB35A3B6413E6B9EAF5B7538C69719723EA8BED7EF50D9256D2338231959ED541A
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..l..........6.... ........... ..............................".....`....................................O.......................................T............................................ ............... ..H............text...<j... ...l.................. ..`.rsrc................n..............@..@.reloc...............z..............@..B........................H...............................`.......................................2.s....(........0..X.........(......s6...}......s9...}......sA...}......sD...}......sI...}......sL...}......sP...}......sW...}......sY...}......s[...}......s]...}......se...}......sh...}......sl...}......sp...}......su...}......sw...}......sy...}......s~...}......s....}......s....}......s....}......s....}......s....}......s....}......s....}......s....}......s....}.......(....r...pB.(....%-.&r...p*.r_.

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-EL74B.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143760
Entropy (8bit):	5.776690215232214
Encrypted:	false
SSDEEP:	1536:Mw06qVXJQ5BnRu3EUBrC1GO/BrIUOiNOcmreFIGd7Vpu0t:MtQ5BTdMUFIUOiNOcmreFIGJS0t
MD5:	F8E682A9335817ECFD070AB0E55E82B3
SHA1:	4D46998D7B55E2DECDBD8AB1FFF7BD4BA4D99335
SHA-256:	2E6D53B7D24228214225DCFE9680BD161CBD2B7B02F6015E4DC7437AEDBBF1D5
SHA-512:	C6EE82235FBA46340264B7F074F50A7A64D0921425C1521EE540BD0E3AF5A782319834191CE4AAB3054C95C0924A8858BC9D17D915313A111A5EA8987CD400B1
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................`..................................o..D......D....D......d...D....Rich..........................PE..d.....E_.........." .........................................................`............`.............................................p.......\|....@...........#...........P..t.......T...........................p...0...............0............................text.............................. ..`.rdata...U.......V..................@..@.data...`...........................@....pdata...#.......$..................@..@.rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FG6LB.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	101672
Entropy (8bit):	6.566355945650465
Encrypted:	false
SSDEEP:	1536:7y6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bIB0TO:7lXfRXqQw+PHLrCZh9xecbSt
MD5:	8697C106593E93C11ADC34FAA483C4A0
SHA1:	CD080C51A97AA288CE6394D6C029C06CCB783790
SHA-256:	FF43E813785EE948A937B642B03050BB4B1C6A5E23049646B891A66F65D4C833
SHA-512:	724BBED7CE6F7506E5D0B43399FB3861DDA6457A2AD2FAFE734F8921C9A4393B480CDD8A435DBDBD188B90236CB98583D5D005E24FA80B5A0622A6322E6F3987
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... .....................................................`A........................................`1..4....9.......p.......P.......L..(A..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-FMAB2.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5442472
Entropy (8bit):	6.690558082886083
Encrypted:	false
SSDEEP:	98304:BQtUMoBdP3cz/cIjaT9QMu+pRiS80DW2eZztx:BQtUMoBdP3cz/cIGT9fu+jiJn
MD5:	CEBA44B3BB37F0377AEAB0227800F1BD
SHA1:	68559C4AAAF023705086824CC1E412BB3DC8AF70
SHA-256:	5FFAE3BCAD95F4A59A79F2BF2C25C05771D3B3E9286A07025359A76A278DE67A
SHA-512:	4163CDA32F85A08E98D167B1E2DFB8ACD91F24E916706C12F572D5C14AE4FD06121EF3609568C88A89398352B2B67547FF60C920271E6B89656A56AEEB5C60BE
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........y....................G......_.................._...........vz....................................._......_.............._.......Rich............................PE..d.....Z_..........#...........6................@..............................T.......S... ..................................................!).D.....-.xS&...+.D.....R.............`.$.......................$.(.....$.0...............X+...........................text...Y........................... ..`.rdata...h.......j..................@..@.data...0<....)..X...n).............@....pdata..D.....+....................@..@.rsrc...xS&...-..T&...,.............@..@................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-GK5DP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	568320
Entropy (8bit):	5.506246332354792
Encrypted:	false
SSDEEP:	6144:qptCWslcbyfzS/2IWuvRbyfzS/2IWuvabyfVSJ2IWfn:qptCWsymHCJmHCymXr
MD5:	E591B0F239EA01EF93CCEBD35CEDF2B8
SHA1:	272A06AD22412771902108EA4C9DBF4199C3F089
SHA-256:	1EF91736074C5EF6320BF685A9B0FEA0A6010931A67DA789D5B03DF3532450CB
SHA-512:	D1D3F9BD21F6AD60C490222C48288BDE52831B305C3696B8D2FE8BA89E8E8736BCE725D1032357793CE447FB43D27E11C17253443AB073A7E49460E14BB3491E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....v.^.........."...0.................. ... ....@.. ..............................T.....`.................................@...O.... .............................................................................. ............... ..H............text........ ...................... ..`.rsrc....... ......................@..@.reloc..............................@..B................t.......H........R..DJ..............q..........................................V.(......(......(......{...."..}......{...."..}......(....~.r...p}......}.....(.....(....*.0..q.......(.......i.1s...(....,i.{.......o.....(.....{....o....(....,..{.....{....o....(....o......i.1..{.......o......i.1..{.......o....( .....{.....o!...o.....{....o"...r...pr%..ps....o#...&.{....o"...r)..prK..ps....o#...&.{....o"...rO..pr[..ps....o#...&.{....o"...ra..pr...ps....o#...&.{....o"...r...pr...ps

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H1IE7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	31528
Entropy (8bit):	6.472533190412445
Encrypted:	false
SSDEEP:	384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
MD5:	7EE2B93A97485E6222C393BFA653926B
SHA1:	F4779CBFF235D21C386DA7276021F136CA233320
SHA-256:	BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
SHA-512:	4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D\|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-H7IP7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	218504
Entropy (8bit):	6.1736138518071355
Encrypted:	false
SSDEEP:	3072:SGYbeaxbDu8toYaO8+Bsfvj9sdkYhv1XVrwl7jm0I:ScOi2oYN8+gRKml7DI
MD5:	D201B13BAE6CA38ECD833FF55B5DB612
SHA1:	52137B4CD3E928006F47C0AA106D506FA7B6D01F
SHA-256:	96EE6583AD1D3A04A2D90CEF4879A2DB3677528C3A24311C9DF71100CDB76381
SHA-512:	1AEE1C14101C587E622B87AFBEADA162AEDAC5D917F65077FC0936DCB92EE3C12C8B157DA66C19D37BD487F73D979E59333220C7D95005CCB220F4F10510BD87
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,z.`h.h3h.h3h.h3ac.3b.h3.ki2l.h3.km2\|.h3.kl2`.h3.kk2k.h33si2m.h3h.i3..h3.jm2a.h3.jh2i.h3.j.3i.h3.jj2i.h3Richh.h3................PE..d.....E_.........." .........&...... .....................................................`......................................... ................`.......@.......:.......p......0...............................P...0............0...............................text...r........................... ..`.rdata..j....0......................@..@.data....4.......0..................@....pdata.......@......................@..@.rsrc........`.......2..............@..@.reloc.......p.......4..............@..B................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I6T9L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	119808
Entropy (8bit):	5.926088871154675
Encrypted:	false
SSDEEP:	3072:9li9p2RIveiWNOhtEeAojuhDL/M1Fl3DQsFGtuB:fiXCNKiLE/1A
MD5:	29DE07B2B4F83DFE668AACCFC3C84DC8
SHA1:	5D40C707AAAFDB0D064B327AEEC22947657A25FC
SHA-256:	4DFFF51FF9222E050536FCBDB88C8CEC6E23E55418145DDF2899843DDEBA217A
SHA-512:	FA3B44EA97F7A85C7640BCC5816F1E5C7A7DE9C29F2A4C59E2DB3B1859EC11899A0FD47358102FBE93F5491350FA4A10E67542F9DF9CB789F08CC61295E61297
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-O..........." ..0.................. ........... .......................@......\.....`.....................................O.......T.................... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...T...........................@..@.reloc....... ......................@..B........................H...........X8............................................................{......{....V.( .....}......}.......0..;........u......,/(!....{.....{....o"...,.(#....{.....{....o$..... ..f. )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X.0..X........r...p......%..{.............-.&.+.......o'....%..{.............-.&.+.......o'....((...j.sa...%.oh...%.oj...(........(.......0..Q..........}.......}.......}.......}......()...}.......}.....{.........(...+..\|....(+...*F(,....(...

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-I7CDN.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5120
Entropy (8bit):	4.019963777951865
Encrypted:	false
SSDEEP:	48:6i+lGSGnilW7tcO1M19mCnLybtPx0O5MD1cztATyDtPDi+AutDdND0x:wMnilW77U9bLybtJNxiCBL
MD5:	632A111623B8BD9D648F9EFA3CDC46F1
SHA1:	30388D0197842CF622F9487AA32A0F15A2BC99CF
SHA-256:	FDFE4255450E703BD79D633904CC00EF7BD327421EFB509D3C8129B714C34C9D
SHA-512:	A42D15348030811325A764D897D53FE7182B07F895C45861948B01D1548B599D774FF957A77F6550ECF84CF22CDC958FEF78E7C3A74A8F06B8609825C4377E82
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............^)... ...@....... ....................................`..................................)..O....@.. ....................`.......'..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B................?)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................>.....+...........V.\...%.................o.................?...................................).....1.....9.....A.....I.....Q.....Y.....a.........................#.....+.D...3.U...;.b...C.....K.....S.....[.........,.........

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LIT59.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	317224
Entropy (8bit):	6.325476680883488
Encrypted:	false
SSDEEP:	6144:6lTcrTKDDPzfM0xmNcwwY2baM739NhNN40aBqnWzgPPz:6cKHzEc/Yzz
MD5:	165E673B081CF2C90A2E63A6834ACE1E
SHA1:	544014C03FB2E91454D4BAC4934B1C44F2ED8943
SHA-256:	8BF7EFB1FA4F86DB826B79EA1D3DAA6E18019790D7B5FF58B53BFB4CAD967974
SHA-512:	BB02ED42C4AFC2AE1AD5A01D974B41C511E04964962655CF387E07FB364075A1939CB9EEA0B72BBC73F6813BE9107D650543EE1ACC3583A3A59AA8B416AF9565
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e............/.<....\|@....ct............ct.....ct.....ct......ct.....ct,....ct.....Rich....................PE..d...M8.^.........." ................p.....................................................`A........................................0....M..<................p...6......(A......l....4..T...........................p4..0............................................text...<........................... ..`.rdata...2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...N..............@..@.rsrc...............................@..@.reloc..l...........................@..B........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-LP55S.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	5.486714293488287
Encrypted:	false
SSDEEP:	1536:mokqMd2Fm6HbqvsvqvdYvRXFCZAc6hMn1vdFIzykdoJrJCKlKqWsI/KQ73WmnSE7:mokqMd2Fm6evsvqvdYvOZAc6hMn1vdFk
MD5:	0068F1CF5939866A00E649CF169EFF20
SHA1:	C3A12166C09D173B328C74D6263495CB54EC0FBD
SHA-256:	121751C1D8D8CBC5270C0A606DBCA5D714D42E18AB3E6B577FBB8D2A4A5569C5
SHA-512:	B8EE4A96B41063350A407B0651BDB8FC8B2EB3B03980FD82810D4315361CCF1902A3D9BDE47EE2F58FAD0162A838E05FB133DE977A601DBA2C006ADB06E5C72F
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...'0.U.........." ..0..6..........F-... ...`....... ...............................Q....@..................................,..O....`..............................p,............................................... ............... ..H............text....4... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............>..............@..B................'-......H..........$v...................+.......................................0...........\....../......:......$.)...%.g...(...........)...%.q...(..........$.)...%.g...(..........).)...%.w...(..........;..... ......... ......... .}.......r...p...... .)...%.v...(...........,...(....-.r...prM..ps....zrM..ps....z.0..G.........+8..o......."....<....>....\|.... /...,...?........X.+....o....2....0..N........,I..(.....o.........Y%../....o......~.......~.......~....3....X..Y.Yo....

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-MA3LK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5495728
Entropy (8bit):	6.6867734029817445
Encrypted:	false
SSDEEP:	98304:V4sMoBdP3cz/coWlhYa5xcQWGS80DW2eZztz:V4sMoBdP3cz/coWlhYAxcxGJR
MD5:	F10E84635C76FB2705FA97971482D297
SHA1:	73154895194D32B5FF269EC797DD0FD2816FF45D
SHA-256:	BD344E0F1CD9C74EF8192192265803AB8274FF0E0F6989B914732A6E16E843F4
SHA-512:	5DBC75F0935C6DA97499820F75623A2DFE55AA9C8EB8322E9DE7BB2A02E816828FA5A4746B7521789E43338B87F3FDB729BF56EFAB89BCDF8EE78626EDE5D4B3
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,{v.h...h...h...ab..\|...s...j....k..p...3r..r...h.......j..a.......i...j..C...j..b...j..l...3r..d....k......k..i...h...i....k..i...Richh...........PE..d.....Z_..........#...........7......Z.........@..............................T.......S... ...................................................).D....p..xS&...,.,.....S..............%..................... .%.(....%.0...............0,...........................text............................... ..`.rdata..............................@..@.data... >...P..Z...6.............@....pdata..,.....,.......+.............@..@.rsrc...xS&..p...T&..l-.............@..@................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-NLT24.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	184
Entropy (8bit):	4.918719857487763
Encrypted:	false
SSDEEP:	3:vFWWMNHU8LdgCQcIMOofMuQVQDURAmIRMNHjFHr0lUfEyhTRwFvREBAW4QIMOov:TMVBd1IGMfVJ7VJdfEyFRwJuAW4QIm
MD5:	C64632957C9A46B320E412D857E176C0
SHA1:	823615CC1FFA2033818AEA94781DA440662902BF
SHA-256:	16A5B2D1D7CC9914BCE73914D4D956D3BA7A2EC34E3D41E876F2E265C15D8096
SHA-512:	2B89C7953194A7ADF7EF77C98558C27F7CC968F89EDB04A7E13AB84DF7CAD1F4E23588016F01AFA2C0A4AD2768B6814E24A6342376B92DCAD48D35B8D4725C6B
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. </startup>..</configuration>..

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4EEP.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193832
Entropy (8bit):	6.592581384064209
Encrypted:	false
SSDEEP:	3072:V7vC/HAiCsJCzwneNPXU7tm1hTt8KBDal8zg/0LwhORfewlMi0JHV:VTGAtweN85m1f8KBI9wfpsJH
MD5:	937D6FF2B308A4594852B1FB3786E37F
SHA1:	5B1236B846E22DA39C7F312499731179D9EE6130
SHA-256:	261FBD00784BB828939B9B09C1931249A5C778FCEAD5B78C4B254D26CF2C201F
SHA-512:	9691509872FDB42A3C02566C10550A856D36EB0569763F309C9C4592CAF573FBB3F0B6DC9F24B32A872E2E4291E06256EAE5F2A0DEB554F9241403FD19246CAC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........94..Wg..Wg..WgVt.g..Wg..g..Wg..Sf..Wg..Tf..Wg..Vg..Wg..Vf..Wg..Rf..Wg..Wf..Wg...g..Wg..Uf..WgRich..Wg........................PE..d...W8.^.........." ................p............................................... .....`A........................................ ..................................(A...........K..T........................... L..0...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-O4TT6.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1118104
Entropy (8bit):	6.460169628466756
Encrypted:	false
SSDEEP:	24576:14oVtxz271AMD414hXWsyQEwpP3tWu3nF7elTptNCZfD:14obm1AMD24hXyQEwpPdp3nF7yTkZ
MD5:	A8405BF5F5828FAE3B745841BB0A7EF9
SHA1:	D928107BC62F8FADD40C552861F9F2CB24A9B9EE
SHA-256:	9DAF2627107318C81CA5BBA5FAE1CF2AF8C220781E003EE912E105E1EEB8504E
SHA-512:	EBA2B412B2EBE94AB4ACFCDBF7886B3A34C8796DD8F882D8A774E6B2FC197CEF30532B097A5AF84B332EF966D7E9C5FAF1774659055927174ED80316E34E4C8C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.n.......................................................(...W.......W..................l...................................Rich............PE..d.....E_.........."......R..........,..........@............................. ............`.....................................................X.......0........m......................T...........................p...0............p..0............................text....P.......R.................. ..`.rdata...~...p.......V..............@..@.data...............................@....pdata...m.......n..................@..@.rsrc...0............\..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-RGQOV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	5804472
Entropy (8bit):	6.728568074690788
Encrypted:	false
SSDEEP:	98304:ACiFIdrFb5T62qSpjQDIvVsFihw/W4+s0DW2eZztoZs:A8JFb5T62qSpjQDaVswhw/1VKZs
MD5:	A9C8552C11C8909FE5F93300DEBABE50
SHA1:	BEFF5D48F34DC8AE1603FE7AC8A0A078FCDA00FD
SHA-256:	866E39DAF98510E78BBD20F49B7D88596A363C3DD72C5771FCA6629F3F430534
SHA-512:	D4FFE4A345B14A86F9DE7FCB713630A21BB51AFB5D298C29F4602ABC3CC125243F21E47137B30804083F9FDB8432587752E571EEB0D33688AC96FB29FB11AB9C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m.[.m.[.m.[..%[.m.[&..Z.m.[&..Z.m.[...Z.m.[...Z.m.[..q[.m.[i..Z.m.[i..Z.m.[i..Z.m.[.m.[.k.[i..Z.m.[&..Z,l.[&.I[.m.[.m![.m.[&..Z.m.[Rich.m.[........PE..d...Z.Z_..........#...........;.....P..........@..............................Y.......X... .................................................8.).X....`/.h...p-.D....vX...............%.T.....................%.(.....%.0................(...........................text............................... ..`.rdata...S.......T..................@..@.data...X...@..D... .............@....pdata..D....p-......d,.............@..@.rsrc...h...`/..0..F..............@..@................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-U4VOR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	27936
Entropy (8bit):	6.577459666532623
Encrypted:	false
SSDEEP:	384:nGpHh29k7lAv1WioEWQ53tWi9pBj0HRN7evpPOWixHRN76MauOMlVt:nCHc4MqPAWevp3y6MgI
MD5:	1B8D2F7700EB84B832E9750880CDCBD5
SHA1:	3AE22588F9420414182F78A994E1E2D9153E48E2
SHA-256:	13DC526343225AD933612A6BBCEC4F9A3A9A94B00B2F24B7DA8F851E9DE00992
SHA-512:	6DB667391D842511867EED010055E9E3A09897004F77912E055FE794870EFD59CDE822D9AE819963595EB53A17477B24C981A334EBFB3869D71C3FE6A8274F14
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:N..:N..:N9(.N..:N..N..:N..;N..:Nu.;O..:Nu.>O..:Nu.9O..:Nu.?O..:Nu.:O..:Nu..N..:Nu.8O..:NRich..:N........PE..d...W8.^.........." ................ ........................................p...........`A........................................p'..0....(..P....P..0....@.......,.. A...`.. ....!..T............................!..0............ ...............................text...X........................... ..`.rdata..0.... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc...0....P.......$..............@..@.reloc.. ....`.......*..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VAK07.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	72704
Entropy (8bit):	5.947616300788425
Encrypted:	false
SSDEEP:	1536:/QgDwY4DWyNlsRbyk+M9HIgq9ltgVGYZ6:/lkdDWnRb00HIgq9ltqy
MD5:	D18ED518E8774DECBBDC4E95DB5C41E1
SHA1:	56A456FD1C9E3776EE3E53BEAD1D049A4F6C3CB7
SHA-256:	D757601915C34DBEA750F3CD684F353AB9C04C3F0E73F09666379C4565E9FFE7
SHA-512:	254C1ECCE28E71F3B50B25DE06925545C376BC9DB3C79F38739230262F51E32EDBC8B412FD14082C6559CBBBF5084D9AAC66BD4DD728AE7B7F998481D5969A13
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2..........." ..0..............0... ...@....... ....................................`..................................0..O....@..d....................`......./..T............................................ ............... ..H............text........ ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B.................0......H.......(p......................4/.............................................V~....%-.&s....%......~....,.~....u....-.r...ps"...z........{....r...(#....rg..p(...+&..}....*....(......{...."..}......{...."..}....^r...p.($....{....(%.....{......{....^.#.....@o@(&.....(.......0..b........s'...}.....((....~)...(...-..#.......?(+...(,...,.r...ps-...z..2....1.r...ps-...z..}......}.......0............0.r...ps-...z..(....1.~....*.{.....(.......(/...#.......Zi.(.....

C:\Program Files\FlashIntegro\VideoEditor\Tools\is-VVOBD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	3.9990411455002364
Encrypted:	false
SSDEEP:	48:68+l5dxw4BlTqUgJlsqQAMHYYLybtPWOFU9mL1Mb1ztAayD7WDk+AJtDVmNDex:aHzBlTSJlsHUYLybt5xkkNBVc
MD5:	6A460D84E1D6F81248A6C5494FBFFDED
SHA1:	22C12E36F2E959323F9D0509061D169C37709524
SHA-256:	19A35735A8AFC02F9AB086F8049CD88C2B361FC3CC5288D8EFE0F41A33E5CCD6
SHA-512:	6F548A3A514275D292BA9AF09B11C0DC93C3366AAA2D9E4248799DE431B781B0D289FC92BC8D311E556B1B654E63A82B6FA9E44C90BFF6A054A0F53530181EBC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............(... ...@....... ..............................y.....`..................................'..O....@.......................`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......P ......................$&......................................BSJB............v4.0.30319......l...l...#~......(...#Strings............#US.........#GUID...........#Blob......................3......................................................K.....8...........c.i...2.................\|.................L...................................).....1.....9.....A.....I.....Q.....Y.....a.........................#.....+.D...3.U...;.b...C.....K.....S.....[.........,.........

C:\Program Files\FlashIntegro\VideoEditor\is-0SG7I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	590632
Entropy (8bit):	6.463330275333709
Encrypted:	false
SSDEEP:	12288:Mt8MRN4gE4x4iTqwTQa6IUqXF7XyxpypsdUDqNSfbQEKZm+jWodEEV3Ho/:MCMm9pyp35bQEKZm+jWodEExg
MD5:	E74CAF5D94AA08D046A44ED6ED84A3C5
SHA1:	ED9F696FA0902A7C16B257DA9B22FB605B72B12E
SHA-256:	3DEDEF76C87DB736C005D06A8E0D084204B836AF361A6BD2EE4651D9C45675E8
SHA-512:	D3128587BC8D62E4D53F8B5F95EB687BC117A6D5678C08DC6B59B72EA9178A7FD6AE8FAA9094D21977C406739D6C38A440134C1C1F6F9A44809E80D162723254
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n..............w.(...#...<........../.....".................+.....g.+.....+...Rich*...................PE..d...R8.^.........." .....>..........p"....................................................`A........................................ m..h....G..,...............(;......(A......4.......T...............................0............P......Ti..@....................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data....:...`..."...P..............@....pdata..(;.......<...r..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-2P8H9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	317224
Entropy (8bit):	6.325476680883488
Encrypted:	false
SSDEEP:	6144:6lTcrTKDDPzfM0xmNcwwY2baM739NhNN40aBqnWzgPPz:6cKHzEc/Yzz
MD5:	165E673B081CF2C90A2E63A6834ACE1E
SHA1:	544014C03FB2E91454D4BAC4934B1C44F2ED8943
SHA-256:	8BF7EFB1FA4F86DB826B79EA1D3DAA6E18019790D7B5FF58B53BFB4CAD967974
SHA-512:	BB02ED42C4AFC2AE1AD5A01D974B41C511E04964962655CF387E07FB364075A1939CB9EEA0B72BBC73F6813BE9107D650543EE1ACC3583A3A59AA8B416AF9565
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e............/.<....\|@....ct............ct.....ct.....ct......ct.....ct,....ct.....Rich....................PE..d...M8.^.........." ................p.....................................................`A........................................0....M..<................p...6......(A......l....4..T...........................p4..0............................................text...<........................... ..`.rdata...2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...N..............@..@.rsrc...............................@..@.reloc..l...........................@..B........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-7P8PE.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	27936
Entropy (8bit):	6.577459666532623
Encrypted:	false
SSDEEP:	384:nGpHh29k7lAv1WioEWQ53tWi9pBj0HRN7evpPOWixHRN76MauOMlVt:nCHc4MqPAWevp3y6MgI
MD5:	1B8D2F7700EB84B832E9750880CDCBD5
SHA1:	3AE22588F9420414182F78A994E1E2D9153E48E2
SHA-256:	13DC526343225AD933612A6BBCEC4F9A3A9A94B00B2F24B7DA8F851E9DE00992
SHA-512:	6DB667391D842511867EED010055E9E3A09897004F77912E055FE794870EFD59CDE822D9AE819963595EB53A17477B24C981A334EBFB3869D71C3FE6A8274F14
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:N..:N..:N9(.N..:N..N..:N..;N..:Nu.;O..:Nu.>O..:Nu.9O..:Nu.?O..:Nu.:O..:Nu..N..:Nu.8O..:NRich..:N........PE..d...W8.^.........." ................ ........................................p...........`A........................................p'..0....(..P....P..0....@.......,.. A...`.. ....!..T............................!..0............ ...............................text...X........................... ..`.rdata..0.... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc...0....P.......$..............@..@.reloc.. ....`.......*..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-CSG4M.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	218504
Entropy (8bit):	6.1736138518071355
Encrypted:	false
SSDEEP:	3072:SGYbeaxbDu8toYaO8+Bsfvj9sdkYhv1XVrwl7jm0I:ScOi2oYN8+gRKml7DI
MD5:	D201B13BAE6CA38ECD833FF55B5DB612
SHA1:	52137B4CD3E928006F47C0AA106D506FA7B6D01F
SHA-256:	96EE6583AD1D3A04A2D90CEF4879A2DB3677528C3A24311C9DF71100CDB76381
SHA-512:	1AEE1C14101C587E622B87AFBEADA162AEDAC5D917F65077FC0936DCB92EE3C12C8B157DA66C19D37BD487F73D979E59333220C7D95005CCB220F4F10510BD87
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,z.`h.h3h.h3h.h3ac.3b.h3.ki2l.h3.km2\|.h3.kl2`.h3.kk2k.h33si2m.h3h.i3..h3.jm2a.h3.jh2i.h3.j.3i.h3.jj2i.h3Richh.h3................PE..d.....E_.........." .........&...... .....................................................`......................................... ................`.......@.......:.......p......0...............................P...0............0...............................text...r........................... ..`.rdata..j....0......................@..@.data....4.......0..................@....pdata.......@......................@..@.rsrc........`.......2..............@..@.reloc.......p.......4..............@..B................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-EPPLT.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	193832
Entropy (8bit):	6.592581384064209
Encrypted:	false
SSDEEP:	3072:V7vC/HAiCsJCzwneNPXU7tm1hTt8KBDal8zg/0LwhORfewlMi0JHV:VTGAtweN85m1f8KBI9wfpsJH
MD5:	937D6FF2B308A4594852B1FB3786E37F
SHA1:	5B1236B846E22DA39C7F312499731179D9EE6130
SHA-256:	261FBD00784BB828939B9B09C1931249A5C778FCEAD5B78C4B254D26CF2C201F
SHA-512:	9691509872FDB42A3C02566C10550A856D36EB0569763F309C9C4592CAF573FBB3F0B6DC9F24B32A872E2E4291E06256EAE5F2A0DEB554F9241403FD19246CAC
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........94..Wg..Wg..WgVt.g..Wg..g..Wg..Sf..Wg..Tf..Wg..Vg..Wg..Vf..Wg..Rf..Wg..Wf..Wg...g..Wg..Uf..WgRich..Wg........................PE..d...W8.^.........." ................p............................................... .....`A........................................ ..................................(A...........K..T........................... L..0...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-EUP48.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	31528
Entropy (8bit):	6.472533190412445
Encrypted:	false
SSDEEP:	384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
MD5:	7EE2B93A97485E6222C393BFA653926B
SHA1:	F4779CBFF235D21C386DA7276021F136CA233320
SHA-256:	BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
SHA-512:	4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D\|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-H3Q3E.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	337696
Entropy (8bit):	6.010310833200254
Encrypted:	false
SSDEEP:	3072:uMCZbDoSbwlSCpYQfj+f1D0I/esAjznECGJGSuyuMiQdqyHGxRCcXYJ7q5g03Lbh:uCXSUYQeisA3EJnkgCbDmgpbPSNA
MD5:	9FF7C9FF349B13430FD4575556ED3A15
SHA1:	CED03401B3FFA7BF372B6E7B9CE3D6856D646373
SHA-256:	C04C348CF3CB28A550ADC72D40F7473D03F1EAC63F3B945A6A56C476265295A7
SHA-512:	CB656E556EC12CE5A8979C69C777ABC83B5E8023E90F7A0DC206FEF9DF8C04B96B70CCBCE4F563265392E313AE6E4C4DC2E5A2FDFACA32AB0E167E45C7581374
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.M...#...#...#.....#..."...#...&...#...'...#... ...#......#...".l.#...*...#...#...#......#...!...#.Rich..#.........PE..d...T:.^.........." .........f......P~.......................................0......M.....`A.............................................>..d...,................ ...... A..........`...T...............................0............................................text...V........................... ..`.rdata...v.......x..................@..@.data...(.... ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-LBTK9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	60383912
Entropy (8bit):	6.495190236571405
Encrypted:	false
SSDEEP:	393216:TmdGR6evWiA6RhGGD5T62qSpjQDEFM/rTkZe0+j:Tme9Rhg4e0+j
MD5:	637DAB8AA353319BC4EA4B488EFA6BFC
SHA1:	5C444C7DDD349D2C61A70E399C0EA1DF4B720632
SHA-256:	384E74CB3FBCB1F28D611E9FF165977C5309BEB7ED6F16AC1755C1E62451E5B0
SHA-512:	9F5BB9445EF32DACD1D3AA648D121946DCEC07AC4FF9B2B3FA0F5FB4A6C25CAC9AA25E80EC0BBF7C841A9E73D52F993C46048FED9B9512A7329DE57B26E5400D
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........,aD.M...M...M...5...M......O...<...M...M...P...<...M...<...L...<..3N...%...M...%...M...M...D..N=...M...%...M..(....M..N=...M..N=...M..N=...M...<...M...<..cL...<...M...<...M...M...M...<...M..Rich.M..................PE..d.....u_..........#..................L........@....................................tS.... ...........................................k.T....k.........`.....s......@..."............P.T...................@.P.(.....P.0................D...........................text....~.......................... ..`.rodata............................. ..`.rotext............................. ..`IPPCODE.b.<.......<................. ..`.rdata..\.\.......\.................@..@.data....\...Pl..B...(l.............@....pdata........s......jq.............@..@IPPDATA..............R..............@....rsrc...`............(..............@..@................................

C:\Program Files\FlashIntegro\VideoEditor\is-LLEGR.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3273384
Entropy (8bit):	6.204219388249566
Encrypted:	false
SSDEEP:	49152:FjxwPsIHk+ycUY0RmHVCicleE05T62qSpjQDIKKm+7FP1TxL/wY3W8aJW:H9QUghcleE05T62qSpjQDZKtF7wwW8a
MD5:	70FE0DE6F13E157BB9A648D39DE0DB95
SHA1:	94DC1297C4D5FCDF0F063E6CF3D32D1931CE8297
SHA-256:	25333CE8D64B4DEF95F6E01C0454B9CF0DF05C1BF1D7AA50A7B7A48E40FF193E
SHA-512:	969B3DF7269C11D2443A262803C9075F9A252584FF453181A36EACA0516DC63544934C9BECD26EF8B044C4B01F631AED5520A8F8187BAB281C195AF33CA96EA6
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..T..T..T.....T.i.P..T.i.Q...T...P..T...U..T.@....T.&.P..T.&.W..T.&.Q...T..U.G.T.&.U..T.f.Q..T.f...T....T.f.V..T.Rich.T.........PE..d.....u_..........".................t..........@.............................P2.....lF2...`................................................... ......."..t...p!.......1.."...p1.@...P...T......................(.......0............ ...!...........................text...\........................... ..`.rdata..^F... ...H..................@..@.data........p ......Z .............@....pdata.......p!....... .............@..@.rsrc....t...."..v...z".............@..@.reloc..@....p1.......0.............@..B........................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-P6BPJ.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	143760
Entropy (8bit):	5.776690215232214
Encrypted:	false
SSDEEP:	1536:Mw06qVXJQ5BnRu3EUBrC1GO/BrIUOiNOcmreFIGd7Vpu0t:MtQ5BTdMUFIUOiNOcmreFIGJS0t
MD5:	F8E682A9335817ECFD070AB0E55E82B3
SHA1:	4D46998D7B55E2DECDBD8AB1FFF7BD4BA4D99335
SHA-256:	2E6D53B7D24228214225DCFE9680BD161CBD2B7B02F6015E4DC7437AEDBBF1D5
SHA-512:	C6EE82235FBA46340264B7F074F50A7A64D0921425C1521EE540BD0E3AF5A782319834191CE4AAB3054C95C0924A8858BC9D17D915313A111A5EA8987CD400B1
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................`..................................o..D......D....D......d...D....Rich..........................PE..d.....E_.........." .........................................................`............`.............................................p.......\|....@...........#...........P..t.......T...........................p...0...............0............................text.............................. ..`.rdata...U.......V..................@..@.data...`...........................@....pdata...#.......$..................@..@.rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-ROU4O.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	44328
Entropy (8bit):	6.631745572973897
Encrypted:	false
SSDEEP:	768:uJnUUV7xPg4RdPvv1DHkhhFAWN6srByiYzC:uaY7XN7Ih4CIiYzC
MD5:	21AE0D0CFE9AB13F266AD7CD683296BE
SHA1:	F13878738F2932C56E07AA3C6325E4E19D64AE9F
SHA-256:	7B8F70DD3BDAE110E61823D1CA6FD8955A5617119F5405CDD6B14CAD3656DFC7
SHA-512:	6B2C7CE0FE32FAFFB68510BF8AE1B61AF79B2D8A2D1B633CEBA3A8E6A668A4F5179BB836C550ECAC495B0FC413DF5FE706CD6F42E93EB082A6C68E770339A77C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..j...j...j....l.h....y..h...cq..a...j...[....y..o....y..m....y..p....y..k....y\|.k....y..k...Richj...................PE..d...Q8.^.........." .....:...4......pA....................................................`A........................................Pk.......k..x....................l..(A......8...(b..T............................b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-RQNKS.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	3408032
Entropy (8bit):	6.109741279665363
Encrypted:	false
SSDEEP:	49152:NnaPLH4NvMoBdP3cz/c8ZMzteNK76njAgfdME8D2ftu+c5KSDJL7TY1AhJC:bvMoBdP3cz/clodmdDsAho
MD5:	CC95C3D7EFD1A07453CDEAB7BA152556
SHA1:	D6B0D377F4D6600CF90F658AF0EFDF1EDF594B49
SHA-256:	69385EE30C4B0D7BE4C2C1AB7C264F8548BFB4FCDF3A5B4FDE8722B954CAA197
SHA-512:	96A1BAF3EDF1C875B5155C066F9AD8DFB32DF505535DFD811E510BD8D5E126798EA05A26278EE939C0FFD65F295DC415B8D4EE43877A5AE8C5E8078DFD33696A
Malicious:	false
Reputation:	low
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........#..mp..mp..mp...p..mp$.iq..mp$.hq..mp..iq..mp..lq..mp...p..mpk.iq..mpk.nq..mpk.hq..mp..lp$.mpk.lq..mp+.hq..mp+.p..mp...p..mp+.oq..mpRich..mp................PE..d....u_..........#......6.....................@.............................p4.......4... .................................................X.#.0.....&.@{...@%......3.."............ .T..................... .(...P. .0............P..."...........................text...I4.......6.................. ..`.rdata..l....P.......:..............@..@.data........0$.......$.............@....pdata......@%.......$.............@..@.rsrc...@{....&..\|...b&.............@..@........................................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-VKA8L.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1118104
Entropy (8bit):	6.460169628466756
Encrypted:	false
SSDEEP:	24576:14oVtxz271AMD414hXWsyQEwpP3tWu3nF7elTptNCZfD:14obm1AMD24hXyQEwpPdp3nF7yTkZ
MD5:	A8405BF5F5828FAE3B745841BB0A7EF9
SHA1:	D928107BC62F8FADD40C552861F9F2CB24A9B9EE
SHA-256:	9DAF2627107318C81CA5BBA5FAE1CF2AF8C220781E003EE912E105E1EEB8504E
SHA-512:	EBA2B412B2EBE94AB4ACFCDBF7886B3A34C8796DD8F882D8A774E6B2FC197CEF30532B097A5AF84B332EF966D7E9C5FAF1774659055927174ED80316E34E4C8C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H.n.......................................................(...W.......W..................l...................................Rich............PE..d.....E_.........."......R..........,..........@............................. ............`.....................................................X.......0........m......................T...........................p...0............p..0............................text....P.......R.................. ..`.rdata...~...p.......V..............@..@.data...............................@....pdata...m.......n..................@..@.rsrc...0............\..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\VideoEditor\is-VQLEK.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	101672
Entropy (8bit):	6.566355945650465
Encrypted:	false
SSDEEP:	1536:7y6+2mUD0uBFRXqYue/o+18iBH5T7heunxr98nZXR9xecbSQ2bIB0TO:7lXfRXqQw+PHLrCZh9xecbSt
MD5:	8697C106593E93C11ADC34FAA483C4A0
SHA1:	CD080C51A97AA288CE6394D6C029C06CCB783790
SHA-256:	FF43E813785EE948A937B642B03050BB4B1C6A5E23049646B891A66F65D4C833
SHA-512:	724BBED7CE6F7506E5D0B43399FB3861DDA6457A2AD2FAFE734F8921C9A4393B480CDD8A435DBDBD188B90236CB98583D5D005E24FA80B5A0622A6322E6F3987
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!/.NeNl.eNl.eNl....gNl.l6..nNl.eNm.INl..>o.hNl..>h.uNl..>i.zNl..>l.dNl..>..dNl..>n.dNl.RicheNl.................PE..d...M8.^.........." .........^...... .....................................................`A........................................`1..4....9.......p.......P.......L..(A..........H...T...............................0............................................text...b........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

C:\Program Files\FlashIntegro\is-9I76T.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	1188532
Entropy (8bit):	6.4116166910599945
Encrypted:	false
SSDEEP:	24576:FtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt8:rqTytRFk6ek1LN
MD5:	07F67E90D8D563731A1D7C578D3244C4
SHA1:	47DAC74E13E733760DF6996044B3ED0816B319AF
SHA-256:	1F3E9B1F92006CAB0205A0AA797225FC591D02172FEA867BDBD7830010A91F88
SHA-512:	C96150FDF26FE5A1E99498E27959C1044BA2B21478E96F5FFBFF6C0C102751D1B64080B3233919060256650ED5FD98BD7ECDE1F0B2E757BC78C98489F6AC1323
Malicious:	false
Reputation:	low
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................%.....@......@..............................@8...0..................."................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................

C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe Download File
Process:	C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	647704
Entropy (8bit):	7.216103486972765
Encrypted:	false
SSDEEP:	12288:bnMwHskY7gjcjhVIEhqgM7bWvcsi6aVUnIyXUwXK4Qzh+jMlWCEh:LMysZgjS1hqgSC/izsfXUwiz0wy
MD5:	1D7599C4A31B82E70308C022E9494011
SHA1:	7D04A03D5502DF2838D40DD131B1CAE226CB5205
SHA-256:	21D2935D29C807A3A56C406849B97DBC7F720822920930D0E2B13A44203C107C
SHA-512:	080FF020E0D2D9C0CE6BEEE8143C0F49E1B4450BAA08072A8662F4B25AD6B034EE0AD174F2D4ACD5B011CB8FB140656755007E245673F7677964B9E99555AB08
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......0....@..............................................;...............$...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\state.rsm Download File
Process:	C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe
File Type:	data
Category:	dropped
Size (bytes):	1916
Entropy (8bit):	2.6869276593612454
Encrypted:	false
SSDEEP:	24:lKUgMClccDgL2z1zL2FKUgMClccDgL2z1zL2:RgOcDgLszL8gOcDgLszL
MD5:	93554B5AD73EFF78D8918030709CC465
SHA1:	C01A3F1712586CFF4B8B1826B7BCB26D87830B29
SHA-256:	4A94B41B8BDEBCA1E721DA87B69C3792E123970DE1E9663FBAAB54E212551ECD
SHA-512:	5E9862284889C1D658A57414B8F3B7A412C186F248CDB1EF8B2DB44A130EB5879C7D31D92C6ECF7EBE811EAC67BDD17B073D76B1CBB7C7C1C4A79A26FE13A8E0
Malicious:	false
Reputation:	low
Preview:	J...............................................................................................................................................................................................................................................W.i.x.B.u.n.d.l.e.F.o.r.c.e.d.R.e.s.t.a.r.t.P.a.c.k.a.g.e.....................W.i.x.B.u.n.d.l.e.L.a.s.t.U.s.e.d.S.o.u.r.c.e.................................W.i.x.B.u.n.d.l.e.N.a.m.e.....B...M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.7...2.9.0.1.6.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.....?...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.9.N.T.L.G...t.m.p.\.v.c.r.e.d.i.s.t._.x.6.4...e.x.e.............W.i.x.B.u.n.d.l.e.O.r.i.g.i.n.a.l.S.o.u.r.c.e.F.o.l.d.e.r...../...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.i.s.-.9.N.T.L.G...t.m.p.\.................................J.........................................

C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	modified
Size (bytes):	528
Entropy (8bit):	5.432008683773575
Encrypted:	false
SSDEEP:	12:1PAB3TOUt5DQWUzaWYCGAYPAFVWYCGAYYeZqJCrbPABBU5fB:12ae5DQLzAxoxrqSkKp
MD5:	E4F0B0E58745A56DB887388B782F6216
SHA1:	D60C1A261E814F42CF946F37A28F5A5E96D42D00
SHA-256:	FE6C767B805711F16ABA6F61D7ECC2EF77EB3F98E691BA55FE38DB77E9312DBB
SHA-512:	E8328A46E90925D9D57D30B90D6ED356B5174A553B0B0461770C801209690C1086C55C0E20E5CC428D37E7900651A75D1ECED3B1781E71F60A42920C396B927E
Malicious:	false
Reputation:	low
Preview:	[1604:1610][2020-12-03T10:22:59]i001: Burn v3.10.4.4718, Windows v10.0 (Build 17134: Service Pack 0), path: C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe..[1604:1610][2020-12-03T10:22:59]i009: Command Line: '"-burn.clean.room=C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe" -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log /install'..

C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239_000_vcRuntimeMinimum_x64.log Download File
Process:	C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	34262
Entropy (8bit):	3.726923161938866
Encrypted:	false
SSDEEP:	192:2OO3DzeiRNfvjYO6KKSQQPEjtSoiPrhS7F/s9r/Q3DDApfx9X:2OOzzeCNfv8lIjoiPA1fkfxt
MD5:	F3EE75A5C1DD98FA96E94CEF05D9780E
SHA1:	81956D4DD1361044B505CFF37EA83A779C2780C7
SHA-256:	3CB52D41C5161785937737B4B2704894CFE1384607C6F4253BA9A6F179CEF0AA
SHA-512:	8A313075E8CE806841F8BA1DA7A58F5BDB744F1AB72E5A61372A0F949C46402E8911C906A92246BB4C3DC4402C32973B5C76D9B9DD379EF9CE1AC348CAA6F205
Malicious:	false
Reputation:	low
Preview:	..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.2./.3./.2.0.2.0. . .1.0.:.2.2.:.4.6. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.C.E.E.9.5.A.1.C.-.E.2.2.B.-.4.5.6.0.-.8.B.0.3.-.7.2.F.A.4.E.1.0.3.F.F.8.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.B.C.:.0.0.). .[.1.0.:.2.2.:.4.6.:.9.9.7.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.B.C.:.0.0.). .[.1.0.:.2.2.:.4.6.:.9.9.7.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.B.C.:.0.0.). .[.1.0.:.2.2.:.4.6.:.9.9.7.].:. ........ .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . ........ .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.E.4.9.3.B.8.F.4.-.E.3.0.0.-.4.3.E.C.-.9.5.D.0.-.B.D.F.3.7.1.1.2.9.7.E.A.}.v.1.4...2.7...2.9.0.1.6.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.M.

C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239_001_vcRuntimeAdditional_x64.log Download File
Process:	C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	33200
Entropy (8bit):	3.7245043912608677
Encrypted:	false
SSDEEP:	384:3w2piOhrWrp5Vwl4ZFooSAIg2b1Kre+2fM2pS26x:ZpiQrWri4LcRmeH1p7i
MD5:	A5C4EA14095359565C0136D80258971B
SHA1:	F70D0183D60377B32726AAAC241E593C57EA5535
SHA-256:	D7C828DF719CB8199460B92778B7C6263EB7968CE5B50A849058139CAAA6658A
SHA-512:	5723DF24E508D863AA6FC74B65AB1E3DFB65F2D4C244A1B88F190AB42E4F7C88F9D60481320E4CDC9DDF187739D103F408D9541BCF1EB469C047E5FA9E4669D7
Malicious:	false
Reputation:	low
Preview:	..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.2./.3./.2.0.2.0. . .1.0.:.2.2.:.5.6. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.C.E.E.9.5.A.1.C.-.E.2.2.B.-.4.5.6.0.-.8.B.0.3.-.7.2.F.A.4.E.1.0.3.F.F.8.}.\...b.e.\.V.C._.r.e.d.i.s.t...x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.B.C.:.3.0.). .[.1.0.:.2.2.:.5.6.:.0.9.5.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.B.C.:.3.0.). .[.1.0.:.2.2.:.5.6.:.0.9.5.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.B.C.:.3.0.). .[.1.0.:.2.2.:.5.6.:.0.9.5.].:. ........ .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . ........ .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.F.0.7.B.1.E.2.5.-.5.6.7.0.-.4.5.5.6.-.9.C.7.F.-.5.A.1.9.6.6.C.8.3.2.6.9.}.v.1.4...2.7...2.9.0.1.6.\.p.a.c.k.a.g.e.s.\.v.c.R.u.n.t.i.m.e.A.

C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\_isetup\_iscrypt.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:	24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\_isetup\_setup64.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\itdownload.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	205312
Entropy (8bit):	6.503479365974787
Encrypted:	false
SSDEEP:	3072:lfb9mvexZXivFFmLFam1BEsW61HgAIwSMaentFGTaIgBx9rs0NBGZZuey2E0QeqB:lfbueviGLVUyHgAIwSMaenTrNWcmE
MD5:	D82A429EFD885CA0F324DD92AFB6B7B8
SHA1:	86BBDAA15E6FC5C7779AC69C84E53C43C9EB20EA
SHA-256:	B258C4D7D2113DEE2168ED7E35568C8E03341E24E3EAFC7A22A0D62E32122EF3
SHA-512:	5BF0C3B8FA5DB63205A263C4FA5337188173248BEF609BA4D03508C50DB1FD1E336F3041CE96D78CC97659357A83E6E422F5B079D893A20A683270E05F5438DF
Malicious:	false
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...2g.H.....................l......4.............@..................................................................`.......@...............................p......................................................`C..p............................text............................... ..`.itext..L........................... ..`.data...............................@....bss....(L...............................idata.......@......................@....edata.......`......................@..@.reloc.......p...0..................@..B.rsrc...............................@..@....................."..............@..@........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	15001520
Entropy (8bit):	7.995890070179197
Encrypted:	true
SSDEEP:	393216:43lptVYmfr7yBG/4Q7ScHvkAv+5SI1QaCKf76:41pttD7yBG/FPHvkrXPC676
MD5:	1E7BD6790391B5B710C6372AB2042351
SHA1:	75F1AEE6DCCF3D6E6AC49926563737005B93BA13
SHA-256:	952A0C6CB4A3DD14C3666EF05BB1982C5FF7F87B7103C2BA896354F00651E358
SHA-512:	AE3860A060BE483C9FCBCF6A41F561FAF2CD681F39138DD13A563E3F39CF4B4F41E7C0F7B58BC8B585B2728245025BE4B198F06634A97FA98847258272F9F59B
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......m....@..............................................;...............B...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp Download File
Process:	C:\Users\user\Desktop\download\video_editor_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1188528
Entropy (8bit):	6.411613348177392
Encrypted:	false
SSDEEP:	24576:FtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt0:rqTytRFk6ek1LF
MD5:	B2EAFA8C7E4EAEB302AA4AB062B17EBA
SHA1:	4CBE40A1223F6466E6B4DFBCE562167E7E63B943
SHA-256:	495E0EDE6EC021E16C65F4FB11F14DB1A3D7E3DC75D97E4C16C5652379A72FFB
SHA-512:	A934D8B32972C4698D430CC3202DF6022F56E0D239CCE4477C5174EB8C409E1927155964AD9343F837E1D741E9E36728AEA7363D8807883F5BD9AF4BBEA82487
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W............................l........ ....@.................................%.....@......@..............................@8...0..................."................................... .......................................................text............................... ..`.itext.............................. ..`.data...h0... ...2..................@....bss.....a...`.......0...................idata..@8.......:...0..............@....tls....<............j...................rdata....... .......j..............@..@.rsrc........0.......l..............@..@....................................@..@........................................................................................................................................

C:\Users\user\Desktop\cmdline.out Download File
Process:	C:\Windows\SysWOW64\wget.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	137649
Entropy (8bit):	2.2116513262568844
Encrypted:	false
SSDEEP:	1536:IbtrgI5gTrAGBzgw4hNcWSovImYOY+DDp/o:IbPgt7cD2
MD5:	EDCBE727A255D28A85C41161FF7CA796
SHA1:	5C5DB576289A213EBB5C4804E68E7F05F56E2261
SHA-256:	B84688BF15DC4812AF9C0DD20AB5A4EEE86D88D345B05B2AC41997DDC3C5C81A
SHA-512:	5291D48BB1203396B9E992D46EBED573E36B4E300727C3D3A78AA6E951871A6B7EF96948C6BF48EEEF9A878849D474BBEC8E15E64F4BAF0C339AF7AF15AB22A7
Malicious:	false
Reputation:	low
Preview:	--2020-12-03 10:20:01-- http://www.videosoftdev.com/services/download.aspx?ProductID=1..Resolving www.videosoftdev.com (www.videosoftdev.com)... 198.251.66.75..Connecting to www.videosoftdev.com (www.videosoftdev.com)\|198.251.66.75\|:80... connected...HTTP request sent, awaiting response... 302 Found..Location: http://downloads.videosoftdev.com/video_tools/video_editor_x64.exe [following]..--2020-12-03 10:20:01-- http://downloads.videosoftdev.com/video_tools/video_editor_x64.exe..Resolving downloads.videosoftdev.com (downloads.videosoftdev.com)... 198.251.66.75..Reusing existing connection to www.videosoftdev.com:80...HTTP request sent, awaiting response... 200 OK..Length: 89870912 (86M) [application/octet-stream]..Saving to: 'C:/Users/user/Desktop/download/video_editor_x64.exe'.... 0K .......... .......... .......... .......... .......... 0% 112K 13m1s.. 50K .......... .......... .......... .......... .......... 0% 329K 8m43s.. 100K .......... .......... .......... ....

C:\Users\user\Desktop\download\video_editor_x64.exe Download File
Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	89870912
Entropy (8bit):	7.9999664770278045
Encrypted:	true
SSDEEP:	1572864:w6AdlN8ZHIigrZE0OtKEymPJSKJrkQVmyVpNPtB2r2b/JdDeEoQCDk6mY7:cN8SiwOJhPJPkYdNPtB2gJEhke
MD5:	10B5CDAB87CF1825DF1134F16DFF7062
SHA1:	9E65AF8FB1A7CFD82D928690E4DF6AF1BED8A13C
SHA-256:	D92047B017289E1345F5BD7ECCDA8112BC712A36FA89F036CB365A31BAAFEA19
SHA-512:	B2DE10E1562CEAAAFBEC81219BCD7EB1F340AA1FAEBB6799D15CCC9D55533C01A92E78B914944ABE372FC48B7A69D136D6BDCAF658CFE25E35A585566EE5B062
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 5%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W..................................... ....@..................................=\...@......@.................................................../[.."...........................................................................................text...D........................... ..`.itext..d........................... ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc................(..............@..@....................................@..@........................................................................................................................................

C:\Windows\System32\is-0QH9Q.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	413760
Entropy (8bit):	5.841633032991966
Encrypted:	false
SSDEEP:
MD5:	016BE824802F3869A7DA2F2B6329B563
SHA1:	B585D5E18183E8F7F108B0C7991ED65303354898
SHA-256:	69460070F8DFB18470A4B78B959BBEA293CBA53E8446FD1F3ED1D067BCCBB37B
SHA-512:	6F4FA5872C95B1842FE14CA309D014556610E02FF07CE7BEDB9013F7F378D572F1BCD23AD032239A54F919F6475B36DAB20393415A0469B79B39AA85CF2A0D92
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.O....................................Rich............................PE..L...U.<...........#.........z.................... ..........................0.......x..............................p...I...............X........................#......8............................................................................text............................... ..`.data...`E..........................@....rsrc...X...........................@..@.reloc..`(.......... ..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-8FNTV.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	524288
Entropy (8bit):	6.582010311536173
Encrypted:	false
SSDEEP:
MD5:	0B86EF053161AA4AC3F973FE370EED96
SHA1:	9A7CF75E305DC0F499A69F5DDCCC74959562EA5C
SHA-256:	3EE3CA89D93B4A3F9FB32E17E3D8ED67CBAE4F46FBC3A296ED478E432CF371BB
SHA-512:	51B84C6F4AAC6B277062E0F39EA744222D973F19E09E2911AED73F6C31716EE48C7D3B40EE3B82E008B21D5C07F8986DDDB012FDD901612A6F97B0DE8F958B41
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F...'b.'b.'b..8i.'b..;l.'b..8h..'b.'c..'b...q.'b...R.'b.'b.'b.c.f.'b.Rich.'b.........PE..L......@...........!.................=.......................................@.......................................9..&....4..(...............................@B...................................................................................text.............................. ..`.rdata...{..........................@..@.data........@...@...@..............@....rodata.().......0..................@....reloc..DO.......P..................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-95VKA.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	261632
Entropy (8bit):	5.854479325846436
Encrypted:	false
SSDEEP:
MD5:	521F1463E9733FD867E097727DD90177
SHA1:	337CF25D5C80831912CEB555B79A28FB36C844FF
SHA-256:	8CB482D658458CA40FCD1B326DB0F0098C98030055BF928B830B709CDB989F39
SHA-512:	C77F24745C9CE7B05734F783AA46BD7FF28630F1D213605D313B097A21DFB010F31C66CF75016A0132324CD10B77555C80618E851C962E529993228B0B7C06F2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pf.:...........!...7............d-..................................................................................................d.......................H....................................................................................text...`........................... ..`.data...............................@....bss....................................edata..............................@..@.idata..............................@....reloc..H...........................@..R.rsrc...d...........................@..P........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-AGCOG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	139264
Entropy (8bit):	5.323014153251032
Encrypted:	false
SSDEEP:
MD5:	E8F602CA1E700496240CF07D9681D040
SHA1:	ADFBE52F47B55C0BEDE88CB478D5A7A150B16E1A
SHA-256:	C1BAC6183B8DF18B5D276B561E01C9EAE864FE698F969B9E3C659515E9B693B7
SHA-512:	796905980254BFA20E4EADF8B25BA7EEDA333AC9DB29BFF8A0C95763574F329B219B373986E6A38EE04BED54D6A9B59F0F48744AE713AD0C580D51F084BBF54E
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M.....}...}...}.f.v...}...s...}.f.w.L.}...\|.g.}.P.n...}.].M...}...{...}...y...}.Rich..}.................PE..L......@...........!.........@...............................................@..........................................]...............0.................... .......................................................................................text............................... ..`.rdata........... ..................@..@.data....]... ...@... ..............@....rsrc...0............`..............@..@.reloc....... ... ..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-C5KCH.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	5.394987975680278
Encrypted:	false
SSDEEP:
MD5:	59683D1E4CD0B1AD6AE32E1D627AE25F
SHA1:	4D3635481E0F123491176904C481D502EE277359
SHA-256:	B68DF20BFEA1CA273EED44595EE7119D92717AB6C85FC412040F19BEE89D8203
SHA-512:	98C90F8A4130E867C190C7B899AE1215EA9B583F40ED742AD7D9A5452C6394AC914E1F46293D41C0074FE81F381376FD4C0F322E3810A71F1324657690E9390C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................R............R.....................................Rich...................PE..L...j.!@...........!.................y.......................................`..........................................H.......P....@..p....................P.......................................................................................text...v........................... ..`.rdata..H........ ..................@..@.data....B.......0..................@....rsrc...p....@....... ..............@..@.reloc..F....P.......0..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-CFMS7.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	5.446328768595944
Encrypted:	false
SSDEEP:
MD5:	69A0628BBE1A404B1BA0B6DCA7610A06
SHA1:	47B4EC1314CED1DBA55CE6DC9668D5B8106C29EA
SHA-256:	9729B7BCB8AEA06BD61379501A34E69F81BE8DC6D0C1EEEACAF3D2D966328F07
SHA-512:	ED33F3DEDCEC543749130FC6576628CBA6AB9B415FC96BCB3CBF3A48DFD5EDD617ACB58135AEA6DA17BD6E9EA26E23B9E5BAAA91A7F615429FECE8FF0A68A5E2
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#..#..#..A../..#..{.....&..#........7.....".....'..Rich#..................PE..L...l..6...........!..............................@................................................................../.......*.......P..p....................p.......................................................................................text...8........................... ..`.rdata..d`.......p..................@..@.data........@.......@..............@....rsrc...p....P... ...P..............@..@.reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-G038I.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	221215
Entropy (8bit):	7.918732774315295
Encrypted:	false
SSDEEP:
MD5:	EFF71E68DD8F9DC0BBD89CD83153C336
SHA1:	913F689067DADF6FBD1E19CA924DC418BCFED33C
SHA-256:	4400841FB925FBCFC1CC4F618639F7191E08F1BE67E8E621CC2D36EFBFBB60D5
SHA-512:	076112CF97266FB4A911B76C260CE0035159A9EF2BFE3B6A58AF869FE5C118585BAC2410E55B7AF77D277CE83FE76B1A02B077DED17BA627F36837957F5F07B8
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.>N..P...P...P.m.T...P...^...P.T.C...P...Q...P.`.C...P..M...P..L...P...P._.P..V...P...T...P.Rich..P.........PE..L....=.>...........!.........@.......p... ...0....@..........................p... ...................................;.......y....... .......................y................................................................................................... ......................@................ ......................@................0......................@................@...V..................@............0..........................@....rsrc.... ... ...V..................@............0...@.......b..............@....data........p.......v..............@....adata.......`.......`..............@...C:\build\divx-4.5\dsfilter\divxati.cpp : -Qvc6 -Qlocation,link,C:\Program Files\Microsoft Visual Studio\VC98\Bin -nologo -MD -W3 -GX -O2 -I ..\libdivxde

C:\Windows\System32\is-G6P95.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	82944
Entropy (8bit):	6.085458374557824
Encrypted:	false
SSDEEP:
MD5:	83A083A42F97BCF3F8E016820178DDE2
SHA1:	C7613DEFC4D122A1E66AE460674F3668BDA9754D
SHA-256:	FE051C1D74EC67F843BE1B04F1D048DF4DDBA4DFB35BAC917DC890ACB21A7AAB
SHA-512:	1281D0AD6891115E0DF6910F53D03689713F48867153EFE6E173707FC358EAC73C821161485E97A1C650DF516673FD4E1324E950F9F7AB320BC9FCA3ECE02E8C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....~5...........!................0i..............................................................................0...I....P..x....`.......................p.......................................................R...............................text...\........................... ..`.rdata..y...........................@..@.data...hW.......<..................@....idata..>....P......................@....rsrc........`.......(..............@..@.reloc.......p.......2..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-JNA69.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	38912
Entropy (8bit):	4.403869253368406
Encrypted:	false
SSDEEP:
MD5:	8210141840CE237FBF40B6E26E2DD11D
SHA1:	1286F863A6516493B3FE56F993B2CE42738EAEA1
SHA-256:	3E9BF37372D779604A2BE238FB2CC06ABBF8CA0951082034A62FB8FF51E05AE6
SHA-512:	0942F1C17BE0A051C34218AFDE34DCA0850941BBA99AAC0D54946026D434D83866422F068F0646A1D4500BF3156AB14E328670596713E762B210BD8E8547B6E7
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O8.Q.V.Q.V.Q.V..2X.S.V.Q.W.X.V...E.V.V..(P.P.V.W.\.S.V...R.P.V.RichQ.V.................PE..L......;...........!.....8...\...............P........................2..............................................P..H.......P.......h.......................0.......................................................0............................text...T6.......8.................. ..`.rdata..X....P.......<..............@..@.data....H...`...J...>..............@....idata..`...........................@....rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-L00SG.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	81304
Entropy (8bit):	5.942686921491984
Encrypted:	false
SSDEEP:
MD5:	59BAD06D1F9FDC783D29B867BF4E9D25
SHA1:	60708A30D5191B9BD4E99C1F48F1A097292AF22B
SHA-256:	37C0B45A4EA29C183A191BC61DE31E3AA0F810263FFB7B896E5232BAAE9E432F
SHA-512:	B4A3B226A9B7D975B262A97633A5FE4FF82235CDD3D3CB4F38D00392BEE754EC413240D912A163A056372965541669A994CDD80F642AFD19805FDA3D45EB197C
Malicious:	false
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......._.S..f=..f=..f=......f=...<..f=...8..f=...9..f=...>..f=.@.9..f=.q.P..f=.@.<..f=..f<.f=...8..f=..4..f=..=..f=.....f=..f...f=..?..f=.Rich.f=.........................PE..d....(V_.........." .........................................................P............`......................................... ................ .. ............".......@..@...0...p...............................0............... ............................text.............................. ..`.rdata..FO.......P..................@..@.data...............................@....pdata..............................@..@.rsrc... .... ......................@..@.reloc..@....@......................@..B........................................................................................................................................................................................................

C:\Windows\System32\is-MFS8H.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	438272
Entropy (8bit):	6.1771396861076315
Encrypted:	false
SSDEEP:
MD5:	FAC0D5B16EFA7376CA81047490187D0D
SHA1:	98305046003AEF11BDEC0A4E5C2EB0B53F159400
SHA-256:	3E4CDA6730938391495DABDBCBB7FBAB00EAD3A2D38904EDFF5D36D334E277C7
SHA-512:	01FC396112169554BAD4663C506178DC6DD0765271698DFF1C2D7E553D07E8A9815ECD3CAA48C2BF2C2ACF627F01024B5869D0BEBD1D1D0F3D3CE9B9BA8AB3E8
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L,Lt.M"'.M"'.M"'gR)'.M"'.Q,'.M"'gR('qM"'ko.'.M"'\n.'jM"'jR1'.M"'.M#'.M"'\n.'.M"'.K$'.M"'.m&'.M"'Rich.M"'........PE..L......A...........!................................................................................. ..................H...x................................p... ...................................................................................text...5........................... ..`.rdata..XL.......P..................@..@.data..............................@...TORQ_CX_.P.......P..................@...WILK_DX_............................@....rsrc...............................@..@.reloc...+...p...0..................@..B.ON2.COM VERSION VP60E 6.0.12.0.........................................................................................................................................................................................................

C:\Windows\System32\is-OHJAD.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	13239
Entropy (8bit):	5.220381817337154
Encrypted:	false
SSDEEP:
MD5:	DC4B2F21968AC6E7E6C8A4417ED0D85C
SHA1:	5DEC70206551336537CB7D33A0E079B31308D81D
SHA-256:	449E16846D823C62CA2D14A943BB06A66D91ADB15D607FAD2A0800ECB2F91E28
SHA-512:	CEBB13FACC53162762F131F60B7E269FEE16A079D0230256AD1B0601E2B5F9748F3085118E27D321612525F6448A5FAD63A340F9657B0B2928F7C09855119D97
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"..;C..;C..;C..;C..2C..b`..<C...c..:C..mK..:C...c..?C..Rich;C..................PE..L......8...........!..... ...................0....@..........................`.......f...............................-..H....,..P....@..X....................P..\|...0...T...............................................0............................text...(........ .................. ..`.data........0.......$..............@....rsrc...X....@.......&..............@..@.reloc.......P.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-PL5GF.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	638976
Entropy (8bit):	7.9315386687432845
Encrypted:	false
SSDEEP:
MD5:	902179013800F311AFF57CD5F29BE346
SHA1:	B38B04E58170FBA26F65283430747156B528869F
SHA-256:	430802B9BA59CF44BB9A05C84FE647973B36D6A22BAE8B49D881580B2429983A
SHA-512:	A1E278817034D5CD82C5F87BC3700D09624E35F9D73B2B8315ACBBDADBA30F6DC8D071DC683629EE4B73372A9089E837DC5353D3F24DF78E864D5E4C45BBEC4A
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.c.>...>...>...E...<...Q...3...........Q.......G.......>.......\.../...>..........?.......?...Rich>...................PE..L....?.>...........!.........p.......`.......................................p.......................................P.......i..........X....................i.......................................................................................................n..................@............0...........r..............@............p.......p..................@................`...h..................@....................N...Z..............@....rsrc...............................@....................D..................@....data........`......................@....adata.......`......................@...cpu_disp.c : -I../ -Zl -Zp8 -DVX -DWMT -DMULTI_THREADED -MT -Focpu_disp_mt.obj -c.Intel(R) C++ Compiler for 32-bit applications, Version 6.0 B

C:\Windows\System32\is-QUAMI.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	5.096668311569224
Encrypted:	false
SSDEEP:
MD5:	1D9FB9784F32276EFB43512A81217753
SHA1:	BB690B3AC9AF6A15E3A7F61491B4086510C18FBE
SHA-256:	840C7C14A3BB2F0ED13788A82CEBFEA6F6CC8E6EA4C8EDF9917DDCDF685E6B78
SHA-512:	EDAAAFDECF6243B3DD5EF83CB97DBBA8F783D5FEDAF7821870FD558D9C682A9AF2479B4F9D2AE59FD5D8DACA2E8C324D1C99B04EFEFD6148B54DCBAEF8245FC1
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vbrv...%...%...%...%P..%}..%...%...%...%p..%...%...%B..%F ,%...%F -%...%...%...%.#.%...%Rich...%................PE..L....`<A...........!.....`...`...............p..............................................................................X{.......................................................................................p...............................text....Z.......`.................. ..`.rdata.......p... ...p..............@..@.data...............................@....rsrc............ ..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-RBT22.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	216064
Entropy (8bit):	6.7482528774362756
Encrypted:	false
SSDEEP:
MD5:	FA425C74CE2EB719B2A77A7A2ADDAE32
SHA1:	5DB27AD933465BE5479D753D907D3DCBD84CC3F9
SHA-256:	BAC1EA74A9763008F44D3D0F2951BA9A44853E0D72164521A74DC7DD1DF20BCC
SHA-512:	856F8BEF1AE3D2A169C1C89CA2144348FC1D04198AC52CA3AFD445D06619A3347FD1055DD8928E6F1E260FE28F95416265B01A0335CBE6A65608095C74F631A4
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.....G...G...G.nHG...G.n}G...G.nIG...G.`pG...G...G...G..G...G.nLG...G.nxG...G.nyG...G.n~G...GRich...G........................PE..L......N...........!................Y*.............................................. ;.............................. &..J...\........P..8....................p......................................................................................text.............................. ..`_TEXT64............................. ..`.rdata..jv.......x..................@..@.data...<....0......................@....rsrc...8....P......."..............@..@.reloc.......p.......4..............@..B................................................................................................................................................................................................................................................................

C:\Windows\System32\is-UR5C0.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	245760
Entropy (8bit):	6.275347444300503
Encrypted:	false
SSDEEP:
MD5:	5E6F49F657A509D079C60D08A2EE33A7
SHA1:	38101ECDD7823D789F72E0AB0485879CD910C017
SHA-256:	36632A8AC074D7ECB7D82C0DC0174C520CD659085F116DEA3D022F0A2F994FEB
SHA-512:	D7B252E4578C968034E4D66FE4085ED89C2BBFD9F4D70C330FD23C80F4D8788C9188FFE56C893FE026998AEE36041D1B9F28FDE216E1D6FA0E01F3085D48D573
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nO.p..#..#..#...#1..#\|1.#...#..# ..#H1.# ..#E1.#)..#E1.#+..#.2.#,..#Q2.#+..#..#...#...#+..#...#8..#.(.#+..#...#+..#Rich..#........................PE..L......B...........!......... .......[............@.................................................................PI.......A..........................................................................................x............................text............................... ..`.rdata.............................@..@.data....*...P... ...P..............@....rsrc............ ...p..............@..@.reloc...&.......0..................@..B................................................................................................................................................................................................................................................................................

C:\Windows\System32\is-VHK7U.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	4.77119967188416
Encrypted:	false
SSDEEP:
MD5:	5FEFD614BBD3FFA3712B172F70B1FDE2
SHA1:	0AAAC51DD0FEE84E4DCE999CDDFB61D8E5CC977D
SHA-256:	CE2F3131DDFA9B0DFCDDD2A4268E818A2631137FAADEEFA1CFADB5AFC7FEC381
SHA-512:	8CED9B86B6A90206433FE521AE92CED231699C9AED66356EF63EF52CAD8A4D149AAC23CF30521CF50CB5E64D800C7FFBF655E07FE6E82AF2E2BA2EC76A3917F1
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..9...9...9......9......9.Rich..9.........................PE..L...k.e;...........!.........\.....................x................................Y...................................................HY...................p.......................................................................................rsrc...HY.......Z..................@..@.reloc.......p.......^..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1028\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	18127
Entropy (8bit):	4.036737741619669
Encrypted:	false
SSDEEP:
MD5:	B7F65A3A169484D21FA075CCA79083ED
SHA1:	5DBFA18928529A798FF84C14FD333CB08B3377C0
SHA-256:	32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
SHA-512:	EDA2F946C2E35464E4272B1C3E4A8DC5F17093C05DAB9A685DBEFD5A870B9D872D8A1645ED6F5B9A72BBB2A59D22DFA58FBF420F6440278CCBE07B6D0555C283
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fb\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a3\'ac\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\'bb\'f2\'b1\'be\'dc\'9b\'f3\'77\'d6\'ae\'b8\'fc\'d0\'c2\'a3

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1028\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2980
Entropy (8bit):	6.163758160900388
Encrypted:	false
SSDEEP:
MD5:	472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA1:	974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
SHA-256:	8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
SHA-512:	676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ................. ......................../passive \| /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1029\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	13053
Entropy (8bit):	5.125552901367032
Encrypted:	false
SSDEEP:
MD5:	B408556A89FCE3B47CD61302ECA64AC9
SHA1:	AAC1CDAF085162EFF5EAABF562452C93B73370CB
SHA-256:	21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
SHA-512:	BDE33918E68388C60750C964CDC213EC069CE1F6430C2AA7CF1626E6785C7C865094E59420D00026918E04B9B8D19FA22AC440F851ADC360759977676F8891E7
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z\~jej\f0\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI TYTO

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1029\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3333
Entropy (8bit):	5.370651462060085
Encrypted:	false
SSDEEP:
MD5:	16343005D29EC431891B02F048C7F581
SHA1:	85A14C40C482D9351271F6119D272D19407C3CE9
SHA-256:	07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
SHA-512:	FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive \| /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1031\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	11936
Entropy (8bit):	5.194264396634094
Encrypted:	false
SSDEEP:
MD5:	C2CFA4CE43DFF1FCD200EDD2B1212F0A
SHA1:	E8286E843192802E5EBF1BE67AE30BCAD75AC4BB
SHA-256:	F861DB23B972FAAA54520558810387D742878947057CF853DC74E5F6432E6A1B
SHA-512:	6FDF02A2DC9EF10DD52404F19C300429E7EA40469F00A43CA627F3B7F3868D1724450F99C65B70B9B7B1F2E1FA9D62B8BE1833A8C5AA3CD31C940459F359F30B
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenen Unternehmen). Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b SOFERN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, SIND SIE ZU FOLGENDEM BERECHTIGT:\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 RECHTE ZUR INSTALLATION UND NUTZUNG. \

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1031\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3379
Entropy (8bit):	5.094097800535488
Encrypted:	false
SSDEEP:
MD5:	561F3F32DB2453647D1992D4D932E872
SHA1:	109548642FB7C5CC0159BEDDBCF7752B12B264C0
SHA-256:	8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
SHA-512:	CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive \| /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1036\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	11593
Entropy (8bit):	5.106817099949188
Encrypted:	false
SSDEEP:
MD5:	F0FF747B85B1088A317399B0E11D2101
SHA1:	F13902A39CEAE703A4713AC883D55CFEE5F1876C
SHA-256:	4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
SHA-512:	AA850F05571FFC361A764A14CA9C1A465E2646A8307DEEE0589852E6ACC61AF145AEF26B502835724D7245900F9F0D441451DD8C055404788CE64415F5B79506
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou, en fonction de votre lieu de r\'e9sidence, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT DE LICENCE, VOUS AVEZ LES DROITS CI-DESSOUS.\par....\pard{\pntext\f1\'B7\tab}{\\pn\pnlvlblt\pnf1\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\s

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1036\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3366
Entropy (8bit):	5.0912204406356905
Encrypted:	false
SSDEEP:
MD5:	7B46AE8698459830A0F9116BC27DE7DF
SHA1:	D9BB14D483B88996A591392AE03E245CAE19C6C3
SHA-256:	704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
SHA-512:	FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive \| /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1040\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	11281
Entropy (8bit):	5.046489958240229
Encrypted:	false
SSDEEP:
MD5:	9D98044BAC59684489C4CF66C3B34C85
SHA1:	36AAE7F10A19D336C725CAFC8583B26D1F5E2325
SHA-256:	A3F745C01DEA84CE746BA630814E68C7C592B965B048DDC4B1BBE1D6E533BE22
SHA-512:	D849BBB6C87C182CC98C4E2314C0829BB48BAD483D0CD97BF409E75457C3695049C3A8ADFE865E1ECBC989A910096D2C1CDF333705AAC4D22025DF91B355278E
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONTRATTO DI LICENZA PER IL SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\p

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1040\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3319
Entropy (8bit):	5.019774955491369
Encrypted:	false
SSDEEP:
MD5:	D90BC60FA15299925986A52861B8E5D5
SHA1:	FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
SHA-256:	0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
SHA-512:	11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive \| /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1041\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	28232
Entropy (8bit):	3.7669201853275722
Encrypted:	false
SSDEEP:
MD5:	8C49936EC4CF0F64CA2398191C462698
SHA1:	CC069FE8F8BC3B6EE2085A4EACF40DB26C842BAC
SHA-256:	7355367B7C48F1BBACC66DFFE1D4BF016C16156D020D4156F288C2B2207ED1C2
SHA-512:	4381147FF6707C3D31C5AE591F68BC61897811112CB507831EFF5E71DD281009400EDA3300E7D3EFDE3545B89BCB71F2036F776C6FDFC73B6B2B2B8FBC084499
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS Gothic;}{\f1\fnil\fcharset0 MS Gothic;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67 \'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41 \'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\par..\f1 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation (\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'c4\'82\'cd\'82\'bb\'82\'cc\'8a\'d6\'98\'41\'89\'ef\'8e\'d0) \'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\'81\'42\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1041\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3959
Entropy (8bit):	5.955167044943003
Encrypted:	false
SSDEEP:
MD5:	DC81ED54FD28FC6DB6F139C8DA1BDED6
SHA1:	9C719C32844F78AAE523ADB8EE42A54D019C2B05
SHA-256:	6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
SHA-512:	FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ............ ......... .........................

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1042\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	27936
Entropy (8bit):	3.871317037004171
Encrypted:	false
SSDEEP:
MD5:	184D94082717E684EAF081CEC3CBA4B1
SHA1:	960B9DA48F4CDDF29E78BBAE995B52204B26D51B
SHA-256:	A4C25DA9E3FBCED47464152C10538F16EE06D8E06BC62E1CF4808D293AA1AFA2
SHA-512:	E4016C0CA348299B5EF761F456E3B5AD9B99E5E100C07ACAB1369DFEC214E75AA88E9AD2A0952C0CC1B707E2732779E6E3810B3DA6C839F0181DC81E3560CBDA
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'c1\'b6\'b0\'c7\'c0\'ba\f0 \f1\'c0\'a7\'bf\'a1\f0 \f1\'b8\'ed\'bd\'c3\'b5\'c8\f0 \f1

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1042\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3249
Entropy (8bit):	5.985100495461761
Encrypted:	false
SSDEEP:
MD5:	B3399648C2F30930487F20B50378CEC1
SHA1:	CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
SHA-256:	AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
SHA-512:	C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive \| /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1045\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	13265
Entropy (8bit):	5.358483628484379
Encrypted:	false
SSDEEP:
MD5:	5B9DF97FC98938BF2936437430E31ECA
SHA1:	AB1DA8FECDF85CF487709774033F5B4B79DFF8DE
SHA-256:	8CB5EB330AA07ACCD6D1C8961F715F66A4F3D69FB291765F8D9F1850105AF617
SHA-512:	4EF61A484DF85C487BE326AB4F95870813B9D0644DF788CE22D3BEB6E062CDF80732CB0B77FCDA5D4C951A0D67AECF8F5DCD94EA6FA028CFCA11D85AA97714E3
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w\~zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z\~podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a\~Licencjobiorc\f1\'b9. Maj\'b9 one zastosowanie do wskazanego powy\'bfej oprogramowania. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym towarzysz\f1\'b9 inne postanowienia.\par..\b\

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1045\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3212
Entropy (8bit):	5.268378763359481
Encrypted:	false
SSDEEP:
MD5:	15172EAF5C2C2E2B008DE04A250A62A1
SHA1:	ED60F870C473EE87DF39D1584880D964796E6888
SHA-256:	440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
SHA-512:	48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive \| /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1046\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	10656
Entropy (8bit):	5.092962528947159
Encrypted:	false
SSDEEP:
MD5:	360FC4A7FFCDB915A7CF440221AFAD36
SHA1:	009F36BBDAD5B9972E8069E53855FC656EA05800
SHA-256:	9BF79B54F4D62BE501FF53EEDEB18683052A4AE38FF411750A764B3A59077F52
SHA-512:	9550A99641F194BB504A76DE011D07C1183EE1D83371EE49782FC3D05BF779415630450174DD0C03CB182A5575F6515012337B899E2D084203717D9F110A6FFE
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Estes termos de licen\'e7a formam um contrato firmado entre a Microsoft Corporation (ou com base no seu pa\'eds de resid\'eancia, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\t

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1046\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3095
Entropy (8bit):	5.150868216959352
Encrypted:	false
SSDEEP:
MD5:	BE27B98E086D2B8068B16DBF43E18D50
SHA1:	6FAF34A36C8D9DE55650D0466563852552927603
SHA-256:	F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
SHA-512:	3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive \| /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1049\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	31915
Entropy (8bit):	3.6440775919653996
Encrypted:	false
SSDEEP:
MD5:	A59C893E2C2B4063AE821E42519F9812
SHA1:	C00D0B11F6B25246357053F6620E57D990EFC698
SHA-256:	0EC8368E87B3DFC92141885A2930BDD99371526E09FC52B84B764C91C5FC47B8
SHA-512:	B9AD8223DDA2208EC2068DBB85742A03BE0291942E60D4498E3DAB4DDF559AA6DCF9879952F5819223CFC5F4CB71D4E06E4103E129727AACFB8EFE48403A04FA
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset204 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\f1\lang9 MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0\f0\lang1049\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0 \'e2\'e0\'f8\'e5\'e3\'ee \'ef\'f0\'ee\'e6\'e8\'e2\'e0\'ed\'e8\'ff, \'ee\

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1049\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	5.444436038992627
Encrypted:	false
SSDEEP:
MD5:	17C652452E5EE930A7F1E5E312C17324
SHA1:	59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
SHA-256:	7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
SHA-512:	53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive \| /quiet - ........... ....

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1055\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	13379
Entropy (8bit):	5.214715951393874
Encrypted:	false
SSDEEP:
MD5:	BD2DC15DFEE66076BBA6D15A527089E7
SHA1:	8768518F2318F1B8A3F8908A056213042A377CC4
SHA-256:	62A07232017702A32F4B6E43E9C6F063B67098A1483EEDDB31D7C73EAF80A6AF
SHA-512:	9C9467A2F2D0886FF4302A44AEA89734FCEFBD3CBE04D895BCEACBA1586AB746E62391800E07B6228E054014BE51F14FF63BA71237268F94019063C8C8B7EF74
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan anla\'bamay\u305? olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\par..\b BU L\f1\u304?SANS \'aaARTLARINA UYDU\u286?UNUZ TAKD\u304?RDE A\'aaA\u286?IDAK\u3

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\1055\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3221
Entropy (8bit):	5.280530692056262
Encrypted:	false
SSDEEP:
MD5:	DEFBEA001DC4EB66553630AC7CE47CCA
SHA1:	90CED64EC7C861F03484B5D5616FDBCDA8F64788
SHA-256:	E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
SHA-512:	B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive \| /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\2052\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	17863
Entropy (8bit):	3.9617786349452775
Encrypted:	false
SSDEEP:
MD5:	3CF16377C0D1B2E16FFD6E32BF139AC5
SHA1:	D1A8C3730231D51C7BB85A7A15B948794E99BDCE
SHA-256:	E95CA64C326A0EF7EF3CED6CDAB072509096356C15D1761646E3C7FDA744D0E0
SHA-512:	E9862FD0E8EC2B2C2180183D06535A16A527756F6907E6A1D2DB85092636F72C497508E793EE8F2CC8E0D1A5E090C6CCF465F78BC1FA8E68DAF7C68815A0EE16
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset134 SimSun;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f1 Microsoft Corporation\f0\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f1 Microsoft \f0\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\'ce\'a2\'c8\'ed\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'b5\'ab\'d3\'d0\'b2\'bb\'cd\

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\2052\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2978
Entropy (8bit):	6.135205733555905
Encrypted:	false
SSDEEP:
MD5:	3D1E15DEEACE801322E222969A574F17
SHA1:	58074C83775E1A884FED6679ACF9AC78ABB8A169
SHA-256:	2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
SHA-512:	10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [..] - .......... ..................Install ........../passive \| /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\3082\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	10714
Entropy (8bit):	5.122578090102117
Encrypted:	false
SSDEEP:
MD5:	FBF293EE95AFEF818EAF07BB088A1596
SHA1:	BBA1991BA6459C9F19B235C43A9B781A24324606
SHA-256:	1FEC058E374C20CB213F53EB3C44392DDFB2CAA1E04B7120FFD3FA7A296C83E2
SHA-512:	6971F20964EF74B19077EE81F953342DC6D2895A8640EC84855CECCEA5AEB581E6A628BCD3BA97A5D3ACB6CBE7971FDF84EF670BDDF901857C3CD28855212019
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LA LICENCIA DE SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0 Estos t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\b SI USTED CUMPLE CON LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE SE DESCRIBEN A CONTINUACI\'d3N.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\3082\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3265
Entropy (8bit):	5.0491645049584655
Encrypted:	false
SSDEEP:
MD5:	47F9F8D342C9C22D0C9636BC7362FA8F
SHA1:	3922D1589E284CE76AB39800E2B064F71123C1C5
SHA-256:	9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
SHA-512:	E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive \| /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\BootstrapperApplicationData.xml Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	13188
Entropy (8bit):	3.727955676947061
Encrypted:	false
SSDEEP:
MD5:	99149BB015AB0EBF5AACCA5F8AC03822
SHA1:	D44931C94C042AB415C5CF7FB472EFD73076E4A1
SHA-256:	17989DBFDF8FD22A0AC839D3B2954E78A54A637DA3030418317E187AC293FD12
SHA-512:	3774F7E61E85199EFE9F6AD8FA09D3C04077D0028ECF460F59EAAF6D3069320B700F8A7EDCB1FAFEFD22C05DB660494EAF629F7EE392B9AB2FCE16E114A2B188
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.x.6.4.). .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.7...2.9.0.1.6.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\license.rtf Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	9046
Entropy (8bit):	5.157073875669985
Encrypted:	false
SSDEEP:
MD5:	2EABBB391ACB89942396DF5C1CA2BAD8
SHA1:	182A6F93703549290BCDE92920D37BC1DEC712BB
SHA-256:	E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
SHA-512:	20D656A123A220CD3CA3CCBF61CC58E924B44F1F0A74E70D6850F39CECD101A69BCE73C5ED14018456E022E85B62958F046AA4BD1398AA27303C2E86407C3899
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-363\

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\logo.png Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	6.868587546770907
Encrypted:	false
SSDEEP:
MD5:	D6BD210F227442B3362493D046CEA233
SHA1:	FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
SHA-256:	335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
SHA-512:	464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#\|i${j$\|n~n.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.\|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\thm.wxl Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2952
Entropy (8bit):	5.052095286906672
Encrypted:	false
SSDEEP:
MD5:	FBFCBC4DACC566A3C426F43CE10907B6
SHA1:	63C45F9A771161740E100FAF710F30EED017D723
SHA-256:	70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
SHA-512:	063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive \| /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\thm.xml Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8332
Entropy (8bit):	5.184632608060528
Encrypted:	false
SSDEEP:
MD5:	F62729C6D2540015E072514226C121C7
SHA1:	C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
SHA-256:	F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
SHA-512:	CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

C:\Windows\Temp\{9BCC3480-CDF5-4D98-B3FD-8A6800206E32}\.ba\wixstdba.dll Download File
Process:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	195600
Entropy (8bit):	6.682530937585544
Encrypted:	false
SSDEEP:
MD5:	EAB9CAF4277829ABDF6223EC1EFA0EDD
SHA1:	74862ECF349A9BEDD32699F2A7A4E00B4727543D
SHA-256:	A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
SHA-512:	45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...<..R...,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	647728
Entropy (8bit):	7.216082780305946
Encrypted:	false
SSDEEP:
MD5:	B8863F2A21EA51F345EA0E8093AF5AFA
SHA1:	A5C8DF1DEA16620FE536C7B2B20C1E814C2561E8
SHA-256:	80DFC7E806B8CCFCE8538617252A24454F038D2CC7C191282FE24653A7C3BE4C
SHA-512:	BA19F49FA71589B49661B836DDFE48FDD15D4E4C646575CA013BBD0816555A37A97E5166E7B9D6DAE00BED9E8F7F7655F9379B5175BC943FA523B481060B3B0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......m....@..............................................;...............B...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1028\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	18127
Entropy (8bit):	4.036737741619669
Encrypted:	false
SSDEEP:
MD5:	B7F65A3A169484D21FA075CCA79083ED
SHA1:	5DBFA18928529A798FF84C14FD333CB08B3377C0
SHA-256:	32585B93E69272B6D42DAC718E04D954769FE31AC9217C6431510E9EEAD78C49
SHA-512:	EDA2F946C2E35464E4272B1C3E4A8DC5F17093C05DAB9A685DBEFD5A870B9D872D8A1645ED6F5B9A72BBB2A59D22DFA58FBF420F6440278CCBE07B6D0555C283
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset134 SimSun;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT \f1\'dc\'9b\'f3\'77\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'ca\'c7\'d9\'46\'d3\'c3\'91\'f4\'c5\'63\f0 Microsoft Corporation (\f1\'bb\'f2\'c6\'e4\'ea\'50\'82\'53\'c6\'f3\'98\'49\'a3\'ac\'d2\'95\'d9\'46\'d3\'c3\'91\'f4\'cb\'f9\'be\'d3\'d7\'a1\'b5\'c4\'b5\'d8\'fc\'63\'b6\'f8\'b6\'a8\f0 ) \f1\'d6\'ae\'e9\'67\'b3\'c9\'c1\'a2\'b5\'c4\'ba\'cf\'bc\'73\'a1\'a3\'cb\'fb\'82\'83\'df\'6d\'d3\'c3\'ec\'b6\'c9\'cf\'ca\'f6\'dc\'9b\'f3\'77\'a3\'ac\'b1\'be\'ca\'da\'99\'e0\'97\'6c\'bf\'ee\'d2\'e0\'df\'6d\'d3\'c3\'ec\'b6\'c8\'ce\'ba\'ce\f0 Microsoft \f1\'b7\'fe\'84\'d5\'bb\'f2\'b1\'be\'dc\'9b\'f3\'77\'d6\'ae\'b8\'fc\'d0\'c2\'a3

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1028\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2980
Entropy (8bit):	6.163758160900388
Encrypted:	false
SSDEEP:
MD5:	472ABBEDCBAD24DBA5B5F5E8D02C340F
SHA1:	974F62B5C2E149C3879DD16E5A9DBB9406C3DB85
SHA-256:	8E2E660DFB66CB453E17F1B6991799678B1C8B350A55F9EBE2BA0028018A15AD
SHA-512:	676E29378AAED25DE6008D213EFA10D1F5AAD107833E218D71F697E728B7B5B57DE42E7A910F121948D7B1B47AB4F7AE63F71196C747E8AE2B4827F754FC2699
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">....</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ................. ......................../passive \| /quiet - .... UI ........... UI.... ........... UI ........../norestart - ................UI ............./log log.txt - .........

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1029\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	13053
Entropy (8bit):	5.125552901367032
Encrypted:	false
SSDEEP:
MD5:	B408556A89FCE3B47CD61302ECA64AC9
SHA1:	AAC1CDAF085162EFF5EAABF562452C93B73370CB
SHA-256:	21DDCBB0B0860E15FF9294CBB3C4E25B1FE48619210B8A1FDEC90BDCDC8C04BC
SHA-512:	BDE33918E68388C60750C964CDC213EC069CE1F6430C2AA7CF1626E6785C7C865094E59420D00026918E04B9B8D19FA22AC440F851ADC360759977676F8891E7
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 LICEN\f1\'c8N\f0\'cd PODM\'cdNKY PRO SOFTWARE SPOLE\f1\'c8NOSTI MICROSOFT\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Tyto licen\f1\'e8n\f0\'ed podm\'ednky p\f1\'f8edstavuj\f0\'ed smlouvu mezi spole\f1\'e8nost\f0\'ed Microsoft Corporation (nebo n\f1\'eckterou z\~jej\f0\'edch afilac\'ed v\~z\'e1vislosti na tom, kde bydl\'edte) a\~v\'e1mi. Vztahuj\'ed se na v\'fd\f1\'9ae uveden\f0\'fd software. Podm\'ednky se rovn\f1\'ec\'9e vztahuj\f0\'ed na jak\'e9koli slu\f1\'9eby Microsoft nebo aktualizace pro software, pokud se na slu\'9eby nebo aktualizace nevztahuj\f0\'ed odli\f1\'9an\f0\'e9 podm\'ednky.\par..\b DODR\f1\'8e\f0\'cdTE-LI TYTO

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1029\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3333
Entropy (8bit):	5.370651462060085
Encrypted:	false
SSDEEP:
MD5:	16343005D29EC431891B02F048C7F581
SHA1:	85A14C40C482D9351271F6119D272D19407C3CE9
SHA-256:	07FB3EC174F25DFBE532D9D739234D9DFDA8E9D34F01FE660C5B4D56989FA779
SHA-512:	FF1AE9C21DCFB018DD4EC82A6D43362CB8C591E21F45DD1C25955D83D328B57C8D454BBE33FBC73A70DADF1DFB3AE27502C9B3A8A3FF2DA97085CA0D9A68AB03
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instala.n. program [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Opravdu chcete akci zru.it?</String>.. <String Id="HelpHeader">N.pov.da nastaven.</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [adres..] . Nainstaluje, oprav., odinstaluje nebo.. vytvo.. .plnou m.stn. kopii svazku v adres..i. V.choz. mo.nost. je instalace...../passive \| /quiet . Zobraz. minim.ln. u.ivatelsk. rozhran. bez v.zev nebo nezobraz. ..dn. u.ivatelsk. rozhran. a.. ..dn. v.zvy. V.choz. mo.nost. je zobrazen. u.ivatelsk.ho rozhran. a v.ech v.zev...../noresta

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1031\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	11936
Entropy (8bit):	5.194264396634094
Encrypted:	false
SSDEEP:
MD5:	C2CFA4CE43DFF1FCD200EDD2B1212F0A
SHA1:	E8286E843192802E5EBF1BE67AE30BCAD75AC4BB
SHA-256:	F861DB23B972FAAA54520558810387D742878947057CF853DC74E5F6432E6A1B
SHA-512:	6FDF02A2DC9EF10DD52404F19C300429E7EA40469F00A43CA627F3B7F3868D1724450F99C65B70B9B7B1F2E1FA9D62B8BE1833A8C5AA3CD31C940459F359F30B
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT-SOFTWARE-LIZENZBESTIMMUNGEN\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Diese Lizenzbestimmungen sind ein Vertrag zwischen Ihnen und der Microsoft Corporation (bzw. abh\'e4ngig von Ihrem Wohnsitz einem mit Microsoft verbundenen Unternehmen). Sie gelten f\'fcr die oben angef\'fchrte Software. Die Bestimmungen gelten ebenso f\'fcr jegliche von Microsoft angebotenen Dienste oder Updates f\'fcr die Software, sofern diesen keine anderen Bestimmungen beiliegen.\par..\b SOFERN SIE DIESE LIZENZBESTIMMUNGEN EINHALTEN, SIND SIE ZU FOLGENDEM BERECHTIGT:\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 RECHTE ZUR INSTALLATION UND NUTZUNG. \

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1031\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3379
Entropy (8bit):	5.094097800535488
Encrypted:	false
SSDEEP:
MD5:	561F3F32DB2453647D1992D4D932E872
SHA1:	109548642FB7C5CC0159BEDDBCF7752B12B264C0
SHA-256:	8E0DCA6E085744BFCBFF46F7DCBCFA6FBD722DFA52013EE8CEEAF682D7509581
SHA-512:	CEF8C80BEF8F88208E0751305DF519C3D2F1C84351A71098DC73392EC06CB61A4ACA35182A0822CF6934E8EE42196E2BCFE810CC859965A9F6F393858A1242DF
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] - Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">M.chten Sie den Vorgang wirklich abbrechen?</String>.. <String Id="HelpHeader">Setup-Hilfe</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [Verzeichnis] - installiert, repariert, deinstalliert oder.. erstellt eine vollst.ndige lokale Kopie des Bundles im Verzeichnis. Installieren ist die Standardeinstellung...../passive \| /quiet - zeigt eine minimale Benutzeroberfl.che ohne Eingabeaufforderungen oder keine.. Benutzeroberfl.che und keine Eingabeaufforderungen an. Standardm..ig werden die Benutzeroberfl.che und alle Eingab

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1036\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	11593
Entropy (8bit):	5.106817099949188
Encrypted:	false
SSDEEP:
MD5:	F0FF747B85B1088A317399B0E11D2101
SHA1:	F13902A39CEAE703A4713AC883D55CFEE5F1876C
SHA-256:	4D9B7F06BE847E9E135AB3373F381ED7A841E51631E3C2D16E5C40B535DA3BCF
SHA-512:	AA850F05571FFC361A764A14CA9C1A465E2646A8307DEEE0589852E6ACC61AF145AEF26B502835724D7245900F9F0D441451DD8C055404788CE64415F5B79506
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMES DU CONTRAT DE LICENCE LOGICIEL MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Les pr\'e9sents termes du contrat de licence constituent un contrat entre Microsoft Corporation (ou, en fonction de votre lieu de r\'e9sidence, l\rquote un de ses affili\'e9s) et vous. Ils s\rquote appliquent au logiciel vis\'e9 ci-dessus. Les termes s\rquote appliquent \'e9galement \'e0 tout service et \'e0 toute mise \'e0 jour Microsoft pour ce logiciel, \'e0 moins que d\rquote autres termes n\rquote accompagnent ces \'e9l\'e9ments.\par..\b SI VOUS VOUS CONFORMEZ AUX PR\'c9SENTS TERMES DU CONTRAT DE LICENCE, VOUS AVEZ LES DROITS CI-DESSOUS.\par....\pard{\pntext\f1\'B7\tab}{\\pn\pnlvlblt\pnf1\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\s

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1036\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3366
Entropy (8bit):	5.0912204406356905
Encrypted:	false
SSDEEP:
MD5:	7B46AE8698459830A0F9116BC27DE7DF
SHA1:	D9BB14D483B88996A591392AE03E245CAE19C6C3
SHA-256:	704DDF2E60C1F292BE95C7C79EE48FE8BA8534CEB7CCF9A9EA68B1AD788AE9D4
SHA-512:	FC536DFADBCD81B42F611AC996059A6264E36ECF72A4AEE7D1E37B87AEFED290CC5251C09B68ED0C8719F655B163AD0782ACD8CE6332ED4AB4046C12D8E6DBF6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installation de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Voulez-vous vraiment annuler.?</String>.. <String Id="HelpHeader">Aide du programme d'installation</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installe, r.pare, d.sinstalle ou.. cr.e une copie locale compl.te du groupe dans le r.pertoire. Install est l'option par d.faut...../passive \| /quiet - affiche une interface minimale, sans invite, ou n'affiche ni interface.. ni invite. Par d.faut, l'interface et toutes les invites sont affich.es...../norestart - supprime toutes les tentatives de red.

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1040\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	11281
Entropy (8bit):	5.046489958240229
Encrypted:	false
SSDEEP:
MD5:	9D98044BAC59684489C4CF66C3B34C85
SHA1:	36AAE7F10A19D336C725CAFC8583B26D1F5E2325
SHA-256:	A3F745C01DEA84CE746BA630814E68C7C592B965B048DDC4B1BBE1D6E533BE22
SHA-512:	D849BBB6C87C182CC98C4E2314C0829BB48BAD483D0CD97BF409E75457C3695049C3A8ADFE865E1ECBC989A910096D2C1CDF333705AAC4D22025DF91B355278E
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 CONTRATTO DI LICENZA PER IL SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Le presenti condizioni di licenza costituiscono il contratto tra Microsoft Corporation (o, in base al luogo di residenza del licenziatario, una delle sue consociate) e il licenziatario, Tali condizioni si applicano al software Microsoft di cui sopra. Le condizioni si applicano inoltre a qualsiasi servizio o aggiornamento di Microsoft relativo al software, a meno che questo non sia accompagnato da condizioni differenti.\par..\b QUALORA IL LICENZIATARIO SI ATTENGA ALLE PRESENTI CONDIZIONI DI LICENZA, DISPORR\'c0 DEI DIRITTI INDICATI DI SEGUITO.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\p

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1040\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3319
Entropy (8bit):	5.019774955491369
Encrypted:	false
SSDEEP:
MD5:	D90BC60FA15299925986A52861B8E5D5
SHA1:	FADFCA9AB91B1AB4BD7F76132F712357BD6DB760
SHA-256:	0C57F40CC2091554307AA8A7C35DD38E4596E9513E9EFAE00AC30498EF4E9BC2
SHA-512:	11764D0E9F286B5AA7B1A9601170833E462A93A1E569A032FCBA9879174305582BD42794D4131B83FBCFBF1CF868A8D5382B11A4BD21F0F7D9B2E87E3C708C3F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Installazione di [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Annullare?</String>.. <String Id="HelpHeader">Guida alla configurazione</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installa, ripara, disinstalla o.. crea una copia locale completa del bundle nella directory. L'opzione predefinita . Install...../passive \| /quiet - visualizza un'interfaccia utente minima senza prompt oppure non visualizza alcuna interfaccia utente.. n. prompt. Per impostazione predefinita viene visualizzata l'intera interfaccia utente e tutti i prompt...../norestart - annulla quals

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1041\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	28232
Entropy (8bit):	3.7669201853275722
Encrypted:	false
SSDEEP:
MD5:	8C49936EC4CF0F64CA2398191C462698
SHA1:	CC069FE8F8BC3B6EE2085A4EACF40DB26C842BAC
SHA-256:	7355367B7C48F1BBACC66DFFE1D4BF016C16156D020D4156F288C2B2207ED1C2
SHA-512:	4381147FF6707C3D31C5AE591F68BC61897811112CB507831EFF5E71DD281009400EDA3300E7D3EFDE3545B89BCB71F2036F776C6FDFC73B6B2B2B8FBC084499
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset128 MS Gothic;}{\f1\fnil\fcharset0 MS Gothic;}{\f2\fnil\fcharset134 SimSun;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'83\'7d\'83\'43\'83\'4e\'83\'8d\'83\'5c\'83\'74\'83\'67 \'83\'5c\'83\'74\'83\'67\'83\'45\'83\'46\'83\'41 \'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\par..\f1 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8d\'80\'82\'cd\f2\'a1\'a2\f1 Microsoft Corporation (\f0\'82\'dc\'82\'bd\'82\'cd\'82\'a8\'8b\'71\'97\'6c\'82\'cc\'8f\'8a\'8d\'dd\'92\'6e\'82\'c9\'89\'9e\'82\'b6\'82\'c4\'82\'cd\'82\'bb\'82\'cc\'8a\'d6\'98\'41\'89\'ef\'8e\'d0) \'82\'c6\'82\'a8\'8b\'71\'97\'6c\'82\'c6\'82\'cc\'8c\'5f\'96\'f1\'82\'f0\'8d\'5c\'90\'ac\'82\'b5\'82\'dc\'82\'b7\'81\'42\'96\'7b\'83\'89\'83\'43\'83\'5a\'83\'93\'83\'58\'8f\'f0\'8

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1041\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3959
Entropy (8bit):	5.955167044943003
Encrypted:	false
SSDEEP:
MD5:	DC81ED54FD28FC6DB6F139C8DA1BDED6
SHA1:	9C719C32844F78AAE523ADB8EE42A54D019C2B05
SHA-256:	6B9BBF90D75CFA7D943F036C01602945FE2FA786C6173E22ACB7AFE18375C7EA
SHA-512:	FD759C42C7740EE9B42EA910D66B0FA3F813600FD29D074BB592E5E12F5EC09DB6B529680E54F7943821CEFE84CE155A151B89A355D99C25A920BF8F254AA008
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.. <Control Control="UninstallButton" X="270" Y="237" Width="120" Height="23"/>.. <Control Control="RepairButton" X="187" Y="237" Width="80" Height="23"/>.. .. <String Id="Caption">[WixBundleName] .......</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">..........</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ............ ......... .........................

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1042\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	27936
Entropy (8bit):	3.871317037004171
Encrypted:	false
SSDEEP:
MD5:	184D94082717E684EAF081CEC3CBA4B1
SHA1:	960B9DA48F4CDDF29E78BBAE995B52204B26D51B
SHA-256:	A4C25DA9E3FBCED47464152C10538F16EE06D8E06BC62E1CF4808D293AA1AFA2
SHA-512:	E4016C0CA348299B5EF761F456E3B5AD9B99E5E100C07ACAB1369DFEC214E75AA88E9AD2A0952C0CC1B707E2732779E6E3810B3DA6C839F0181DC81E3560CBDA
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset129 Malgun Gothic;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 Microsoft \f1\'bc\'d2\'c7\'c1\'c6\'ae\'bf\'fe\'be\'ee\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'bc\'ad\f0\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f1\'ba\'bb\f0 \f1\'bb\'e7\'bf\'eb\'b1\'c7\f0 \f1\'b0\'e8\'be\'e0\'c0\'ba\f0 Microsoft Corporation(\f1\'b6\'c7\'b4\'c2\f0 \f1\'b0\'c5\'c1\'d6\f0 \f1\'c1\'f6\'bf\'aa\'bf\'a1\f0 \f1\'b5\'fb\'b6\'f3\f0 \f1\'b0\'e8\'bf\'ad\'bb\'e7\f0 \f1\'c1\'df\f0 \f1\'c7\'cf\'b3\'aa\f0 )\f1\'b0\'fa\f0 \f1\'b1\'cd\'c7\'cf\f0 \f1\'b0\'a3\'bf\'a1\f0 \f1\'c3\'bc\'b0\'e1\'b5\'c7\'b4\'c2\f0 \f1\'b0\'e8\'be\'e0\'c0\'d4\'b4\'cf\'b4\'d9\f0 . \f1\'ba\'bb\f0 \f1\'c1\'b6\'b0\'c7\'c0\'ba\f0 \f1\'c0\'a7\'bf\'a1\f0 \f1\'b8\'ed\'bd\'c3\'b5\'c8\f0 \f1

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1042\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3249
Entropy (8bit):	5.985100495461761
Encrypted:	false
SSDEEP:
MD5:	B3399648C2F30930487F20B50378CEC1
SHA1:	CA7BDAB3BFEF89F6FA3C4AAF39A165D14069FC3D
SHA-256:	AD7608B87A7135F408ABF54A897A0F0920080F76013314B00D301D6264AE90B2
SHA-512:	C5B0ECF11F6DADF2E68BC3AA29CC8B24C0158DAE61FE488042D1105341773166C9EBABE43B2AF691AD4D4B458BF4A4BF9689C5722C536439CA3CDC84C0825965
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] .. ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">.. ...</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - ..... ... .. .. .... .., .., .. .... ...... ... .........../passive \| /quiet - .... .. .. UI. ..... UI ... ..... .... ..... ..... UI. .. ..... ........../norestart - .. .... .. .... ...

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1045\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	13265
Entropy (8bit):	5.358483628484379
Encrypted:	false
SSDEEP:
MD5:	5B9DF97FC98938BF2936437430E31ECA
SHA1:	AB1DA8FECDF85CF487709774033F5B4B79DFF8DE
SHA-256:	8CB5EB330AA07ACCD6D1C8961F715F66A4F3D69FB291765F8D9F1850105AF617
SHA-512:	4EF61A484DF85C487BE326AB4F95870813B9D0644DF788CE22D3BEB6E062CDF80732CB0B77FCDA5D4C951A0D67AECF8F5DCD94EA6FA028CFCA11D85AA97714E3
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset0 Garamond;}{\f3\fnil Tahoma;}{\f4\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 POSTANOWIENIA LICENCYJNE DOTYCZ\f1\'a5CE OPROGRAMOWANIA\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Niniejsze postanowienia licencyjne stanowi\f1\'b9 umow\'ea mi\'eadzy Microsoft Corporation (lub, w\~zale\'bfno\'9cci od miejsca zamieszkania Licencjobiorcy, jednym z\~podmiot\f0\'f3w stowarzyszonych Microsoft Corporation) a\~Licencjobiorc\f1\'b9. Maj\'b9 one zastosowanie do wskazanego powy\'bfej oprogramowania. Niniejsze postanowienia maj\'b9 r\f0\'f3wnie\f1\'bf zastosowanie do wszelkich us\'b3ug i aktualizacji Microsoft dla niniejszego oprogramowania, z wyj\'b9tkiem tych, kt\f0\'f3rym towarzysz\f1\'b9 inne postanowienia.\par..\b\

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1045\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3212
Entropy (8bit):	5.268378763359481
Encrypted:	false
SSDEEP:
MD5:	15172EAF5C2C2E2B008DE04A250A62A1
SHA1:	ED60F870C473EE87DF39D1584880D964796E6888
SHA-256:	440B309FCDF61FFC03B269FE3815C60CB52C6AE3FC6ACAD14EAC04D057B6D6EA
SHA-512:	48AA89CF4A0B64FF4DCB82E372A01DFF423C12111D35A4D27B6D8DD793FFDE130E0037AB5E4477818A0939F61F7DB25295E4271B8B03F209D8F498169B1F9BAE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalator [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Czy na pewno chcesz anulowa.?</String>.. <String Id="HelpHeader">Instalator . Pomoc</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [katalog] - Instaluje, naprawia, odinstalowuje.. lub tworzy pe.n. lokaln. kopi. pakietu w katalogu. Domy.lnie jest u.ywany prze..cznik install...../passive \| /quiet - Wy.wietla ograniczony interfejs u.ytkownika bez monit.w albo nie wy.wietla ani interfejsu u.ytkownika,.. ani monit.w. Domy.lnie jest wy.wietlany interfejs u.ytkownika oraz wszystkie monity...../norestart - Pom

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1046\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	10656
Entropy (8bit):	5.092962528947159
Encrypted:	false
SSDEEP:
MD5:	360FC4A7FFCDB915A7CF440221AFAD36
SHA1:	009F36BBDAD5B9972E8069E53855FC656EA05800
SHA-256:	9BF79B54F4D62BE501FF53EEDEB18683052A4AE38FF411750A764B3A59077F52
SHA-512:	9550A99641F194BB504A76DE011D07C1183EE1D83371EE49782FC3D05BF779415630450174DD0C03CB182A5575F6515012337B899E2D084203717D9F110A6FFE
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 TERMOS DE LICEN\'c7A PARA SOFTWARE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Estes termos de licen\'e7a formam um contrato firmado entre a Microsoft Corporation (ou com base no seu pa\'eds de resid\'eancia, uma de suas afiliadas) e voc\'ea. Eles se aplicam ao software indicado acima. Os termos tamb\'e9m se aplicam a quaisquer servi\'e7os ou atualiza\'e7\'f5es da Microsoft para o software, exceto at\'e9 a extens\'e3o de que eles tenham termos diferentes.\par..\b SE VOC\'ca CONCORDAR COM ESTES TERMOS DE LICEN\'c7A, TER\'c1 OS DIREITOS INDICADOS ABAIXO.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\t

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1046\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3095
Entropy (8bit):	5.150868216959352
Encrypted:	false
SSDEEP:
MD5:	BE27B98E086D2B8068B16DBF43E18D50
SHA1:	6FAF34A36C8D9DE55650D0466563852552927603
SHA-256:	F52B54A0E0D0E8F12CBA9823D88E9FD6822B669074DD1DC69DAD6553F7CB8913
SHA-512:	3B7C773EF72D40A8B123FDB8FC11C4F354A3B152CF6D247F02E494B0770C28483392C76F3C222E3719CF500FE98F535014192ACDDD2ED9EF971718EA3EC0A73E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Instala..o</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Tem certeza de que deseja cancelar?</String>.. <String Id="HelpHeader">Ajuda da Instala..o</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [diret.rio - instala, repara, desinstala ou.. cria uma c.pia local completa do pacote no diret.rio. Install . o padr.o..../passive \| /quiet - exibe a IU m.nima sem nenhum prompt ou n.o exibe nenhuma IU e.. nenhum prompt. Por padr.o, a IU e todos os prompts s.o exibidos...../norestart - suprime qualquer tentativa de reiniciar. Por padr.o, a IU perguntar. antes de reiniciar

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1049\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	31915
Entropy (8bit):	3.6440775919653996
Encrypted:	false
SSDEEP:
MD5:	A59C893E2C2B4063AE821E42519F9812
SHA1:	C00D0B11F6B25246357053F6620E57D990EFC698
SHA-256:	0EC8368E87B3DFC92141885A2930BDD99371526E09FC52B84B764C91C5FC47B8
SHA-512:	B9AD8223DDA2208EC2068DBB85742A03BE0291942E60D4498E3DAB4DDF559AA6DCF9879952F5819223CFC5F4CB71D4E06E4103E129727AACFB8EFE48403A04FA
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset204 Tahoma;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset204 Garamond;}{\f3\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang1049\'d3\'d1\'cb\'ce\'c2\'c8\'df \'cb\'c8\'d6\'c5\'cd\'c7\'c8\'c8 \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 MICROSOFT\par..\f1\lang9 MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0\f0\lang1049\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e8\'e5 \'f3\'f1\'eb\'ee\'e2\'e8\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'e8 \'ff\'e2\'eb\'ff\'fe\'f2\'f1\'ff \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5\'ec \'ec\'e5\'e6\'e4\'f3 \'ea\'ee\'f0\'ef\'ee\'f0\'e0\'f6\'e8\'e5\'e9 Microsoft (\'e8\'eb\'e8, \'e2 \'e7\'e0\'e2\'e8\'f1\'e8\'ec\'ee\'f1\'f2\'e8 \'ee\'f2 \'ec\'e5\'f1\'f2\'e0 \'e2\'e0\'f8\'e5\'e3\'ee \'ef\'f0\'ee\'e6\'e8\'e2\'e0\'ed\'e8\'ff, \'ee\

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1049\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	5.444436038992627
Encrypted:	false
SSDEEP:
MD5:	17C652452E5EE930A7F1E5E312C17324
SHA1:	59F3308B87143D8EA0EA319A1F1A1F5DA5759DD3
SHA-256:	7333BC8E52548821D82B53DBD7D7C4AA1703C85155480CB83CEFD78380C95661
SHA-512:	53FD207B96D6BCF0A442E2D90B92E26CBB3ECC6ED71B753A416730E8067E831E9EB32981A9E9368C4CCA16AFBCB2051483FDCFC474EA8F0D652FCA934634FBE8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.. <Control Control="InstallButton" X="275" Y="237" Width="110" Height="23"/>.... <String Id="Caption">......... ......... [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">........?</String>.. <String Id="HelpHeader">....... .. .........</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [.......] - ........., .............., ........ ..... ........ ...... ......... ..... ...... . ......... .. ......... - ............../passive \| /quiet - ........... ....

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1055\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	13379
Entropy (8bit):	5.214715951393874
Encrypted:	false
SSDEEP:
MD5:	BD2DC15DFEE66076BBA6D15A527089E7
SHA1:	8768518F2318F1B8A3F8908A056213042A377CC4
SHA-256:	62A07232017702A32F4B6E43E9C6F063B67098A1483EEDDB31D7C73EAF80A6AF
SHA-512:	9C9467A2F2D0886FF4302A44AEA89734FCEFBD3CBE04D895BCEACBA1586AB746E62391800E07B6228E054014BE51F14FF63BA71237268F94019063C8C8B7EF74
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset238 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT YAZILIMI L\f1\u304?SANS KO\'aaULLARI\par..\f0 MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 Bu lisans ko\f1\'baullar\u305?, Microsoft Corporation (veya ya\'baad\u305?\u287?\u305?n\u305?z yere g\f0\'f6re bir ba\f1\u287?l\u305? \'bairketi) ile sizin aran\u305?zda yap\u305?lan anla\'bamay\u305? olu\'baturur. Bu ko\'baullar, yukar\u305?da ad\u305? ge\f0\'e7en yaz\f1\u305?l\u305?m i\f0\'e7in ge\'e7erlidir. \f1\'aaartlar, yaz\u305?l\u305?m i\f0\'e7in t\'fcm Microsoft hizmetleri veya g\'fcncelle\f1\'batirmeleri i\f0\'e7in, beraberlerinde farkl\f1\u305? \'baartlar bulunmad\u305?\u287?\u305? s\f0\'fcrece ge\'e7erlidir.\par..\b BU L\f1\u304?SANS \'aaARTLARINA UYDU\u286?UNUZ TAKD\u304?RDE A\'aaA\u286?IDAK\u3

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\1055\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3221
Entropy (8bit):	5.280530692056262
Encrypted:	false
SSDEEP:
MD5:	DEFBEA001DC4EB66553630AC7CE47CCA
SHA1:	90CED64EC7C861F03484B5D5616FDBCDA8F64788
SHA-256:	E5ABE3CB3BF84207DAC4E6F5BBA1E693341D01AEA076DD2D91EAA21C6A6CB925
SHA-512:	B3B7A22D0CDADA21A977F1DCEAF2D73212A4CDDBD298532B1AC97575F36113D45E8D71C60A6D8F8CC2E9DBF18EE1000167CFBF0B2E7ED6F05462D77E0BCA0E90
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] Kurulumu</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.ptal etmek istedi.inizden emin misiniz?</String>.. <String Id="HelpHeader">Kurulum Yard.m.</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [dizin] - y.kler, onar.r, kald.r.r ya da.. dizindeki paketin tam bir yerel kopyas.n. olu.turur. Varsay.lan install de.eridir...../passive \| /quiet - en az d.zeyde istemsiz UI g.sterir ya da hi. UI g.stermez ve.. istem yoktur. Varsay.lan olarak UI ve t.m istemler g.r.nt.lenir...../norestart - yeniden ba.lama denemelerini engeller. Varsay.lan olarak UI yeniden ba.l

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\2052\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	17863
Entropy (8bit):	3.9617786349452775
Encrypted:	false
SSDEEP:
MD5:	3CF16377C0D1B2E16FFD6E32BF139AC5
SHA1:	D1A8C3730231D51C7BB85A7A15B948794E99BDCE
SHA-256:	E95CA64C326A0EF7EF3CED6CDAB072509096356C15D1761646E3C7FDA744D0E0
SHA-512:	E9862FD0E8EC2B2C2180183D06535A16A527756F6907E6A1D2DB85092636F72C497508E793EE8F2CC8E0D1A5E090C6CCF465F78BC1FA8E68DAF7C68815A0EE16
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset134 SimSun;}{\f1\fnil\fcharset0 Tahoma;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green0\blue255;}..{\*\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9\'ce\'a2\'c8\'ed\'c8\'ed\'bc\'fe\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\f1\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0\f0\'d5\'e2\'d0\'a9\'d0\'ed\'bf\'c9\'cc\'f5\'bf\'ee\'ca\'c7\f1 Microsoft Corporation\f0\'a3\'a8\'bb\'f2\'c4\'fa\'cb\'f9\'d4\'da\'b5\'d8\'b5\'c4\f1 Microsoft \f0\'b9\'d8\'c1\'aa\'b9\'ab\'cb\'be\'a3\'a9\'d3\'eb\'c4\'fa\'d6\'ae\'bc\'e4\'b4\'ef\'b3\'c9\'b5\'c4\'d0\'ad\'d2\'e9\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'ca\'ca\'d3\'c3\'d3\'da\'c9\'cf\'ca\'f6\'c8\'ed\'bc\'fe\'a1\'a3\'d5\'e2\'d0\'a9\'cc\'f5\'bf\'ee\'d2\'b2\'ca\'ca\'d3\'c3\'d3\'da\'d5\'eb\'b6\'d4\'b8\'c3\'c8\'ed\'bc\'fe\'b5\'c4\'c8\'ce\'ba\'ce\'ce\'a2\'c8\'ed\'b7\'fe\'ce\'f1\'bb\'f2\'b8\'fc\'d0\'c2\'a3\'ac\'b5\'ab\'d3\'d0\'b2\'bb\'cd\

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\2052\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	2978
Entropy (8bit):	6.135205733555905
Encrypted:	false
SSDEEP:
MD5:	3D1E15DEEACE801322E222969A574F17
SHA1:	58074C83775E1A884FED6679ACF9AC78ABB8A169
SHA-256:	2AC8B7C19A5189662DE36A0581C90DBAD96DF259EC00A28F609B644C3F39F9CA
SHA-512:	10797919845C57C5831234E866D730EBD13255E5BF8BA8087D53F1D0FC5D72DC6D5F6945DBEBEE69ACC6A2E20378750C4B78083AE0390632743C184532358E10
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">[WixBundleName] ....</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.......?</String>.. <String Id="HelpHeader">......</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [..] - .......... ..................Install ........../passive \| /quiet - ..... UI ......... UI ... ........ UI ........../norestart - ..................... UI.../log log.txt - ............. %TEMP% ...

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\3082\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	10714
Entropy (8bit):	5.122578090102117
Encrypted:	false
SSDEEP:
MD5:	FBF293EE95AFEF818EAF07BB088A1596
SHA1:	BBA1991BA6459C9F19B235C43A9B781A24324606
SHA-256:	1FEC058E374C20CB213F53EB3C44392DDFB2CAA1E04B7120FFD3FA7A296C83E2
SHA-512:	6971F20964EF74B19077EE81F953342DC6D2895A8640EC84855CECCEA5AEB581E6A628BCD3BA97A5D3ACB6CBE7971FDF84EF670BDDF901857C3CD28855212019
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 T\'c9RMINOS DE LA LICENCIA DE SOFTWARE DE MICROSOFT\par..MICROSOFT VISUAL C++ 2019 RUNTIME\par..\b0 Estos t\'e9rminos de licencia constituyen un contrato entre Microsoft Corporation (o, en funci\'f3n de donde resida, una de sus filiales) y usted. Se aplican al software antes mencionado. Los t\'e9rminos tambi\'e9n se aplican a cualquier servicio o actualizaci\'f3n de Microsoft para el software, excepto en la medida que tengan t\'e9rminos diferentes.\par..\b SI USTED CUMPLE CON LOS PRESENTES T\'c9RMINOS DE ESTA LICENCIA, DISPONDR\'c1 DE LOS DERECHOS QUE SE DESCRIBEN A CONTINUACI\'d3N.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\3082\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3265
Entropy (8bit):	5.0491645049584655
Encrypted:	false
SSDEEP:
MD5:	47F9F8D342C9C22D0C9636BC7362FA8F
SHA1:	3922D1589E284CE76AB39800E2B064F71123C1C5
SHA-256:	9CBB2B312C100B309A1B1495E84E2228B937612885F7A642FBBD67969B632C3A
SHA-512:	E458DF875E9B0622AEBE3C1449868AA6A2826A1F851DB71165A872B2897CF870CCF85046944FF51FFC13BB15E54E9D9424EC36CAF5A2F38CE8B7D6DC0E9B2363
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29"/>.... <String Id="Caption">Instalaci.n de [WixBundleName]</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">.Est. seguro de que desea cancelar la operaci.n?</String>.. <String Id="HelpHeader">Ayuda de configuraci.n</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - instala, repara, desinstala o.. crea una copia local completa del paquete en el directorio. La opci.n predeterminada es la instalaci.n...../passive \| /quiet - muestra una IU m.nima sin solicitudes o no muestra ninguna IU ni.. solicitud. De forma predeterminada, se muestran la IU y todas las solicitudes...../norestart - elimina cualquier intento

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\BootstrapperApplicationData.xml Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	13188
Entropy (8bit):	3.727955676947061
Encrypted:	false
SSDEEP:
MD5:	99149BB015AB0EBF5AACCA5F8AC03822
SHA1:	D44931C94C042AB415C5CF7FB472EFD73076E4A1
SHA-256:	17989DBFDF8FD22A0AC839D3B2954E78A54A637DA3030418317E187AC293FD12
SHA-512:	3774F7E61E85199EFE9F6AD8FA09D3C04077D0028ECF460F59EAAF6D3069320B700F8A7EDCB1FAFEFD22C05DB660494EAF629F7EE392B9AB2FCE16E114A2B188
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.x./.2.0.1.0./.B.o.o.t.s.t.r.a.p.p.e.r.A.p.p.l.i.c.a.t.i.o.n.D.a.t.a.".>..... . .<.W.i.x.B.a.l.C.o.n.d.i.t.i.o.n. .C.o.n.d.i.t.i.o.n.=.".V.e.r.s.i.o.n.N.T.6.4. .&.g.t.;.=. .v.6...0. .O.R. .(.V.e.r.s.i.o.n.N.T.6.4. .=. .v.5...2. .A.N.D. .S.e.r.v.i.c.e.P.a.c.k.L.e.v.e.l. .&.g.t.;.=. .1.).". .M.e.s.s.a.g.e.=.".[.W.i.x.B.u.n.d.l.e.N.a.m.e.]. .c.a.n. .o.n.l.y. .b.e. .i.n.s.t.a.l.l.e.d. .o.n. .W.i.n.d.o.w.s. .X.P. .S.P.1. .(.x.6.4.). .a.n.d. .n.e.w.e.r. .p.l.a.t.f.o.r.m.s...". ./.>..... . .<.W.i.x.B.u.n.d.l.e.P.r.o.p.e.r.t.i.e.s. .D.i.s.p.l.a.y.N.a.m.e.=.".M.i.c.r.o.s.o.f.t. .V.i.s.u.a.l. .C.+.+. .2.0.1.5.-.2.0.1.9. .R.e.d.i.s.t.r.i.b.u.t.a.b.l.e. .(.x.6.4.). .-. .1.4...2.7...2.9.0.1.6.". .L.o.g.P.a.t.h.V.a.r.i.a.b.l.e.=.".W.i.x.B.u.n.d.l.e.L.o.g.". .C.o.m.p.r.e.s.s.e.d.=.".y.e.

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\license.rtf Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Rich Text Format data, version 1, ANSI
Category:	dropped
Size (bytes):	9046
Entropy (8bit):	5.157073875669985
Encrypted:	false
SSDEEP:
MD5:	2EABBB391ACB89942396DF5C1CA2BAD8
SHA1:	182A6F93703549290BCDE92920D37BC1DEC712BB
SHA-256:	E3156D170014CED8D17A02B3C4FF63237615E5C2A8983B100A78CB1F881D6F38
SHA-512:	20D656A123A220CD3CA3CCBF61CC58E924B44F1F0A74E70D6850F39CECD101A69BCE73C5ED14018456E022E85B62958F046AA4BD1398AA27303C2E86407C3899
Malicious:	false
Reputation:	low
Preview:	{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Garamond;}{\f2\fnil\fcharset2 Symbol;}}..{\colortbl ;\red0\green32\blue96;\red0\green0\blue255;}..{\\generator Riched20 10.0.17763}\viewkind4\uc1 ..\pard\sb120\sa120\sl240\slmult1\b\f0\fs20\lang9 MICROSOFT SOFTWARE LICENSE TERMS\par..MICROSOFT VISUAL C++ 2019 RUNTIME \par..\b0 These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. They apply to the software named above. The terms also apply to any Microsoft services or updates for the software, except to the extent those have different terms.\par..\b IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW.\par....\pard{\pntext\f2\'B7\tab}{\\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-357\li357\sb120\sa120\sl240\slmult1\tx360 INSTALLATION AND USE RIGHTS. \b0\par....\pard{\pntext\f2\'B7\tab}{\*\pn\pnlvlblt\pnf2\pnindent360{\pntxtb\'B7}}\fi-363\

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\logo.png Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	PNG image data, 64 x 64, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1861
Entropy (8bit):	6.868587546770907
Encrypted:	false
SSDEEP:
MD5:	D6BD210F227442B3362493D046CEA233
SHA1:	FF286AC8370FC655AEA0EF35E9CF0BFCB6D698DE
SHA-256:	335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF
SHA-512:	464AAAB9E08DE610AD34B97D4076E92DC04C2CDC6669F60BFC50F0F9CE5D71C31B8943BD84CEE1A04FB9AB5BBED3442BD41D9CB21A0DD170EA97C463E1CE2B5B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...@...@.............sRGB.........gAMA......a.....PLTE].q^.r_.r_.s`.s`.s`.ta.ta.ub.ub.vc.vd.vd.vd.we.we.xe.xg.yg yg zh zh"zi"{j#\|i${j$\|n~n.n,.o,.p..q0.r2.s3.t5.x;.x<.y>.z?.\|B.~C.}E..F..F..H..I..J..L..O..P..W..Y..^..a..c..g..i..q..r..}.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................S......pHYs..%...%....^.....tEXtSoftware.Paint.NET v3.5.100.r.....IDATXG..iW.@...EJ.$M...`AEpG..7TpWT@\.."....(..(.._;...di:9.c>q..g....T...._...-....F..+..w.

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\thm.wxl Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2952
Entropy (8bit):	5.052095286906672
Encrypted:	false
SSDEEP:
MD5:	FBFCBC4DACC566A3C426F43CE10907B6
SHA1:	63C45F9A771161740E100FAF710F30EED017D723
SHA-256:	70400F181D00E1769774FF36BCD8B1AB5FBC431418067D31B876D18CC04EF4CE
SHA-512:	063FB6685EE8D2FA57863A74D66A83C819FE848BA3072B6E7D1B4FE397A9B24A1037183BB2FDA776033C0936BE83888A6456AAE947E240521E2AB75D984EE35E
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. .. Copyright (c) Microsoft Corporation. All rights reserved...-->..<WixLocalization Culture="en-us" xmlns="http://schemas.microsoft.com/wix/2006/localization">.. <Control Control="EulaAcceptCheckbox" X="11" Y="-41" Width="-11" Height="29" />.... <String Id="Caption">[WixBundleName] Setup</String>.. <String Id="Title">[WixBundleName]</String>.. <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String>.. <String Id="HelpHeader">Setup Help</String>.. <String Id="HelpText">/install \| /repair \| /uninstall \| /layout [directory] - installs, repairs, uninstalls or.. creates a complete local copy of the bundle in directory. Install is the default...../passive \| /quiet - displays minimal UI with no prompts or displays no UI and.. no prompts. By default UI and all prompts are displayed...../norestart - suppress any attempts to restart. By default UI will prompt before restart.../log log.txt - logs to a specific file. B

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\thm.xml Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8332
Entropy (8bit):	5.184632608060528
Encrypted:	false
SSDEEP:
MD5:	F62729C6D2540015E072514226C121C7
SHA1:	C1E189D693F41AC2EAFCC363F7890FC0FEA6979C
SHA-256:	F13BAE0EC08C91B4A315BB2D86EE48FADE597E7A5440DCE6F751F98A3A4D6916
SHA-512:	CBBFBFA7E013A2B85B78D71D32FDF65323534816978E7544CA6CEA5286A0F6E8E7E5FFC4C538200211F11B94373D5658732D5D8AA1D01F9CCFDBF20F154F1471
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>.. Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->......<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">.. <Window Width="485" Height="300" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>.. <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>.. <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>.. <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>.. <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>.... <Image X="11" Y="11" Width="64" Height="64" ImageFile="logo.png" Visible="yes"/>.. <Text X="80" Y="11" Width="-11" Heig

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.ba\wixstdba.dll Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	195600
Entropy (8bit):	6.682530937585544
Encrypted:	false
SSDEEP:
MD5:	EAB9CAF4277829ABDF6223EC1EFA0EDD
SHA1:	74862ECF349A9BEDD32699F2A7A4E00B4727543D
SHA-256:	A4EFBDB2CE55788FFE92A244CB775EFD475526EF5B61AD78DE2BCDFADDAC7041
SHA-512:	45B15ADE68E0A90EA7300AEB6DCA9BC9E347A63DBA5CE72A635957564D1BDF0B1584A5E34191916498850FC7B3B7ECFBCBFCB246B39DBF59D47F66BC825C6FD2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..R...R...R..h.N..R..h.L.R..h.M..R.......R.......R.......R...<..R...,..R...R...S..K....R..K....R..N.@..R...R(..R..K....R..Rich.R..................PE..L......Z...........!................d.....................................................@..............................................................D......,.......T...............................@...............X............................text............................... ..`.rdata.............................@..@.data...............................@....gfids..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	647704
Entropy (8bit):	7.216103486972765
Encrypted:	false
SSDEEP:
MD5:	1D7599C4A31B82E70308C022E9494011
SHA1:	7D04A03D5502DF2838D40DD131B1CAE226CB5205
SHA-256:	21D2935D29C807A3A56C406849B97DBC7F720822920930D0E2B13A44203C107C
SHA-512:	080FF020E0D2D9C0CE6BEEE8143C0F49E1B4450BAA08072A8662F4B25AD6B034EE0AD174F2D4ACD5B011CB8FB140656755007E245673F7677964B9E99555AB08
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c...'.u.'.u.'.u.......u.....[.u.....?.u...v.4.u...q.4.u...p...u.....".u....6.u.'.t.v.u...p.l.u....&.u.'..%.u...w.&.u.Rich'.u.........................PE..L......Z.....................v......m.............@..........................p.......0....@..............................................;...............$...0...=.. t..T...................tt......@n..@...................$........................text.............................. ..`.rdata..............................@..@.data...@...........................@....wixburn8...........................@..@.tls................................@....gfids..............................@..@.rsrc....;.......<..................@..@.reloc...=...0...>..................@..B........................................................................................................................................................

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\cab2C04DDC374BD96EB5C8EB8208F2C7C92 Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Microsoft Cabinet archive data, 5616406 bytes, 14 files
Category:	dropped
Size (bytes):	5633182
Entropy (8bit):	7.997630012311066
Encrypted:	true
SSDEEP:
MD5:	FE9D7E314931C910070D54964445353C
SHA1:	006922CFB8D637AC51D1226430E77C46764090CC
SHA-256:	B0DFC03227A7F14D107CC2380C7DBF23CC8B288EE8925B952B3085CB05A8FBDB
SHA-512:	25DEC54F1521D39797C8E34F78589A255B69AD55ED7A05B69D4DC68762BD9D2ECEEE8DDCC79FFEBFEC9C61FF2C3194661C979C4C06624762FFFA054A93751421
Malicious:	false
Reputation:	low
Preview:	MSCF......U.....D.............................U..A..............p... QU........P.P .mfc140.dll. ... QU....P.P .mfc140chs.dll.(...@.V....P.P .mfc140cht.dll.()..h.V....P.P .mfc140deu.dll.0.....W....P.P .mfc140enu.dll.(%....X....P.P .mfc140esn.dll.()....Z....P.P .mfc140fra.dll.(!...>[....P.P .mfc140ita.dll.(...8_\....P.P .mfc140jpn.dll. ...`8]....P.P .mfc140kor.dll. .....^....P.P .mfc140rus.dll.(.U..&_....P.P .mfc140u.dll. i.........P.P .mfcm140.dll. i...b.....P.P .mfcm140u.dll.w...7..CK.:{\.g..H0.....Zk......[.n.(...T...B.V..n...r#[.4...m..Uk.}.......V0(..BT\|.G.ND,..B[.=.\|..L.n../...\|.}.L...[\8.qZ.x....c.V........T...<4x.&.....s.`^.h......._`7.8..d.y.\|s..I.y.f.J.....x.t......O.2.h]..]'.=..u.E.p...p.]..........h<.........^x.[.~U8..."v.$..9....t......U...Kk...stX...>..>.....8.H..5....8...Q......d.%=.v/.I..K0.n/.O.f....1..<`..\..L ...G. .d.lC..p.,.p..Gs....6...d....D.}..9..m...'.g-.....D&.....0C..Ev....%.\2\..Ut.[.$F.)p.1......@....t.].4.....o..r......`..

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\cab5046A8AB272BF37297BB7928664C9503 Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	Microsoft Cabinet archive data, 1517914 bytes, 51 files
Category:	dropped
Size (bytes):	1534706
Entropy (8bit):	7.996871739775372
Encrypted:	true
SSDEEP:
MD5:	A5B1CCD33E32DAFADDB5F1D16F401F83
SHA1:	F968BFD873C8CA7FD061874B300A506402D4590E
SHA-256:	549B6D02586ADA2B6D2909F59DC4F75E8A4F16332AE0BE67AF90210D0DB0C30D
SHA-512:	C862A88EE037BCC5BDA4F59B9293233B8C3DDFE3FF544256FE39471EAF865EFB134EE5E178BAEBF9DAEFB46B58DCECCD002C57A2BF185E97BD18D038CBBC717D
Malicious:	false
Reputation:	low
Preview:	MSCF....Z)......D...........3...............Z)...A.................. O.........P.P .api_ms_win_core_console_l1_1_0.dll. M.. O.....P.P .api_ms_win_core_datetime_l1_1_0.dll.(M..@......P.P .api_ms_win_core_debug_l1_1_0.dll.0M..h......P.P .api_ms_win_core_errorhandling_l1_1_0.dll. [...6.....P.P .api_ms_win_core_file_l1_1_0.dll. M.........P.P .api_ms_win_core_file_l1_2_0.dll. M.........P.P .api_ms_win_core_file_l2_1_0.dll.0M...+.....P.P .api_ms_win_core_handle_l1_1_0.dll.(O..(y.....P.P .api_ms_win_core_heap_l1_1_0.dll.(M..P......P.P .api_ms_win_core_interlocked_l1_1_0.dll. O..x......P.P .api_ms_win_core_libraryloader_l1_1_0.dll.(W...d.....P.P .api_ms_win_core_localization_l1_2_0.dll.(O.........P.P .api_ms_win_core_memory_l1_1_0.dll. M.........P.P .api_ms_win_core_namedpipe_l1_1_0.dll.(Q...X.....P.P .api_ms_win_core_processenvironment_l1_1_0.dll.(U..0......P.P .api_ms_win_core_processthreads_l1_1_0.dll.(O..X......P.P .api_ms_win_core_processthreads_l1_1_1.dll.(K...M.....P.P .api_ms_win_core_

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\vcRuntimeAdditional_x64 Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	2
Category:	dropped
Size (bytes):	184320
Entropy (8bit):	6.364149432094009
Encrypted:	false
SSDEEP:
MD5:	4F4D221817C6F69FF9AEFF442100F2AE
SHA1:	6AE28B1CF68CA477E84A0E1C1F244D518106103C
SHA-256:	0272C8376C9197324914063C99754B493D237899C5815BEB8A7186461CE6D89F
SHA-512:	492660A5C00536F545C8380B1F7FE48707405E402124C254316D768EAAC0565B56ABEFC7B7C206C7166FA3B6A67E753D394DCE5F9820BA3B6622CCCABCB8F383
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\vcRuntimeMinimum_x64 Download File
Process:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
File Type:	2
Category:	dropped
Size (bytes):	192512
Entropy (8bit):	6.272092789615675
Encrypted:	false
SSDEEP:
MD5:	91217BEC57CF82A3685BA6B6EFD3DC04
SHA1:	3F658F6B1809D801670265D88F47B1F31A6D37A3
SHA-256:	C839620A0CD2BD8383A6E7EDD3C5BF1187755624788395225AE3BE8E81DFA0A5
SHA-512:	92B51C3B54C8C43A02D4610073E63D0616C60868967FD3F31C846D14BCEBD24D095B28D5A234ED29AC865FF80CA8FEF893243874447847452968AD7D5E61BEC9
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\is-JBMK9.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
File Type:	Unknown
Category:	dropped
Size (bytes):	156910
Entropy (8bit):	2.9757098342011097
Encrypted:	false
SSDEEP:
MD5:	EA3ECB92A2EA3A42273CB3B308CA1A5B
SHA1:	47A85AB09F83F5C00B1BAF66A7D82AEF4BABC2E4
SHA-256:	20CB37E704BD7762EAD3397A6E565B3F65B170D4BEDE30A22ACA9F8A7A19E614
SHA-512:	C7455110D1DB7F899DF2644D9AC60F3DEBD81723996FEA253F3132D8C20179EDE3E5316AD2A43380375D59E74279D7BC37A7DC84B02E5AC11B40DAE0C01F2812
Malicious:	false
Reputation:	low
Preview:	..<.P.R.X.>......... . . . .<.p.r.o.f.i.l.e. .v.e.r.s.i.o.n.=.".5.2.4.2.8.8.". ..... . . . . . . . . . . . . .n.a.m.e.=.".W.i.n.d.o.w.s. .M.e.d.i.a. .V.i.d.e.o. .8. .f.o.r. .C.o.l.o.r. .P.o.c.k.e.t. .P.C.s. .(.2.2.5. .K.b.p.s.).". ..... . . . . . . . . . . . . .g.u.i.d.=.".{.F.E.E.D.B.C.D.F.-.3.F.A.C.-.4.c.9.3.-.A.C.0.D.-.4.7.9.4.1.E.C.7.2.C.0.B.}."..... . . . . . . . . . . . . .d.e.s.c.r.i.p.t.i.o.n.=.".U.s.e. .t.h.i.s. .p.r.o.f.i.l.e. .w.h.e.n. .c.r.e.a.t.i.n.g. .v.i.d.e.o. .f.i.l.e.s. .f.o.r. .p.l.a.y.b.a.c.k. .o.n. .f.a.s.t.e.r. .c.o.l.o.r. .P.o.c.k.e.t. .P.C.s...".>. ..... . . . . .<.s.t.r.e.a.m.c.o.n.f.i.g. .m.a.j.o.r.t.y.p.e.=.".{.7.3.6.4.7.5.6.1.-.0.0.0.0.-.0.0.1.0.-.8.0.0.0.-.0.0.A.A.0.0.3.8.9.B.7.1.}.". ..... . . . . . . . . . . . . . . . . . . .s.t.r.e.a.m.n.u.m.b.e.r.=.".1.". ..... . . . . . . . . . . . . . . . . . . .s.t.r.e.a.m.n.a.m.e.=.".A.u.d.i.o. .S.t.r.e.a.m.". ..... . . . . . . . . . . . . . . . . . . .i.n.p.u.t.n.a.m.e.=.".A.u.d.i.o.". ..... . . . . . . . . . . . .

Static File Info

No static file info

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: cmd.exe PID: 6652 Parent PID: 4824

General

Start time:	10:19:59
Start date:	03/12/2020
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1' > cmdline.out 2>&1
Imagebase:	0xbd0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: conhost.exe PID: 6660 Parent PID: 6652

General

Start time:	10:20:00
Start date:	03/12/2020
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: wget.exe PID: 6692 Parent PID: 6652

General

Start time:	10:20:00
Start date:	03/12/2020
Path:	C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):	true
Commandline:	wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://www.videosoftdev.com/services/download.aspx?ProductID=1'
Imagebase:	0x400000
File size:	3895184 bytes
MD5 hash:	3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: video_editor_x64.exe PID: 496 Parent PID: 5772

General

Start time:	10:21:25
Start date:	03/12/2020
Path:	C:\Users\user\Desktop\download\video_editor_x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\download\video_editor_x64.exe'
Imagebase:	0x400000
File size:	89870912 bytes
MD5 hash:	10B5CDAB87CF1825DF1134F16DFF7062
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 5%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: video_editor_x64.tmp PID: 4276 Parent PID: 496

General

Start time:	10:21:26
Start date:	03/12/2020
Path:	C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\is-M4I27.tmp\video_editor_x64.tmp' /SL5='$1F0056,89355248,121344,C:\Users\user\Desktop\download\video_editor_x64.exe'
Imagebase:	0x400000
File size:	1188528 bytes
MD5 hash:	B2EAFA8C7E4EAEB302AA4AB062B17EBA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 3%, Metadefender, Browse Detection: 2%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: vcredist_x64.exe PID: 6120 Parent PID: 4276

General

Start time:	10:22:38
Start date:	03/12/2020
Path:	C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' /install /passive /norestart
Imagebase:	0xc80000
File size:	15001520 bytes
MD5 hash:	1E7BD6790391B5B710C6372AB2042351
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: vcredist_x64.exe PID: 5088 Parent PID: 6120

General

Start time:	10:22:39
Start date:	03/12/2020
Path:	C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\Temp\{B430B43B-6E75-4804-BCFD-37DBF80ECCF7}\.cr\vcredist_x64.exe' -burn.clean.room='C:\Users\user\AppData\Local\Temp\is-9NTLG.tmp\vcredist_x64.exe' -burn.filehandle.attached=580 -burn.filehandle.self=564 /install /passive /norestart
Imagebase:	0xf20000
File size:	647704 bytes
MD5 hash:	1D7599C4A31B82E70308C022E9494011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 2%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: VC_redist.x64.exe PID: 4796 Parent PID: 5088

General

Start time:	10:22:41
Start date:	03/12/2020
Path:	C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\Temp\{CEE95A1C-E22B-4560-8B03-72FA4E103FF8}\.be\VC_redist.x64.exe' -q -burn.elevated BurnPipe.{AEC565AB-0FED-47E7-88D9-B941D20CF512} {87809E35-81C0-47B4-86E7-066B690A99EC} 5088
Imagebase:	0x150000
File size:	647704 bytes
MD5 hash:	1D7599C4A31B82E70308C022E9494011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: VC_redist.x64.exe PID: 4572 Parent PID: 3388

General

Start time:	10:22:56
Start date:	03/12/2020
Path:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /burn.runonce
Imagebase:	0xa90000
File size:	647704 bytes
MD5 hash:	1D7599C4A31B82E70308C022E9494011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: VC_redist.x64.exe PID: 3016 Parent PID: 4572

General

Start time:	10:22:57
Start date:	03/12/2020
Path:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install
Imagebase:	0xa90000
File size:	647704 bytes
MD5 hash:	1D7599C4A31B82E70308C022E9494011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: VC_redist.x64.exe PID: 5636 Parent PID: 3016

General

Start time:	10:22:58
Start date:	03/12/2020
Path:	C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe
Wow64 process (32bit):	true
Commandline:	'C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.clean.room='C:\ProgramData\Package Cache\{40d3fee2-b257-46c2-bdc0-cb1088d97327}\VC_redist.x64.exe' -burn.filehandle.attached=600 -burn.filehandle.self=596 /passive /norestart /burn.log.append 'C:\Users\user\AppData\Local\Temp\dd_vcredist_amd64_20201203102239.log' /install
Imagebase:	0xa90000
File size:	647704 bytes
MD5 hash:	1D7599C4A31B82E70308C022E9494011
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: video_editor_x64.exe PID: 496 Parent PID: 5772 video_editor_x64.exeCOMMON

Execution Graph

Execution Coverage:	13%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	9.1%
Total number of Nodes:	1304
Total number of Limit Nodes:	29

Executed Functions

Function 004110C4, Relevance: 42.2, APIs: 7, Strings: 17, Instructions: 160
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E004110C4(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				long _t37;
				_Unknown_base(*)()* _t40;
				_Unknown_base(*)()* _t41;
				_Unknown_base(*)()* _t44;
				signed int _t49;
				void* _t105;
				void* _t106;
				intOrPtr _t122;
				signed int _t125;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				struct HINSTANCE__* _t140;
				intOrPtr* _t142;
				intOrPtr _t144;
				intOrPtr _t145;

				_t144 = _t145;
				_t106 = 6;
				do {
					_push(0);
					_push(0);
					_t106 = _t106 - 1;
				} while (_t106 != 0);
				_push(_t106);
				_push(_t144);
				_push(0x41131e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t145;
				 *0x415b58 =  *0x415b58 - 1;
				if( *0x415b58 >= 0) {
					L19:
					_pop(_t122);
					 *[fs:eax] = _t122;
					_push(E00411325);
					return L00404C90( &_v56, 0xd);
				}
				_t140 = GetModuleHandleW(L"kernel32.dll");
				_t37 = GetVersion();
				_t105 = 0;
				if(_t37 != 0x600) {
					_t142 = GetProcAddress(_t140, "SetDefaultDllDirectories");
					if(_t142 != 0) {
						 *_t142(0x800);
						asm("sbb ebx, ebx");
						_t105 = 1;
					}
				}
				if(_t105 == 0) {
					_t44 = GetProcAddress(_t140, "SetDllDirectoryW");
					if(_t44 != 0) {
						 *_t44(0x411378);
					}
					E0040699C( &_v8);
					E00404C98(0x415b5c, _v8);
					if( *0x415b5c != 0) {
						_t49 =  *0x415b5c; // 0x0
						if(_t49 != 0) {
							_t49 =  *(_t49 - 4);
						}
						_t125 =  *0x415b5c; // 0x0
						if( *((short*)(_t125 + _t49 * 2 - 2)) != 0x5c) {
							E00404F98(0x415b5c, 0x411388);
						}
						_t126 =  *0x415b5c; // 0x0
						E00405058( &_v12, L"uxtheme.dll", _t126);
						E004069C8(_v12, _t105);
						_t127 =  *0x415b5c; // 0x0
						E00405058( &_v16, L"userenv.dll", _t127);
						E004069C8(_v16, _t105);
						_t128 =  *0x415b5c; // 0x0
						E00405058( &_v20, L"setupapi.dll", _t128);
						E004069C8(_v20, _t105);
						_t129 =  *0x415b5c; // 0x0
						E00405058( &_v24, L"apphelp.dll", _t129);
						E004069C8(_v24, _t105);
						_t130 =  *0x415b5c; // 0x0
						E00405058( &_v28, L"propsys.dll", _t130);
						E004069C8(_v28, _t105);
						_t131 =  *0x415b5c; // 0x0
						E00405058( &_v32, L"dwmapi.dll", _t131);
						E004069C8(_v32, _t105);
						_t132 =  *0x415b5c; // 0x0
						E00405058( &_v36, L"cryptbase.dll", _t132);
						E004069C8(_v36, _t105);
						_t133 =  *0x415b5c; // 0x0
						E00405058( &_v40, L"oleacc.dll", _t133);
						E004069C8(_v40, _t105);
						_t134 =  *0x415b5c; // 0x0
						E00405058( &_v44, L"version.dll", _t134);
						E004069C8(_v44, _t105);
						_t135 =  *0x415b5c; // 0x0
						E00405058( &_v48, L"profapi.dll", _t135);
						E004069C8(_v48, _t105);
						_t136 =  *0x415b5c; // 0x0
						E00405058( &_v52, L"comres.dll", _t136);
						E004069C8(_v52, _t105);
						_t137 =  *0x415b5c; // 0x0
						E00405058( &_v56, L"clbcatq.dll", _t137);
						E004069C8(_v56, _t105);
					}
				}
				_t40 = GetProcAddress(_t140, "SetSearchPathMode");
				if(_t40 != 0) {
					 *_t40(0x8001);
				}
				_t41 = GetProcAddress(_t140, "SetProcessDEPPolicy");
				if(_t41 != 0) {
					 *_t41(1); // executed
				}
				goto L19;
			}

0x004110c5
0x004110c7
0x004110cc
0x004110cc
0x004110ce
0x004110d0
0x004110d0
0x004110d3
0x004110d9
0x004110da
0x004110df
0x004110e2
0x004110e5
0x004110ec
0x00411303
0x00411305
0x00411308
0x0041130b
0x0041131d
0x0041131d
0x004110fc
0x004110fe
0x00411105
0x0041110b
0x00411118
0x0041111c
0x00411123
0x00411128
0x0041112a
0x0041112a
0x0041111c
0x0041112d
0x00411139
0x00411140
0x00411147
0x00411147
0x0041114c
0x00411159
0x00411165
0x0041116b
0x00411172
0x00411177
0x00411177
0x00411179
0x00411185
0x00411191
0x00411191
0x0041119e
0x004111a4
0x004111ac
0x004111b9
0x004111bf
0x004111c7
0x004111d4
0x004111da
0x004111e2
0x004111ef
0x004111f5
0x004111fd
0x0041120a
0x00411210
0x00411218
0x00411225
0x0041122b
0x00411233
0x00411240
0x00411246
0x0041124e
0x0041125b
0x00411261
0x00411269
0x00411276
0x0041127c
0x00411284
0x00411291
0x00411297
0x0041129f
0x004112ac
0x004112b2
0x004112ba
0x004112c7
0x004112cd
0x004112d5
0x004112d5
0x00411165
0x004112e0
0x004112e7
0x004112ee
0x004112ee
0x004112f6
0x004112fd
0x00411301
0x00411301
0x00000000

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,0041131E,?,?,?,?,00000005,00000000,00000000), ref: 004110F7
GetVersion.KERNEL32(kernel32.dll,00000000,0041131E,?,?,?,?,00000005,00000000,00000000), ref: 004110FE
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00411113
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00411139

Part of subcall function 004069C8: SetErrorMode.KERNEL32(00008000), ref: 004069D6
Part of subcall function 004069C8: LoadLibraryW.KERNEL32(00000000,00000000,00406A20,?,00000000,00406A3E,?,00008000), ref: 00406A05

GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 004112E0
GetProcAddress.KERNEL32(00000000,SetProcessDEPPolicy), ref: 004112F6
SetProcessDEPPolicy.KERNEL32(00000001,00000000,SetProcessDEPPolicy,00000000,SetSearchPathMode,kernel32.dll,00000000,0041131E,?,?,?,?,00000005,00000000,00000000), ref: 00411301

Strings

SetDefaultDllDirectories, xrefs: 0041110D
comres.dll, xrefs: 004112A7
dwmapi.dll, xrefs: 00411220
clbcatq.dll, xrefs: 004112C2
propsys.dll, xrefs: 00411205
SetSearchPathMode, xrefs: 004112DA
SetProcessDEPPolicy, xrefs: 004112F0
profapi.dll, xrefs: 0041128C
apphelp.dll, xrefs: 004111EA
userenv.dll, xrefs: 004111B4
uxtheme.dll, xrefs: 00411199
version.dll, xrefs: 00411271
oleacc.dll, xrefs: 00411256
setupapi.dll, xrefs: 004111CF
kernel32.dll, xrefs: 004110F2
cryptbase.dll, xrefs: 0041123B
SetDllDirectoryW, xrefs: 00411133

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$ErrorHandleLibraryLoadModeModulePolicyProcessVersion
String ID: SetDefaultDllDirectories$SetDllDirectoryW$SetProcessDEPPolicy$SetSearchPathMode$apphelp.dll$clbcatq.dll$comres.dll$cryptbase.dll$dwmapi.dll$kernel32.dll$oleacc.dll$profapi.dll$propsys.dll$setupapi.dll$userenv.dll$uxtheme.dll$version.dll
API String ID: 2248137261-2388063882
Opcode ID: bcd86be6ede9f35533a8287881bcd1aec4990898a94ccdcf4b7cd9b6f9992ccf
Instruction ID: 5ba2602b3ae426752e8bc3b72944c024d579907c793108ba05fbf413d09d3323
Opcode Fuzzy Hash: bcd86be6ede9f35533a8287881bcd1aec4990898a94ccdcf4b7cd9b6f9992ccf
Instruction Fuzzy Hash: F051AE706105089BD704FBA5D8829EE73B6EF85304B60C13BEA11B76E5CB3CAD458B5C

Uniqueness

Uniqueness Score: -1.00%

Function 00405DE8, Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 207
registrystringlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00405DE8(WCHAR* __eax) {
				WCHAR* _v8;
				void* _v12;
				short _v18;
				short _v22;
				short _v32;
				int _v36;
				short _v558;
				long _t48;
				signed int _t58;
				long _t67;
				long _t69;
				long _t71;
				WCHAR* _t82;
				struct HINSTANCE__* _t89;
				struct HINSTANCE__* _t96;
				short* _t108;
				WCHAR* _t109;
				intOrPtr _t113;
				signed int _t115;
				signed int _t116;
				signed int _t118;
				signed int _t119;
				signed int _t121;
				signed int _t122;
				struct HINSTANCE__* _t124;
				void* _t127;
				void* _t129;
				intOrPtr _t130;
				long _t137;

				_t127 = _t129;
				_t130 = _t129 + 0xfffffdd4;
				_v8 = __eax;
				GetModuleFileNameW(0,  &_v558, 0x105);
				_v32 = 0;
				_t48 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t48 == 0) {
					L4:
					_push(_t127);
					_push(0x405f1c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t130;
					_v36 = 0xa;
					E00405BEC( &_v558, 0x105);
					if(RegQueryValueExW(_v12,  &_v558, 0, 0,  &_v32,  &_v36) != 0) {
						_t137 = RegQueryValueExW(_v12, E00406110, 0, 0,  &_v32,  &_v36);
						if(_t137 != 0) {
							_v32 = 0;
						}
					}
					_t58 = _v36 >> 1;
					if(_t137 < 0) {
						asm("adc eax, 0x0");
					}
					 *((short*)(_t127 + _t58 * 2 - 0x1c)) = 0;
					_pop(_t113);
					 *[fs:eax] = _t113;
					_push(E00405F23);
					return RegCloseKey(_v12);
				} else {
					_t67 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t67 == 0) {
						goto L4;
					} else {
						_t69 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t69 == 0) {
							goto L4;
						} else {
							_t71 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
							if(_t71 != 0) {
								lstrcpynW( &_v558, _v8, 0x105);
								GetLocaleInfoW(GetThreadLocale(), 3,  &_v22, 5); // executed
								_t124 = 0;
								if(_v558 != 0 && (_v22 != 0 || _v32 != 0)) {
									_t108 = lstrlenW( &_v558) + _t80 +  &_v558;
									L16:
									if( *_t108 != 0x2e && _t108 !=  &_v558) {
										_t108 = _t108 - 2;
										goto L16;
									}
									_t82 =  &_v558;
									if(_t108 != _t82) {
										_t109 = _t108 + 2;
										if(_v32 != 0) {
											_t121 = _t109 - _t82;
											_t122 = _t121 >> 1;
											if(_t121 < 0) {
												asm("adc edx, 0x0");
											}
											lstrcpynW(_t109,  &_v32, 0x105 - _t122);
											_t124 = LoadLibraryExW( &_v558, 0, 2);
										}
										if(_t124 == 0 && _v22 != 0) {
											_t115 = _t109 -  &_v558;
											_t116 = _t115 >> 1;
											if(_t115 < 0) {
												asm("adc edx, 0x0");
											}
											lstrcpynW(_t109,  &_v22, 0x105 - _t116);
											_t89 = LoadLibraryExW( &_v558, 0, 2); // executed
											_t124 = _t89;
											if(_t124 == 0) {
												_v18 = 0;
												_t118 = _t109 -  &_v558;
												_t119 = _t118 >> 1;
												if(_t118 < 0) {
													asm("adc edx, 0x0");
												}
												lstrcpynW(_t109,  &_v22, 0x105 - _t119);
												_t96 = LoadLibraryExW( &_v558, 0, 2); // executed
												_t124 = _t96;
											}
										}
									}
								}
								return _t124;
							} else {
								goto L4;
							}
						}
					}
				}
			}

0x00405de9
0x00405deb
0x00405df3
0x00405e04
0x00405e09
0x00405e24
0x00405e2b
0x00405e8b
0x00405e8d
0x00405e8e
0x00405e93
0x00405e96
0x00405e99
0x00405eab
0x00405ece
0x00405eea
0x00405eec
0x00405eee
0x00405eee
0x00405eec
0x00405ef7
0x00405ef9
0x00405efb
0x00405efb
0x00405efe
0x00405f07
0x00405f0a
0x00405f0d
0x00405f1b
0x00405e2d
0x00405e42
0x00405e49
0x00000000
0x00405e4b
0x00405e60
0x00405e67
0x00000000
0x00405e69
0x00405e7e
0x00405e85
0x00405f33
0x00405f46
0x00405f4b
0x00405f55
0x00405f83
0x00405f8a
0x00405f8e
0x00405f87
0x00000000
0x00405f87
0x00405f9a
0x00405fa2
0x00405fa8
0x00405fb0
0x00405fb4
0x00405fb6
0x00405fb8
0x00405fba
0x00405fba
0x00405fca
0x00405fdf
0x00405fdf
0x00405fe3
0x00405ff4
0x00405ff6
0x00405ff8
0x00405ffa
0x00405ffa
0x0040600a
0x0040601a
0x0040601f
0x00406023
0x00406025
0x00406033
0x00406035
0x00406037
0x00406039
0x00406039
0x00406049
0x00406059
0x0040605e
0x0040605e
0x00406023
0x00405fe3
0x00405fa2
0x00406067
0x00000000
0x00000000
0x00000000
0x00405e85
0x00405e67
0x00405e49

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00400000,004127B4), ref: 00405E04
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,004127B4), ref: 00405E24
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,004127B4), ref: 00405E42
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 00405E60
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00405E7E
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,00405F1C,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 00405EC7
RegQueryValueExW.ADVAPI32(?,00406110,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00405F1C,?,80000001), ref: 00405EE5
RegCloseKey.ADVAPI32(?,00405F23,00000000,?,?,00000000,00405F1C,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00405F16
lstrcpynW.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000), ref: 00405F33
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 00405F40
GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 00405F46
lstrlenW.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 00405F74
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00405FCA
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00405FDA
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 0040600A
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 0040601A
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 00406049

Strings

Software\CodeGear\Locales, xrefs: 00405E1A, 00405E38
Software\Borland\Locales, xrefs: 00405E56
Software\Borland\Delphi\Locales, xrefs: 00405E74

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Openlstrcpyn$LibraryLoadLocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales
API String ID: 3838733197-345420546
Opcode ID: ed19aa05aec1765680b8a5727bfaec113ff10cf714bcfc3f630a7a3f4138bf86
Instruction ID: 5f6b4038d93197cc4a444e8185523a96e657e7a92dffb1bb2a9d05fafe77d5e4
Opcode Fuzzy Hash: ed19aa05aec1765680b8a5727bfaec113ff10cf714bcfc3f630a7a3f4138bf86
Instruction Fuzzy Hash: 30615671A406197AEB21DAA5CC46FEF72BCDB0C744F404076BA01FA5C1E6BC9E448B99

Uniqueness

Uniqueness Score: -1.00%

Function 00405F23, Relevance: 15.1, APIs: 10, Instructions: 108
stringlibrarythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 90%

			E00405F23() {
				void* _t32;
				struct HINSTANCE__* _t39;
				struct HINSTANCE__* _t46;
				short* _t57;
				WCHAR* _t58;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t66;
				signed int _t67;
				struct HINSTANCE__* _t68;
				void* _t70;

				lstrcpynW(_t70 - 0x22a,  *(_t70 - 4), 0x105);
				GetLocaleInfoW(GetThreadLocale(), 3, _t70 - 0x12, 5); // executed
				_t68 = 0;
				if( *(_t70 - 0x22a) == 0 ||  *(_t70 - 0x12) == 0 &&  *(_t70 - 0x1c) == 0) {
					L20:
					return _t68;
				} else {
					_t57 = lstrlenW(_t70 - 0x22a) + _t30 + _t70 - 0x22a;
					L5:
					if( *_t57 != 0x2e && _t57 != _t70 - 0x22a) {
						_t57 = _t57 - 2;
						goto L5;
					}
					_t32 = _t70 - 0x22a;
					if(_t57 != _t32) {
						_t58 = _t57 + 2;
						if( *(_t70 - 0x1c) != 0) {
							_t66 = _t58 - _t32;
							_t67 = _t66 >> 1;
							if(_t66 < 0) {
								asm("adc edx, 0x0");
							}
							lstrcpynW(_t58, _t70 - 0x1c, 0x105 - _t67);
							_t68 = LoadLibraryExW(_t70 - 0x22a, 0, 2);
						}
						if(_t68 == 0 &&  *(_t70 - 0x12) != 0) {
							_t60 = _t58 - _t70 - 0x22a;
							_t61 = _t60 >> 1;
							if(_t60 < 0) {
								asm("adc edx, 0x0");
							}
							lstrcpynW(_t58, _t70 - 0x12, 0x105 - _t61);
							_t39 = LoadLibraryExW(_t70 - 0x22a, 0, 2); // executed
							_t68 = _t39;
							if(_t68 == 0) {
								 *((short*)(_t70 - 0xe)) = 0;
								_t63 = _t58 - _t70 - 0x22a;
								_t64 = _t63 >> 1;
								if(_t63 < 0) {
									asm("adc edx, 0x0");
								}
								lstrcpynW(_t58, _t70 - 0x12, 0x105 - _t64);
								_t46 = LoadLibraryExW(_t70 - 0x22a, 0, 2); // executed
								_t68 = _t46;
							}
						}
					}
					goto L20;
				}
			}

0x00405f33
0x00405f46
0x00405f4b
0x00405f55
0x00406060
0x00406067
0x00405f6d
0x00405f83
0x00405f8a
0x00405f8e
0x00405f87
0x00000000
0x00405f87
0x00405f9a
0x00405fa2
0x00405fa8
0x00405fb0
0x00405fb4
0x00405fb6
0x00405fb8
0x00405fba
0x00405fba
0x00405fca
0x00405fdf
0x00405fdf
0x00405fe3
0x00405ff4
0x00405ff6
0x00405ff8
0x00405ffa
0x00405ffa
0x0040600a
0x0040601a
0x0040601f
0x00406023
0x00406025
0x00406033
0x00406035
0x00406037
0x00406039
0x00406039
0x00406049
0x00406059
0x0040605e
0x0040605e
0x00406023
0x00405fe3
0x00000000
0x00405fa2

APIs

lstrcpynW.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000), ref: 00405F33
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 00405F40
GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 00405F46
lstrlenW.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 00405F74
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00405FCA
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00405FDA
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 0040600A
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 0040601A
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 00406049
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?), ref: 00406059

Strings

Software\CodeGear\Locales, xrefs: 00405E1A, 00405E38
Software\Borland\Locales, xrefs: 00405E56
Software\Borland\Delphi\Locales, xrefs: 00405E74

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales
API String ID: 1599918012-345420546
Opcode ID: f347cc9f3c477e58c1cd365ffa1779204afb21583e55c99ec7d7252987469007
Instruction ID: 4452d95ce859696c23b6bd0f50a078a4c31ee5800544849d8d1c420259f7e676
Opcode Fuzzy Hash: f347cc9f3c477e58c1cd365ffa1779204afb21583e55c99ec7d7252987469007
Instruction Fuzzy Hash: D3318232E402196BDB21DAA5CC49BEB62BC9B0C344F444076B601F72C4F6BC9E448B99

Uniqueness

Uniqueness Score: -1.00%

Function 00406458, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406458() {
				intOrPtr _v16;
				struct _SYSTEM_INFO* _t3;

				GetSystemInfo(_t3); // executed
				return _v16;
			}

0x0040645c
0x00406468

APIs

GetSystemInfo.KERNEL32 ref: 0040645C

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 9ce24fec29c07a0e080f9dc895799ad5acc0e028318248ff73c69df84a526f2f
Instruction ID: 0cc09a7703e4d468e824d7ecf1c2981a2773579081892800ab72b071deb089ba
Opcode Fuzzy Hash: 9ce24fec29c07a0e080f9dc895799ad5acc0e028318248ff73c69df84a526f2f
Instruction Fuzzy Hash: C4A012204084010AC508A7194C8380F31841945614FC80324745CB93D2E619856403DB

Uniqueness

Uniqueness Score: -1.00%

Function 00411C96, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 78%

			E00411C96(long __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t19;
				intOrPtr _t21;
				struct HWND__* _t23;
				struct HWND__* _t24;
				struct HWND__* _t27;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t38;
				intOrPtr _t41;
				int _t42;
				intOrPtr _t43;
				intOrPtr _t45;
				struct HWND__* _t48;
				intOrPtr _t49;
				intOrPtr _t52;
				void* _t55;
				intOrPtr _t61;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t71;
				void* _t74;
				void* _t75;

				_t75 = __eflags;
				_t55 = __ecx;
				0x1840();
				SetLastError(__eax);
				E0040E770(0x69, __ebx, _t55, __esi, _t75);
				E0040404C();
				_t19 =  *0x41865c; // 0x0
				 *0x41865c = 0;
				E00403894(_t19);
				_t21 =  *0x415b48; // 0x400000
				_t23 = E004068EC(0, L"STATIC", 0, _t21, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x412af0 = _t23;
				_t24 =  *0x412af0; // 0x1f0056
				 *0x418654 = SetWindowLongW(_t24, 0xfffffffc, E0040EAC4);
				_t27 =  *0x412af0; // 0x1f0056
				 *(_t74 - 0x58) = _t27;
				 *((char*)(_t74 - 0x54)) = 0;
				_t28 =  *0x418664; // 0x4264f0
				_t4 = _t28 + 0x20; // 0x55373f0
				 *((intOrPtr*)(_t74 - 0x50)) =  *_t4;
				 *((char*)(_t74 - 0x4c)) = 0;
				_t30 =  *0x418664; // 0x4264f0
				_t7 = _t30 + 0x24; // 0x1da00
				 *((intOrPtr*)(_t74 - 0x48)) =  *_t7;
				 *((char*)(_t74 - 0x44)) = 0;
				E004082D4(L"/SL5=\"$%x,%d,%d,", 2, _t74 - 0x58, _t74 - 0x40);
				_push( *((intOrPtr*)(_t74 - 0x40)));
				_push( *0x418658);
				_push(0x411f5c);
				E0040B84C(_t74 - 0x5c, __ebx, __esi, _t75);
				_push( *((intOrPtr*)(_t74 - 0x5c)));
				E0040513C(_t74 - 0x3c, 4, __edi);
				_t38 =  *0x418670; // 0x22d3cf4, executed
				E0040EB50(_t38, __ebx, 0x412aec,  *((intOrPtr*)(_t74 - 0x3c)), __edi, __esi, __fp0); // executed
				if( *0x412ae8 != 0xffffffff) {
					_t52 =  *0x412ae8; // 0x0
					E0040EA2C(_t52, 0x412aec);
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E00411E30);
				_t41 =  *0x41865c; // 0x0
				_t42 = E00403894(_t41);
				if( *0x418670 != 0) {
					_t71 =  *0x418670; // 0x22d3cf4
					_t42 = E0040E5DC(0, _t71, 0xfa, 0x32);
				}
				if( *0x418668 != 0) {
					_t49 =  *0x418668; // 0x22a008c
					_t42 = RemoveDirectoryW(E00404D24(_t49));
				}
				if( *0x412af0 != 0) {
					_t48 =  *0x412af0; // 0x1f0056
					_t42 = DestroyWindow(_t48);
				}
				if( *0x41864c != 0) {
					_t43 =  *0x41864c; // 0x2324280
					_t61 =  *0x418650; // 0x9
					_t70 =  *0x40dcc4; // 0x40dcc8
					E00405548(_t43, _t61, _t70);
					_t45 =  *0x41864c; // 0x2324280
					E00402E20(_t45);
					 *0x41864c = 0;
					return 0;
				}
				return _t42;
			}

0x00411c96
0x00411c96
0x00411c96
0x00411c9e
0x00411ca5
0x00411caa
0x00411caf
0x00411cb6
0x00411cbc
0x00411ccf
0x00411ce3
0x00411ce8
0x00411cf4
0x00411cff
0x00411d08
0x00411d0d
0x00411d10
0x00411d14
0x00411d19
0x00411d1c
0x00411d1f
0x00411d23
0x00411d28
0x00411d2b
0x00411d2e
0x00411d3f
0x00411d44
0x00411d47
0x00411d4d
0x00411d55
0x00411d5a
0x00411d65
0x00411d72
0x00411d77
0x00411d83
0x00411d85
0x00411d8a
0x00411d8a
0x00411d91
0x00411d94
0x00411d97
0x00411d9c
0x00411da1
0x00411dad
0x00411dbb
0x00411dc3
0x00411dc3
0x00411dcf
0x00411dd1
0x00411ddc
0x00411ddc
0x00411de8
0x00411dea
0x00411df0
0x00411df0
0x00411dfc
0x00411dfe
0x00411e03
0x00411e09
0x00411e0f
0x00411e14
0x00411e19
0x00411e20
0x00000000
0x00411e20
0x00411e25

APIs

SetLastError.KERNEL32(00000000), ref: 00411C9E

Part of subcall function 0040E770: GetLastError.KERNEL32(00000000,0040E817,?,?,022D3CF4), ref: 0040E793

Part of subcall function 004068EC: CreateWindowExW.USER32 ref: 0040692B

SetWindowLongW.USER32 ref: 00411CFA

Part of subcall function 0040B84C: GetCommandLineW.KERNEL32(00000000,0040B88E,?,?,00000000,?,00411D5A,00411F5C,?), ref: 0040B862

Part of subcall function 0040EB50: CreateProcessW.KERNEL32 ref: 0040EBC0
Part of subcall function 0040EB50: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,0040EC50,022D3CF4,0040EC40,00000000), ref: 0040EBD4
Part of subcall function 0040EB50: MsgWaitForMultipleObjects.USER32 ref: 0040EBED
Part of subcall function 0040EB50: GetExitCodeProcess.KERNEL32 ref: 0040EC01
Part of subcall function 0040EB50: CloseHandle.KERNEL32(?,?,00412AEC,00000001,?,00000000,000000FF,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040EC0A

RemoveDirectoryW.KERNEL32(00000000,00411E30,?,?,?,?,?,?,?,?,?,?,001F0056,000000FC,0040EAC4,00000000), ref: 00411DDC
DestroyWindow.USER32(001F0056,00411E30,?,?,?,?,?,?,?,?,?,?,001F0056,000000FC,0040EAC4,00000000), ref: 00411DF0

Strings

/SL5="$%x,%d,%d,, xrefs: 00411D3A
STATIC, xrefs: 00411CDC
InnoSetupLdrWindow, xrefs: 00411CD7

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$CloseCreateErrorHandleLastProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 2016261911-3001827809
Opcode ID: 3d5eb3ba2af2cb31e641145fdf4efdddbec66f7e0ffecaf89dfd04d9d16d1a38
Instruction ID: b533c9448902221149ce9476a49e0a73e805eb15627331010c16b366fa4b9f1f
Opcode Fuzzy Hash: 3d5eb3ba2af2cb31e641145fdf4efdddbec66f7e0ffecaf89dfd04d9d16d1a38
Instruction Fuzzy Hash: B6411570A402409FDB10EBA9ED45BDE77E5AB48308F10C53EE601AB2F5DB789852CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00401C7C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E00401C7C(void* __eax, signed int __edi, void* __ebp) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				signed int __ebx;
				void* _t58;
				signed int _t61;
				int _t65;
				signed int _t67;
				void _t70;
				int _t71;
				signed int _t78;
				void* _t79;
				signed int _t81;
				intOrPtr _t82;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				signed int _t92;
				void* _t96;
				signed int _t99;
				void* _t103;
				intOrPtr _t104;
				void* _t106;
				void* _t108;
				signed int _t113;
				void* _t115;
				void* _t116;

				_t56 = __eax;
				_t89 =  *(__eax - 4);
				_t78 =  *0x41304d; // 0x0
				if((_t89 & 0x00000007) != 0) {
					__eflags = _t89 & 0x00000005;
					if((_t89 & 0x00000005) != 0) {
						_pop(_t78);
						__eflags = _t89 & 0x00000003;
						if((_t89 & 0x00000003) == 0) {
							_push(_t78);
							_push(__edi);
							_t116 = _t115 + 0xffffffdc;
							_t103 = __eax - 0x10;
							E0040165C();
							_t58 = _t103;
							 *_t116 =  *_t58;
							_v48 =  *((intOrPtr*)(_t58 + 4));
							_t92 =  *(_t58 + 0xc);
							if((_t92 & 0x00000008) != 0) {
								_t79 = _t103;
								_t113 = _t92 & 0xfffffff0;
								_t99 = 0;
								__eflags = 0;
								while(1) {
									VirtualQuery(_t79,  &_v44, 0x1c);
									_t61 = VirtualFree(_t79, 0, 0x8000);
									__eflags = _t61;
									if(_t61 == 0) {
										_t99 = _t99 | 0xffffffff;
										goto L10;
									}
									_t104 = _v44.RegionSize;
									__eflags = _t113 - _t104;
									if(_t113 > _t104) {
										_t113 = _t113 - _t104;
										_t79 = _t79 + _t104;
										continue;
									}
									goto L10;
								}
							} else {
								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
								if(_t65 == 0) {
									_t99 = __edi | 0xffffffff;
								} else {
									_t99 = 0;
								}
							}
							L10:
							if(_t99 == 0) {
								 *_v48 =  *_t116;
								 *( *_t116 + 4) = _v48;
							}
							 *0x415ac4 = 0;
							return _t99;
						} else {
							return 0xffffffff;
						}
					} else {
						goto L31;
					}
				} else {
					__eflags = __bl;
					__ebx =  *__edx;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L14;
							}
							asm("pause");
							__eflags =  *0x4138d5;
							if(__eflags != 0) {
								continue;
							} else {
								Sleep(0);
								__edx = __edx;
								__ecx = __ecx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__eflags != 0) {
									Sleep(0xa);
									__edx = __edx;
									__ecx = __ecx;
									continue;
								}
							}
							goto L14;
						}
					}
					L14:
					_t14 = __edx + 0xc;
					 *_t14 =  *(__edx + 0xc) - 1;
					__eflags =  *_t14;
					__eax =  *(__edx + 8);
					if( *_t14 == 0) {
						__eflags = __eax;
						if(__eax == 0) {
							L20:
							 *(__ebx + 0xc) = __eax;
						} else {
							__eax =  *(__edx + 0x14);
							__ecx =  *(__edx + 4);
							 *(__eax + 4) = __ecx;
							 *(__ecx + 0x14) = __eax;
							__eax = 0;
							__eflags =  *((intOrPtr*)(__ebx + 0x10)) - __edx;
							if( *((intOrPtr*)(__ebx + 0x10)) == __edx) {
								goto L20;
							}
						}
						 *__ebx = __al;
						__eax = __edx;
						__edx =  *(__edx - 4);
						__bl =  *0x41304d; // 0x0
						L31:
						__eflags = _t78;
						_t81 = _t89 & 0xfffffff0;
						_push(_t101);
						_t106 = _t56;
						if(__eflags != 0) {
							while(1) {
								_t67 = 0x100;
								asm("lock cmpxchg [0x413a34], ah");
								if(__eflags == 0) {
									goto L32;
								}
								asm("pause");
								__eflags =  *0x4138d5;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									_t67 = 0x100;
									asm("lock cmpxchg [0x413a34], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L32;
							}
						}
						L32:
						__eflags = (_t106 - 4)[_t81] & 0x00000001;
						_t87 = (_t106 - 4)[_t81];
						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
							_t67 = _t81 + _t106;
							_t88 = _t87 & 0xfffffff0;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004014D8(_t67);
							}
						} else {
							_t88 = _t87 | 0x00000008;
							__eflags = _t88;
							(_t106 - 4)[_t81] = _t88;
						}
						__eflags =  *(_t106 - 4) & 0x00000008;
						if(( *(_t106 - 4) & 0x00000008) != 0) {
							_t88 =  *(_t106 - 8);
							_t106 = _t106 - _t88;
							_t81 = _t81 + _t88;
							__eflags = _t88 - 0xb30;
							if(_t88 >= 0xb30) {
								_t67 = E004014D8(_t106);
							}
						}
						__eflags = _t81 - 0x13ffe0;
						if(_t81 == 0x13ffe0) {
							__eflags =  *0x413a3c - 0x13ffe0;
							if( *0x413a3c != 0x13ffe0) {
								_t82 = _t106 + 0x13ffe0;
								E00401578(_t67);
								 *((intOrPtr*)(_t82 - 4)) = 2;
								 *0x413a3c = 0x13ffe0;
								 *0x413a38 = _t82;
								 *0x413a34 = 0;
								__eflags = 0;
								return 0;
							} else {
								_t108 = _t106 - 0x10;
								_t70 =  *_t108;
								_t96 =  *(_t108 + 4);
								 *(_t70 + 4) = _t96;
								 *_t96 = _t70;
								 *0x413a34 = 0;
								_t71 = VirtualFree(_t108, 0, 0x8000);
								__eflags = _t71 - 1;
								asm("sbb eax, eax");
								return _t71;
							}
						} else {
							 *(_t106 - 4) = _t81 + 3;
							 *(_t106 - 8 + _t81) = _t81;
							E00401518(_t106, _t88, _t81);
							 *0x413a34 = 0;
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = __eax;
						 *(__edx + 8) = __ecx;
						 *(__ecx - 4) = __eax;
						if(__eflags == 0) {
							__ecx =  *(__ebx + 4);
							 *(__edx + 0x14) = __ebx;
							 *(__edx + 4) = __ecx;
							 *(__ecx + 0x14) = __edx;
							 *(__ebx + 4) = __edx;
							 *__ebx = 0;
							__eax = 0;
							__eflags = 0;
							_pop(__ebx);
							return 0;
						} else {
							__eax = 0;
							__eflags = 0;
							 *__ebx = __al;
							_pop(__ebx);
							return 0;
						}
					}
				}
			}

0x00401c7c
0x00401c7c
0x00401c85
0x00401c8b
0x00401d74
0x00401d77
0x00401e64
0x00401e65
0x00401e68
0x00401708
0x0040170a
0x0040170c
0x00401711
0x00401714
0x00401719
0x0040171d
0x00401723
0x00401727
0x0040172d
0x00401749
0x0040174d
0x00401750
0x00401750
0x00401752
0x0040175a
0x00401767
0x0040176c
0x0040176e
0x00401770
0x00401773
0x00401773
0x00401775
0x00401779
0x0040177b
0x0040177d
0x0040177f
0x00000000
0x0040177f
0x00000000
0x0040177b
0x0040172f
0x00401737
0x0040173e
0x00401744
0x00401740
0x00401740
0x00401740
0x0040173e
0x00401783
0x00401785
0x0040178e
0x00401797
0x00401797
0x0040179a
0x004017aa
0x00401e6e
0x00401e73
0x00401e73
0x00000000
0x00000000
0x00000000
0x00401c91
0x00401c91
0x00401c93
0x00401c95
0x00401cf8
0x00401cf8
0x00401cfd
0x00401d01
0x00000000
0x00000000
0x00401d03
0x00401d05
0x00401d0c
0x00000000
0x00401d0e
0x00401d12
0x00401d17
0x00401d18
0x00401d19
0x00401d1e
0x00401d22
0x00401d2c
0x00401d31
0x00401d32
0x00000000
0x00401d32
0x00401d22
0x00000000
0x00401d0c
0x00401cf8
0x00401c97
0x00401c97
0x00401c97
0x00401c97
0x00401c9b
0x00401c9e
0x00401ccc
0x00401cce
0x00401ce3
0x00401ce3
0x00401cd0
0x00401cd0
0x00401cd3
0x00401cd6
0x00401cd9
0x00401cdc
0x00401cde
0x00401ce1
0x00000000
0x00000000
0x00401ce1
0x00401ce6
0x00401ce8
0x00401cea
0x00401ced
0x00401d7d
0x00401d80
0x00401d82
0x00401d84
0x00401d85
0x00401d87
0x00401d38
0x00401d38
0x00401d3d
0x00401d45
0x00000000
0x00000000
0x00401d47
0x00401d49
0x00401d50
0x00000000
0x00401d52
0x00401d54
0x00401d59
0x00401d5e
0x00401d66
0x00401d6a
0x00000000
0x00401d6a
0x00401d66
0x00000000
0x00401d50
0x00401d38
0x00401d89
0x00401d89
0x00401d91
0x00401d95
0x00401dcc
0x00401dcf
0x00401dd2
0x00401dd4
0x00401dda
0x00401ddc
0x00401ddc
0x00401d97
0x00401d97
0x00401d97
0x00401d9a
0x00401d9a
0x00401d9e
0x00401da2
0x00401de4
0x00401de7
0x00401de9
0x00401deb
0x00401df1
0x00401df5
0x00401df5
0x00401df1
0x00401da4
0x00401daa
0x00401dfc
0x00401e06
0x00401e34
0x00401e3a
0x00401e3f
0x00401e46
0x00401e50
0x00401e56
0x00401e5d
0x00401e61
0x00401e08
0x00401e08
0x00401e0b
0x00401e0d
0x00401e10
0x00401e13
0x00401e15
0x00401e24
0x00401e29
0x00401e2c
0x00401e30
0x00401e30
0x00401dac
0x00401daf
0x00401db2
0x00401dba
0x00401dbf
0x00401dc6
0x00401dca
0x00401dca
0x00401ca0
0x00401ca0
0x00401ca2
0x00401ca8
0x00401cab
0x00401cb4
0x00401cb7
0x00401cba
0x00401cbd
0x00401cc0
0x00401cc3
0x00401cc6
0x00401cc6
0x00401cc8
0x00401cc9
0x00401cad
0x00401cad
0x00401cad
0x00401caf
0x00401cb1
0x00401cb2
0x00401cb2
0x00401cab
0x00401c9e

APIs

Sleep.KERNEL32(00000000,?,?,00000000,004018EE), ref: 00401D12
Sleep.KERNEL32(0000000A,00000000,?,?,00000000,004018EE), ref: 00401D2C

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 8a3210d8f8d401be15887638caf4bd218d5a49e2ef90f71ceccc5668e523b2a1
Instruction ID: 467b249c574562f1bac75438b18abd5afc4c200c530fec1930f0d5df439eec02
Opcode Fuzzy Hash: 8a3210d8f8d401be15887638caf4bd218d5a49e2ef90f71ceccc5668e523b2a1
Instruction Fuzzy Hash: 9B71E1316452408BE715DF29CA84B66BBD4AF85314F18827FE848AB3F2D778D8418799

Uniqueness

Uniqueness Score: -1.00%

Function 00411C7F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00411C7F(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t17;
				intOrPtr _t19;
				struct HWND__* _t21;
				struct HWND__* _t22;
				struct HWND__* _t25;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t36;
				intOrPtr _t39;
				int _t40;
				intOrPtr _t41;
				intOrPtr _t43;
				struct HWND__* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t73;
				void* _t74;

				_t74 = __eflags;
				_pop(_t62);
				 *[fs:eax] = _t62;
				_t17 =  *0x41865c; // 0x0
				 *0x41865c = 0;
				E00403894(_t17);
				_t19 =  *0x415b48; // 0x400000
				_t21 = E004068EC(0, L"STATIC", 0, _t19, 0, 0, 0, 0, 0, 0, 0); // executed
				 *0x412af0 = _t21;
				_t22 =  *0x412af0; // 0x1f0056
				 *0x418654 = SetWindowLongW(_t22, 0xfffffffc, E0040EAC4);
				_t25 =  *0x412af0; // 0x1f0056
				 *(_t73 - 0x58) = _t25;
				 *((char*)(_t73 - 0x54)) = 0;
				_t26 =  *0x418664; // 0x4264f0
				_t4 = _t26 + 0x20; // 0x55373f0
				 *((intOrPtr*)(_t73 - 0x50)) =  *_t4;
				 *((char*)(_t73 - 0x4c)) = 0;
				_t28 =  *0x418664; // 0x4264f0
				_t7 = _t28 + 0x24; // 0x1da00
				 *((intOrPtr*)(_t73 - 0x48)) =  *_t7;
				 *((char*)(_t73 - 0x44)) = 0;
				E004082D4(L"/SL5=\"$%x,%d,%d,", 2, _t73 - 0x58, _t73 - 0x40);
				_push( *((intOrPtr*)(_t73 - 0x40)));
				_push( *0x418658);
				_push(0x411f5c);
				E0040B84C(_t73 - 0x5c, __ebx, __esi, _t74);
				_push( *((intOrPtr*)(_t73 - 0x5c)));
				E0040513C(_t73 - 0x3c, 4, __edi);
				_t36 =  *0x418670; // 0x22d3cf4, executed
				E0040EB50(_t36, __ebx, 0x412aec,  *((intOrPtr*)(_t73 - 0x3c)), __edi, __esi, __fp0); // executed
				if( *0x412ae8 != 0xffffffff) {
					_t50 =  *0x412ae8; // 0x0
					E0040EA2C(_t50, 0x412aec);
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E00411E30);
				_t39 =  *0x41865c; // 0x0
				_t40 = E00403894(_t39);
				if( *0x418670 != 0) {
					_t70 =  *0x418670; // 0x22d3cf4
					_t40 = E0040E5DC(0, _t70, 0xfa, 0x32);
				}
				if( *0x418668 != 0) {
					_t47 =  *0x418668; // 0x22a008c
					_t40 = RemoveDirectoryW(E00404D24(_t47));
				}
				if( *0x412af0 != 0) {
					_t46 =  *0x412af0; // 0x1f0056
					_t40 = DestroyWindow(_t46);
				}
				if( *0x41864c != 0) {
					_t41 =  *0x41864c; // 0x2324280
					_t60 =  *0x418650; // 0x9
					_t69 =  *0x40dcc4; // 0x40dcc8
					E00405548(_t41, _t60, _t69);
					_t43 =  *0x41864c; // 0x2324280
					E00402E20(_t43);
					 *0x41864c = 0;
					return 0;
				}
				return _t40;
			}

0x00411c7f
0x00411c81
0x00411c84
0x00411caf
0x00411cb6
0x00411cbc
0x00411ccf
0x00411ce3
0x00411ce8
0x00411cf4
0x00411cff
0x00411d08
0x00411d0d
0x00411d10
0x00411d14
0x00411d19
0x00411d1c
0x00411d1f
0x00411d23
0x00411d28
0x00411d2b
0x00411d2e
0x00411d3f
0x00411d44
0x00411d47
0x00411d4d
0x00411d55
0x00411d5a
0x00411d65
0x00411d72
0x00411d77
0x00411d83
0x00411d85
0x00411d8a
0x00411d8a
0x00411d91
0x00411d94
0x00411d97
0x00411d9c
0x00411da1
0x00411dad
0x00411dbb
0x00411dc3
0x00411dc3
0x00411dcf
0x00411dd1
0x00411ddc
0x00411ddc
0x00411de8
0x00411dea
0x00411df0
0x00411df0
0x00411dfc
0x00411dfe
0x00411e03
0x00411e09
0x00411e0f
0x00411e14
0x00411e19
0x00411e20
0x00000000
0x00411e20
0x00411e25

APIs

Part of subcall function 004068EC: CreateWindowExW.USER32 ref: 0040692B

SetWindowLongW.USER32 ref: 00411CFA

Part of subcall function 0040B84C: GetCommandLineW.KERNEL32(00000000,0040B88E,?,?,00000000,?,00411D5A,00411F5C,?), ref: 0040B862

Part of subcall function 0040EB50: CreateProcessW.KERNEL32 ref: 0040EBC0
Part of subcall function 0040EB50: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,0040EC50,022D3CF4,0040EC40,00000000), ref: 0040EBD4
Part of subcall function 0040EB50: MsgWaitForMultipleObjects.USER32 ref: 0040EBED
Part of subcall function 0040EB50: GetExitCodeProcess.KERNEL32 ref: 0040EC01
Part of subcall function 0040EB50: CloseHandle.KERNEL32(?,?,00412AEC,00000001,?,00000000,000000FF,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040EC0A

RemoveDirectoryW.KERNEL32(00000000,00411E30,?,?,?,?,?,?,?,?,?,?,001F0056,000000FC,0040EAC4,00000000), ref: 00411DDC
DestroyWindow.USER32(001F0056,00411E30,?,?,?,?,?,?,?,?,?,?,001F0056,000000FC,0040EAC4,00000000), ref: 00411DF0

Strings

/SL5="$%x,%d,%d,, xrefs: 00411D3A
STATIC, xrefs: 00411CDC
InnoSetupLdrWindow, xrefs: 00411CD7

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$CloseCreateHandleProcess$CodeCommandDestroyDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 3586484885-3001827809
Opcode ID: d8b040ad269f919bf68d133973d5a8c0d91c4dcc8319d04100ed1b2578fb33bc
Instruction ID: bdf286289dcee5fb5ab6c9f927e3d040cb7b6d6cdaac718be8b3363f17973679
Opcode Fuzzy Hash: d8b040ad269f919bf68d133973d5a8c0d91c4dcc8319d04100ed1b2578fb33bc
Instruction Fuzzy Hash: 94413670A002409FD710EBA9ED45BD977E5EB48308F10C53EE501AB2F5DB78A842CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040EB50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 61%

			E0040EB50(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				struct _STARTUPINFOW _v76;
				void* _v88;
				void* _v92;
				int _t23;
				intOrPtr _t49;
				DWORD* _t51;
				void* _t56;

				_v8 = 0;
				_t51 = __ecx;
				_t53 = __edx;
				_t41 = __eax;
				_push(_t56);
				_push(0x40ec25);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffa8;
				_push(0x40ec40);
				_push(__eax);
				_push(0x40ec50);
				_push(__edx);
				E0040513C( &_v8, 4, __ecx);
				E00403250( &_v76, 0x44);
				_v76.cb = 0x44;
				_t23 = CreateProcessW(0, E00404D24(_v8), 0, 0, 0, 0, 0, 0,  &_v76,  &_v92); // executed
				_t58 = _t23;
				if(_t23 == 0) {
					E0040E770(0x6a, _t41, 0, _t53, _t58);
				}
				CloseHandle(_v88);
				do {
					E0040EB24();
				} while (MsgWaitForMultipleObjects(1,  &_v92, 0, 0xffffffff, 0xff) == 1);
				E0040EB24();
				GetExitCodeProcess(_v92, _t51);
				CloseHandle(_v92);
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(E0040EC2C);
				return L00404C88( &_v8);
			}

0x0040eb5b
0x0040eb5e
0x0040eb60
0x0040eb62
0x0040eb66
0x0040eb67
0x0040eb6c
0x0040eb6f
0x0040eb72
0x0040eb77
0x0040eb78
0x0040eb7d
0x0040eb86
0x0040eb95
0x0040eb9a
0x0040ebc0
0x0040ebc5
0x0040ebc7
0x0040ebcb
0x0040ebcb
0x0040ebd4
0x0040ebd9
0x0040ebd9
0x0040ebf2
0x0040ebf7
0x0040ec01
0x0040ec0a
0x0040ec11
0x0040ec14
0x0040ec17
0x0040ec24

APIs

CreateProcessW.KERNEL32 ref: 0040EBC0
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,0040EC50,022D3CF4,0040EC40,00000000), ref: 0040EBD4
MsgWaitForMultipleObjects.USER32 ref: 0040EBED
GetExitCodeProcess.KERNEL32 ref: 0040EC01
CloseHandle.KERNEL32(?,?,00412AEC,00000001,?,00000000,000000FF,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040EC0A

Part of subcall function 0040E770: GetLastError.KERNEL32(00000000,0040E817,?,?,022D3CF4), ref: 0040E793

Strings

D, xrefs: 0040EB9A

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: a6ff89ed3a7af871bd8892619289be0b7db995d6aafe0c9dcf50d58a480d1a77
Instruction ID: add36b46b0d196150248f45db4bca9ee2f109f5487918607dc2b216ef53e974e
Opcode Fuzzy Hash: a6ff89ed3a7af871bd8892619289be0b7db995d6aafe0c9dcf50d58a480d1a77
Instruction Fuzzy Hash: 101172716042086AE700EBE6CD42F9FB7ACDF48714F51083BB605F71C1DAB9AD108669

Uniqueness

Uniqueness Score: -1.00%

Function 00411648, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E00411648(void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _t16;
				intOrPtr _t32;
				intOrPtr _t41;

				_t27 = __ebx;
				_push(0);
				_push(0);
				_push(0);
				_push(_t41);
				_push(0x411712);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				 *0x418518 =  *0x418518 - 1;
				if( *0x418518 < 0) {
					 *0x41851c = E00406728(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64DisableWow64FsRedirection");
					 *0x418520 = E00406728(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"Wow64RevertWow64FsRedirection");
					if( *0x41851c == 0 ||  *0x418520 == 0) {
						_t16 = 0;
					} else {
						_t16 = 1;
					}
					 *0x418524 = _t16;
					E0040B9D0( &_v12);
					E0040B2E0(_v12,  &_v8);
					E00404F98( &_v8, L"shell32.dll");
					E0040AC84(_v8, _t27, 0x8000); // executed
					E0040BF84(0x4c783afb,  &_v16);
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_push(E00411719);
				return L00404C90( &_v16, 3);
			}

0x00411648
0x0041164b
0x0041164d
0x0041164f
0x00411653
0x00411654
0x00411659
0x0041165c
0x0041165f
0x00411666
0x00411681
0x0041169b
0x004116a7
0x004116b2
0x004116b6
0x004116b6
0x004116b6
0x004116b8
0x004116c0
0x004116cb
0x004116d8
0x004116e5
0x004116f2
0x004116f2
0x004116f9
0x004116fc
0x004116ff
0x00411711

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00411712,?,00000000,00000000,00000000), ref: 00411676

Part of subcall function 00406728: GetProcAddress.KERNEL32(?,0040BDAE), ref: 0040674C

GetModuleHandleW.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,00000000,kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00411712,?,00000000,00000000,00000000), ref: 00411690

Part of subcall function 00406728: GetProcAddress.KERNEL32(?,00000000), ref: 0040676E

Strings

Wow64RevertWow64FsRedirection, xrefs: 00411686
shell32.dll, xrefs: 004116D3
Wow64DisableWow64FsRedirection, xrefs: 0041166C
kernel32.dll, xrefs: 00411671, 0041168B

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 2f0755cccddb31bbdbba5d8af8f80745d1cb5ed8f8d4bb57e18a718c238bbcdd
Instruction ID: d7528d1017f4a84dae1ce8805adde9276a30cd3593f776e10bb963afcfd3ed6d
Opcode Fuzzy Hash: 2f0755cccddb31bbdbba5d8af8f80745d1cb5ed8f8d4bb57e18a718c238bbcdd
Instruction Fuzzy Hash: E211C130600209BFD701EBA2D842BCD37A9E745748F61843BF600A73E1DB7D5A858A6E

Uniqueness

Uniqueness Score: -1.00%

Function 004018F8, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E004018F8(signed int __eax) {
				signed int __ebx;
				signed int __edi;
				signed int __esi;
				void* _t96;
				void** _t99;
				signed int _t104;
				signed int _t109;
				signed int _t110;
				intOrPtr* _t114;
				void* _t116;
				void* _t121;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				signed int _t134;
				signed int _t135;
				unsigned int _t141;
				signed int _t142;
				void* _t144;
				void* _t147;
				intOrPtr _t148;
				signed int _t150;
				long _t156;
				intOrPtr _t159;
				signed int _t162;

				_t129 =  *0x41304d; // 0x0
				if(__eax > 0xa2c) {
					__eflags = __eax - 0x40a2c;
					if(__eax > 0x40a2c) {
						_pop(_t120);
						__eflags = __eax;
						if(__eax >= 0) {
							_push(_t120);
							_t162 = __eax;
							_t156 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
							_t121 = _t96;
							if(_t121 != 0) {
								_t147 = _t121;
								 *((intOrPtr*)(_t147 + 8)) = _t162;
								 *(_t147 + 0xc) = _t156 | 0x00000004;
								E0040165C();
								_t99 =  *0x415acc; // 0x415ac8
								 *_t147 = 0x415ac8;
								 *0x415acc = _t121;
								 *(_t147 + 4) = _t99;
								 *_t99 = _t121;
								 *0x415ac4 = 0;
								_t121 = _t121 + 0x10;
							}
							return _t121;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t125 = (__eax + 0x000000d3 & 0xffffff00) + 0x30;
						__eflags = _t129;
						if(__eflags != 0) {
							while(1) {
								asm("lock cmpxchg [0x413a34], ah");
								if(__eflags == 0) {
									goto L42;
								}
								asm("pause");
								__eflags =  *0x4138d5;
								if(__eflags != 0) {
									continue;
								} else {
									Sleep(0);
									asm("lock cmpxchg [0x413a34], ah");
									if(__eflags != 0) {
										Sleep(0xa);
										continue;
									}
								}
								goto L42;
							}
						}
						L42:
						_t141 = _t125 - 0xb30;
						_t142 = _t141 >> 0xd;
						_t131 = _t141 >> 8;
						_t104 = 0xffffffff << _t131 &  *(0x413a44 + _t142 * 4);
						__eflags = 0xffffffff;
						if(0xffffffff == 0) {
							_t132 = _t142;
							__eflags = 0xfffffffe << _t132 &  *0x413a40;
							if((0xfffffffe << _t132 &  *0x413a40) == 0) {
								_t133 =  *0x413a3c; // 0x1122c0
								_t134 = _t133 - _t125;
								__eflags = _t134;
								if(_t134 < 0) {
									_t109 = E004015E4(_t125);
								} else {
									_t110 =  *0x413a38; // 0x25c22d0
									_t109 = _t110 - _t125;
									 *0x413a38 = _t109;
									 *0x413a3c = _t134;
									 *(_t109 - 4) = _t125 | 0x00000002;
								}
								 *0x413a34 = 0;
								return _t109;
							} else {
								asm("bsf edx, eax");
								asm("bsf ecx, eax");
								_t135 = _t132 | _t142 << 0x00000005;
								goto L50;
							}
						} else {
							asm("bsf eax, eax");
							_t135 = _t131 & 0xffffffe0 | _t104;
							L50:
							_push(_t152);
							_push(_t145);
							_t148 = 0x413ac4 + _t135 * 8;
							_t159 =  *((intOrPtr*)(_t148 + 4));
							_t114 =  *((intOrPtr*)(_t159 + 4));
							 *((intOrPtr*)(_t148 + 4)) = _t114;
							 *_t114 = _t148;
							__eflags = _t148 - _t114;
							if(_t148 == _t114) {
								asm("rol eax, cl");
								_t80 = 0x413a44 + _t142 * 4;
								 *_t80 =  *(0x413a44 + _t142 * 4) & 0xfffffffe;
								__eflags =  *_t80;
								if( *_t80 == 0) {
									asm("btr [0x413a40], edx");
								}
							}
							_t150 = 0xfffffff0 &  *(_t159 - 4);
							_t144 = 0xfffffff0 - _t125;
							__eflags = 0xfffffff0;
							if(0xfffffff0 == 0) {
								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
								__eflags =  *_t89;
							} else {
								_t116 = _t125 + _t159;
								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
								__eflags = 0xfffffff0 - 0xb30;
								if(0xfffffff0 >= 0xb30) {
									E00401518(_t116, 0xfffffffffffffff3, _t144);
								}
							}
							 *(_t159 - 4) = _t125 + 2;
							 *0x413a34 = 0;
							return _t159;
						}
					}
				} else {
					__eflags = __cl;
					__eax =  *(__edx + 0x4138dc) & 0x000000ff;
					__ebx = 0x41205c + ( *(__edx + 0x4138dc) & 0x000000ff) * 8;
					if(__eflags != 0) {
						while(1) {
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__eflags == 0) {
								goto L5;
							}
							__ebx = __ebx + 0x20;
							__eflags = __ebx;
							__eax = 0x100;
							asm("lock cmpxchg [ebx], ah");
							if(__ebx != 0) {
								__ebx = __ebx + 0x20;
								__eflags = __ebx;
								__eax = 0x100;
								asm("lock cmpxchg [ebx], ah");
								if(__ebx != 0) {
									__ebx = __ebx - 0x40;
									asm("pause");
									__eflags =  *0x4138d5;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [ebx], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
								}
							}
							goto L5;
						}
					}
					L5:
					__edx =  *(__ebx + 4);
					__eax =  *(__edx + 8);
					__ecx = 0xfffffff8;
					__eflags = __edx - __ebx;
					if(__edx == __ebx) {
						__edx =  *(__ebx + 0x10);
						__ecx =  *(__ebx + 2) & 0x0000ffff;
						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
						__eflags = __eax -  *(__ebx + 0xc);
						if(__eax >  *(__ebx + 0xc)) {
							_push(__esi);
							_push(__edi);
							__eflags =  *0x41304d;
							if(__eflags != 0) {
								while(1) {
									__eax = 0x100;
									asm("lock cmpxchg [0x413a34], ah");
									if(__eflags == 0) {
										goto L22;
									}
									asm("pause");
									__eflags =  *0x4138d5;
									if(__eflags != 0) {
										continue;
									} else {
										Sleep(0);
										__eax = 0x100;
										asm("lock cmpxchg [0x413a34], ah");
										if(__eflags != 0) {
											Sleep(0xa);
											continue;
										}
									}
									goto L22;
								}
							}
							L22:
							 *(__ebx + 1) =  *(__ebx + 1) &  *0x413a40;
							__eflags =  *(__ebx + 1) &  *0x413a40;
							if(( *(__ebx + 1) &  *0x413a40) == 0) {
								__ecx =  *(__ebx + 0x18) & 0x0000ffff;
								__edi =  *0x413a3c; // 0x1122c0
								__eflags = __edi - ( *(__ebx + 0x18) & 0x0000ffff);
								if(__edi < ( *(__ebx + 0x18) & 0x0000ffff)) {
									__eax =  *(__ebx + 0x1a) & 0x0000ffff;
									__edi = __eax;
									__eax = E004015E4(__eax);
									__esi = __eax;
									__eflags = __eax;
									if(__eax != 0) {
										goto L35;
									} else {
										 *0x413a34 = __al;
										 *__ebx = __al;
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								} else {
									__esi =  *0x413a38; // 0x25c22d0
									__ecx =  *(__ebx + 0x1a) & 0x0000ffff;
									__edx = __ecx + 0xb30;
									__eflags = __edi - __ecx + 0xb30;
									if(__edi >= __ecx + 0xb30) {
										__edi = __ecx;
									}
									__esi = __esi - __edi;
									 *0x413a3c =  *0x413a3c - __edi;
									 *0x413a38 = __esi;
									goto L35;
								}
							} else {
								asm("bsf eax, esi");
								__esi = __eax * 8;
								__ecx =  *(0x413a44 + __eax * 4);
								asm("bsf ecx, ecx");
								__ecx =  *(0x413a44 + __eax * 4) + __eax * 8 * 4;
								__edi = 0x413ac4 + ( *(0x413a44 + __eax * 4) + __eax * 8 * 4) * 8;
								__esi =  *(__edi + 4);
								__edx =  *(__esi + 4);
								 *(__edi + 4) = __edx;
								 *__edx = __edi;
								__eflags = __edi - __edx;
								if(__edi == __edx) {
									__edx = 0xfffffffe;
									asm("rol edx, cl");
									_t38 = 0x413a44 + __eax * 4;
									 *_t38 =  *(0x413a44 + __eax * 4) & 0xfffffffe;
									__eflags =  *_t38;
									if( *_t38 == 0) {
										asm("btr [0x413a40], eax");
									}
								}
								__edi = 0xfffffff0;
								__edi = 0xfffffff0 &  *(__esi - 4);
								__eflags = 0xfffffff0 - 0x10a60;
								if(0xfffffff0 < 0x10a60) {
									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
									__eflags =  *_t52;
								} else {
									__edx = __edi;
									__edi =  *(__ebx + 0x1a) & 0x0000ffff;
									__edx = __edx - __edi;
									__eax = __edi + __esi;
									__ecx = __edx + 3;
									 *(__eax - 4) = __ecx;
									 *(__edx + __eax - 8) = __edx;
									__eax = E00401518(__eax, __ecx, __edx);
								}
								L35:
								_t56 = __edi + 6; // 0x1122c6
								__ecx = _t56;
								 *(__esi - 4) = _t56;
								__eax = 0;
								 *0x413a34 = __al;
								 *__esi = __ebx;
								 *((intOrPtr*)(__esi + 8)) = 0;
								 *((intOrPtr*)(__esi + 0xc)) = 1;
								 *(__ebx + 0x10) = __esi;
								_t61 = __esi + 0x20; // 0x25c22f0
								__eax = _t61;
								__ecx =  *(__ebx + 2) & 0x0000ffff;
								__edx = __ecx + __eax;
								 *(__ebx + 8) = __ecx + __eax;
								__edi = __edi + __esi;
								__edi = __edi - __ecx;
								__eflags = __edi;
								 *(__ebx + 0xc) = __edi;
								 *__ebx = 0;
								 *(__eax - 4) = __esi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __eax;
							}
						} else {
							_t19 = __edx + 0xc;
							 *_t19 =  *(__edx + 0xc) + 1;
							__eflags =  *_t19;
							 *(__ebx + 8) = __ecx;
							 *__ebx = 0;
							 *(__eax - 4) = __edx;
							_pop(__ebx);
							return __eax;
						}
					} else {
						 *(__edx + 0xc) =  *(__edx + 0xc) + 1;
						__ecx = 0xfffffff8 &  *(__eax - 4);
						__eflags = 0xfffffff8;
						 *(__edx + 8) = 0xfffffff8 &  *(__eax - 4);
						 *(__eax - 4) = __edx;
						if(0xfffffff8 == 0) {
							__ecx =  *(__edx + 4);
							 *(__ecx + 0x14) = __ebx;
							 *(__ebx + 4) = __ecx;
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						} else {
							 *__ebx = 0;
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00401904
0x0040190a
0x00401b58
0x00401b5d
0x00401c70
0x00401c71
0x00401c73
0x004016a4
0x004016a8
0x004016b4
0x004016c4
0x004016c9
0x004016cd
0x004016cf
0x004016d1
0x004016d7
0x004016da
0x004016df
0x004016e4
0x004016ea
0x004016f0
0x004016f3
0x004016f5
0x004016fc
0x004016fc
0x00401705
0x00401c79
0x00401c79
0x00401c7b
0x00401c7b
0x00401b63
0x00401b6f
0x00401b72
0x00401b74
0x00401b1c
0x00401b21
0x00401b29
0x00000000
0x00000000
0x00401b2b
0x00401b2d
0x00401b34
0x00000000
0x00401b36
0x00401b38
0x00401b42
0x00401b4a
0x00401b4e
0x00000000
0x00401b4e
0x00401b4a
0x00000000
0x00401b34
0x00401b1c
0x00401b76
0x00401b76
0x00401b7e
0x00401b81
0x00401b8b
0x00401b8b
0x00401b92
0x00401ba5
0x00401ba9
0x00401baf
0x00401bc8
0x00401bce
0x00401bce
0x00401bd0
0x00401bee
0x00401bd2
0x00401bd2
0x00401bd7
0x00401bd9
0x00401bde
0x00401be7
0x00401be7
0x00401bf3
0x00401bfb
0x00401bb1
0x00401bb1
0x00401bbb
0x00401bc3
0x00000000
0x00401bc3
0x00401b94
0x00401b97
0x00401b9a
0x00401bfc
0x00401bfc
0x00401bfd
0x00401bfe
0x00401c05
0x00401c08
0x00401c0b
0x00401c0e
0x00401c10
0x00401c12
0x00401c19
0x00401c1b
0x00401c1b
0x00401c1b
0x00401c22
0x00401c24
0x00401c24
0x00401c22
0x00401c30
0x00401c35
0x00401c35
0x00401c37
0x00401c58
0x00401c58
0x00401c58
0x00401c39
0x00401c39
0x00401c3f
0x00401c42
0x00401c46
0x00401c4c
0x00401c4e
0x00401c4e
0x00401c4c
0x00401c60
0x00401c63
0x00401c6f
0x00401c6f
0x00401b92
0x00401910
0x00401910
0x00401912
0x00401919
0x00401920
0x00401978
0x00401978
0x0040197d
0x00401981
0x00000000
0x00000000
0x00401983
0x00401983
0x00401986
0x0040198b
0x0040198f
0x00401991
0x00401991
0x00401994
0x00401999
0x0040199d
0x0040199f
0x004019a2
0x004019a4
0x004019ab
0x00000000
0x004019ad
0x004019af
0x004019b4
0x004019b9
0x004019bd
0x004019c5
0x00000000
0x004019c5
0x004019bd
0x004019ab
0x0040199d
0x00000000
0x0040198f
0x00401978
0x00401922
0x00401922
0x00401925
0x00401928
0x0040192d
0x0040192f
0x00401948
0x0040194b
0x0040194f
0x00401951
0x00401954
0x004019cc
0x004019cd
0x004019ce
0x004019d5
0x004019d7
0x004019d7
0x004019dc
0x004019e4
0x00000000
0x00000000
0x004019e6
0x004019e8
0x004019ef
0x00000000
0x004019f1
0x004019f3
0x004019f8
0x004019fd
0x00401a05
0x00401a09
0x00000000
0x00401a09
0x00401a05
0x00000000
0x004019ef
0x004019d7
0x00401a10
0x00401a14
0x00401a14
0x00401a1a
0x00401a8c
0x00401a90
0x00401a96
0x00401a98
0x00401ac0
0x00401ac4
0x00401ac6
0x00401acb
0x00401acd
0x00401acf
0x00000000
0x00401ad1
0x00401ad1
0x00401ad6
0x00401ad8
0x00401ad9
0x00401ada
0x00401adb
0x00401adb
0x00401a9a
0x00401a9a
0x00401aa0
0x00401aa4
0x00401aaa
0x00401aac
0x00401aae
0x00401aae
0x00401ab0
0x00401ab2
0x00401ab8
0x00000000
0x00401ab8
0x00401a1c
0x00401a1c
0x00401a1f
0x00401a26
0x00401a2d
0x00401a30
0x00401a33
0x00401a3a
0x00401a3d
0x00401a40
0x00401a43
0x00401a45
0x00401a47
0x00401a49
0x00401a4e
0x00401a50
0x00401a50
0x00401a50
0x00401a57
0x00401a59
0x00401a59
0x00401a57
0x00401a60
0x00401a65
0x00401a68
0x00401a6e
0x00401adc
0x00401adc
0x00401adc
0x00401a70
0x00401a70
0x00401a72
0x00401a76
0x00401a78
0x00401a7b
0x00401a7e
0x00401a81
0x00401a85
0x00401a85
0x00401ae1
0x00401ae1
0x00401ae1
0x00401ae4
0x00401ae7
0x00401ae9
0x00401aee
0x00401af0
0x00401af3
0x00401afa
0x00401afd
0x00401afd
0x00401b00
0x00401b04
0x00401b07
0x00401b0a
0x00401b0c
0x00401b0c
0x00401b0e
0x00401b11
0x00401b14
0x00401b17
0x00401b18
0x00401b19
0x00401b1a
0x00401b1a
0x00401956
0x00401956
0x00401956
0x00401956
0x0040195a
0x0040195d
0x00401960
0x00401963
0x00401964
0x00401964
0x00401931
0x00401931
0x00401935
0x00401935
0x00401938
0x0040193b
0x0040193e
0x00401968
0x0040196b
0x0040196e
0x00401971
0x00401974
0x00401975
0x00401940
0x00401940
0x00401943
0x00401944
0x00401944
0x0040193e
0x0040192f

APIs

Sleep.KERNEL32(00000000,?,004018C6), ref: 004019AF
Sleep.KERNEL32(0000000A,00000000,?,004018C6), ref: 004019C5
Sleep.KERNEL32(00000000,?,?,?,004018C6), ref: 004019F3
Sleep.KERNEL32(0000000A,00000000,?,?,?,004018C6), ref: 00401A09

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: f51487f3f1496f02d5e4cf641ff69e07689fa8231a26707e284f0f573df8b7fc
Instruction ID: 0cef76587b77e40ce70905fbd12d0a83284de57665f5d39768faeb799c530d07
Opcode Fuzzy Hash: f51487f3f1496f02d5e4cf641ff69e07689fa8231a26707e284f0f573df8b7fc
Instruction Fuzzy Hash: A0C125726012508BCB15CF29D980796BBE0AF85351F18C2BFE485AB3E5D778A941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040ED40, Relevance: 7.6, APIs: 5, Instructions: 80
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040ED40(void* __eax) {
				char _v44;
				struct _SYSTEM_INFO _v80;
				long _v84;
				char _v88;
				long _t22;
				int _t28;
				void* _t37;
				struct _MEMORY_BASIC_INFORMATION* _t40;
				long _t41;
				void** _t42;

				_t42 =  &(_v80.dwPageSize);
				 *_t42 = __eax;
				_t40 =  &_v44;
				GetSystemInfo( &_v80); // executed
				_t22 = VirtualQuery( *_t42, _t40, 0x1c);
				if(_t22 == 0) {
					L17:
					return _t22;
				} else {
					while(1) {
						_t22 = _t40->AllocationBase;
						if(_t22 !=  *_t42) {
							goto L17;
						}
						if(_t40->State != 0x1000 || (_t40->Protect & 0x00000001) != 0) {
							L15:
							_t22 = VirtualQuery(_t40->BaseAddress + _t40->RegionSize, _t40, 0x1c);
							if(_t22 == 0) {
								goto L17;
							}
							continue;
						} else {
							_v88 = 0;
							_t41 = _t40->Protect;
							if(_t41 == 1 || _t41 == 2 || _t41 == 0x10 || _t41 == 0x20) {
								_t28 = VirtualProtect(_t40->BaseAddress, _t40->RegionSize, 0x40,  &_v84); // executed
								if(_t28 != 0) {
									_v88 = 1;
								}
							}
							_t37 = 0;
							while(_t37 < _t40->RegionSize) {
								E0040ED38(_t40->BaseAddress + _t37);
								_t37 = _t37 + _v80.dwPageSize;
							}
							if(_v88 != 0) {
								VirtualProtect( *_t40, _t40->RegionSize, _v84,  &_v84); // executed
							}
							goto L15;
						}
					}
					goto L17;
				}
			}

0x0040ed44
0x0040ed47
0x0040ed4a
0x0040ed53
0x0040ed5f
0x0040ed66
0x0040ee12
0x0040ee12
0x0040ed6c
0x0040edff
0x0040edff
0x0040ee05
0x00000000
0x00000000
0x0040ed78
0x0040edeb
0x0040edf6
0x0040edfd
0x00000000
0x00000000
0x00000000
0x0040ed80
0x0040ed80
0x0040ed85
0x0040ed8b
0x0040edaa
0x0040edb1
0x0040edb3
0x0040edb3
0x0040edb1
0x0040edb8
0x0040edc9
0x0040edc0
0x0040edc5
0x0040edc5
0x0040edd3
0x0040ede6
0x0040ede6
0x00000000
0x0040edd3
0x0040ed78
0x00000000
0x0040edff

APIs

GetSystemInfo.KERNEL32(?), ref: 0040ED53
VirtualQuery.KERNEL32(?,?,0000001C,?), ref: 0040ED5F
VirtualProtect.KERNEL32(?,?,00000040,0000001C,?,?,0000001C), ref: 0040EDAA
VirtualProtect.KERNEL32(?,?,?,0000001C,?,?,00000040,0000001C,?,?,0000001C), ref: 0040EDE6
VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C,?), ref: 0040EDF6

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: 2fc8043b29857472b58c255470cfcfd6539f48e52088e031203312cf8912bc76
Instruction ID: 4b5512479451d82684af30c3e99dc27f9476853229ddccfc2b98e30e16071c48
Opcode Fuzzy Hash: 2fc8043b29857472b58c255470cfcfd6539f48e52088e031203312cf8912bc76
Instruction Fuzzy Hash: 7B217C71104305AED730EA66C884EABB7E8EF45310F048C2EF585A32C1D339E864CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0040E414, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E0040E414(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x40e509);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					E0040B9FC( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E0040E2F8(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E00404D24(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						_push( &_v16);
						E0040DF20(0x36,  &_v32, _v8);
						_v28 = _v32;
						E00407EE8( &_v36, _t54);
						_v24 = _v36;
						E0040BF84(_t54,  &_v40);
						_v20 = _v40;
						E0040DEF0(0x68, 2,  &_v28, 0);
						_t55 = _v16;
						E00409824(_v16, 1);
						E00403F88();
					}
				}
				E00404C98(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E0040E510);
				L00404C90( &_v40, 3);
				return L00404C90( &_v16, 3);
			}

0x0040e414
0x0040e414
0x0040e415
0x0040e417
0x0040e41c
0x0040e41c
0x0040e41e
0x0040e420
0x0040e420
0x0040e423
0x0040e424
0x0040e426
0x0040e428
0x0040e42a
0x0040e42b
0x0040e430
0x0040e433
0x0040e436
0x0040e43d
0x0040e445
0x0040e44c
0x0040e45c
0x0040e463
0x00000000
0x00000000
0x0040e46a
0x0040e46c
0x0040e472
0x0040e477
0x0040e480
0x0040e488
0x0040e494
0x0040e49c
0x0040e4a4
0x0040e4ac
0x0040e4b9
0x0040e4be
0x0040e4c8
0x0040e4cd
0x0040e4cd
0x0040e472
0x0040e4dc
0x0040e4e1
0x0040e4e3
0x0040e4e6
0x0040e4e9
0x0040e4f6
0x0040e508

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,0040E509,?,?,?,00000003,00000000,00000000,?,00411A7D), ref: 0040E45C
GetLastError.KERNEL32(00000000,00000000,?,00000000,0040E509,?,?,?,00000003,00000000,00000000,?,00411A7D), ref: 0040E465

Strings

.tmp, xrefs: 0040E445

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 7edbd8eb8868f647336dcda8a82f97366c033c536537bd7bc5c9f0c834e51e1f
Instruction ID: 0fa68b6a66232beb2f5cf3e2a8c7cb538fd8d08fdd35de0873b47ece01a66cb4
Opcode Fuzzy Hash: 7edbd8eb8868f647336dcda8a82f97366c033c536537bd7bc5c9f0c834e51e1f
Instruction Fuzzy Hash: 04218B75A00109ABDB14EFE5CC41ADEB3F9EB88304F51457BF901B73C1DA389E008AA8

Uniqueness

Uniqueness Score: -1.00%

Function 004068EC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E004068EC(long __eax, WCHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00403110();
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00403100(_t13);
				return _t24;
			}

0x004068f3
0x004068f8
0x004068fa
0x0040692b
0x00406934
0x00406940

APIs

CreateWindowExW.USER32 ref: 0040692B

Strings

STATIC, xrefs: 00406929
InnoSetupLdrWindow, xrefs: 004068EF

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateWindow
String ID: InnoSetupLdrWindow$STATIC
API String ID: 716092398-2209255943
Opcode ID: c0992d5dae7087bb7648db7e278b48ea95b6fe98ae32dfbc74ce53748ec999af
Instruction ID: 6351ba77ad7f294675345a051ebbfaa16a65daa534f29d3811ce1de3ec6cb91b
Opcode Fuzzy Hash: c0992d5dae7087bb7648db7e278b48ea95b6fe98ae32dfbc74ce53748ec999af
Instruction Fuzzy Hash: E3F092B2600118BF8B80DE9DDC81EDB7BECEB4C264B05412AFA0CE7201D634ED108BA4

Uniqueness

Uniqueness Score: -1.00%

Function 004119ED, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 53%

			E004119ED(signed int __ebx, void* __edi, void* __esi, void* __fp0) {
				signed char _t70;
				intOrPtr _t82;
				void* _t96;
				void* _t98;

				_t96 = __edi;
				_pop(_t82);
				_pop(_t73);
				 *[fs:eax] = _t82;
				E0040EAA0(_t73);
				_t70 = __ebx >> 1;
				_push(__esi);
				 *((intOrPtr*)(_t98 + 0x50)) =  *((intOrPtr*)(_t98 + 0x50)) + __esi;
			}

0x004119ed
0x004119ef
0x004119f1
0x004119f2
0x00411a12
0x00411a14
0x00411a16
0x00411a1d

APIs

MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 00411A57

Strings

.tmp, xrefs: 00411A9D

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message
String ID: .tmp
API String ID: 2030045667-2986845003
Opcode ID: aa335ddb19998c274477acd24add62c4eb0e4fb4cacc36a52dd716c2d59fe4ed
Instruction ID: 4f38a7cb95b2049e0ccd3ff5d2cc9ece443d10271b968dbd08f30af9efcfd22f
Opcode Fuzzy Hash: aa335ddb19998c274477acd24add62c4eb0e4fb4cacc36a52dd716c2d59fe4ed
Instruction Fuzzy Hash: 0E419D747002409FD700EF65ED92E9A77A5EB49308B21857EF900A77B1DB39AC41CB6C

Uniqueness

Uniqueness Score: -1.00%

Function 00411A14, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 68%

			E00411A14(void* __eax, signed int __ebx, void* __edi, void* __esi, void* __fp0) {
				signed char _t69;
				void* _t94;
				void* _t96;

				_t94 = __edi;
				_t69 = __ebx >> 1;
				_push(__esi);
				 *((intOrPtr*)(_t96 + 0x50)) =  *((intOrPtr*)(_t96 + 0x50)) + __esi;
			}

0x00411a14
0x00411a14
0x00411a16
0x00411a1d

APIs

MessageBoxW.USER32(00000000,00000000,00000000,00000024), ref: 00411A57

Strings

.tmp, xrefs: 00411A9D

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message
String ID: .tmp
API String ID: 2030045667-2986845003
Opcode ID: 37fb123fd76f62bcb6a1511a136821f2e0fbe3da14741a40b1c705a0ba5e0d56
Instruction ID: 047628a6cad94539b1516682b219623fe898eb5eae23af65b704a5dfc85e6a4c
Opcode Fuzzy Hash: 37fb123fd76f62bcb6a1511a136821f2e0fbe3da14741a40b1c705a0ba5e0d56
Instruction Fuzzy Hash: 80417B746002409FD741EF65ED92EDA77B5EB49308B11857EF900A77A1CB39AC41CBAC

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC82, Relevance: 3.0, APIs: 2, Instructions: 34
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 37%

			E0040AC82(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x40acf6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x40acd8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E00404D24(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0040ACDF);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}

0x0040ac85
0x0040ac87
0x0040ac8b
0x0040ac8e
0x0040ac93
0x0040ac98
0x0040ac99
0x0040ac9e
0x0040aca1
0x0040aca4
0x0040aca9
0x0040acaa
0x0040acaf
0x0040acb2
0x0040acbd
0x0040acc2
0x0040acc7
0x0040acca
0x0040accd
0x0040acd2
0x0040acd4
0x0040acd7

APIs

SetErrorMode.KERNEL32 ref: 0040AC8E
LoadLibraryW.KERNEL32(00000000,00000000,0040ACD8,?,00000000,0040ACF6), ref: 0040ACBD

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 4a0d345e161d9aa04fb204192aef2064e70d77f987adaa7dd9b6adf39232b4dc
Instruction ID: 446626037349bff6c3d3fc7edf50d58ff88a58da299c323ca587a544ae1629d3
Opcode Fuzzy Hash: 4a0d345e161d9aa04fb204192aef2064e70d77f987adaa7dd9b6adf39232b4dc
Instruction Fuzzy Hash: 3AF08970A047447FEB115F768C5242AB6ECE74DB047538876FD01E29D1E53D4C20D569

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC84, Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040AC84(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x40acf6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x40acd8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E00404D24(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(E0040ACDF);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}

APIs

SetErrorMode.KERNEL32 ref: 0040AC8E
LoadLibraryW.KERNEL32(00000000,00000000,0040ACD8,?,00000000,0040ACF6), ref: 0040ACBD

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: d906d2629e9325c76dbb444b949735e4ca7d417c166a0045cd3f60122fff6cd7
Instruction ID: 93d40f3431e9079428ff9cf159756719ddb02882c84a7d17cb6b63846cc3cebc
Opcode Fuzzy Hash: d906d2629e9325c76dbb444b949735e4ca7d417c166a0045cd3f60122fff6cd7
Instruction Fuzzy Hash: 7CF089709047447FDB115F768C5241AB6ECE74DB047538876F901A29D1E53D4820D569

Uniqueness

Uniqueness Score: -1.00%

Function 0040C3D0, Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040C3D0(intOrPtr* __eax, void* __edx) {
				long _v16;
				long _v20;
				long _t8;
				intOrPtr* _t10;

				asm("movsd");
				asm("movsd");
				_t10 = __eax;
				_t8 = SetFilePointer( *(__eax + 4), _v20,  &_v16, 0); // executed
				if(_t8 == 0xffffffff) {
					_t8 = GetLastError();
					if(_t8 != 0) {
						_t8 = E0040C1E4( *_t10);
					}
				}
				return _t8;
			}

0x0040c3db
0x0040c3dc
0x0040c3dd
0x0040c3ef
0x0040c3f7
0x0040c3f9
0x0040c400
0x0040c404
0x0040c404
0x0040c400
0x0040c40e

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 0040C3EF
GetLastError.KERNEL32(?,?,?,00000000), ref: 0040C3F9

Part of subcall function 0040C1E4: GetLastError.KERNEL32(0040C0A4,0040C287,?,?,023626AC,?,0041187B,00000001,00000000,00000002,00000000,00411E7A,?,00000000,00411EBE), ref: 0040C1E7

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 50424b7e63cd685a17b9bd9a31ccaacf5ff4b9d99749838fd5b7a0ea15fdad11
Instruction ID: f9611c5e409b5906aabc26baa8b2dfa3f65e665b165aedc4df9fb55df43993f0
Opcode Fuzzy Hash: 50424b7e63cd685a17b9bd9a31ccaacf5ff4b9d99749838fd5b7a0ea15fdad11
Instruction Fuzzy Hash: 51E092762041009BD610E6ADD8C1AAB77DC9F85374F244737F664EB1D2D675D8008775

Uniqueness

Uniqueness Score: -1.00%

Function 0040C390, Relevance: 3.0, APIs: 2, Instructions: 30
fileCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E0040C390(intOrPtr* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t7;
				intOrPtr* _t12;

				_push(__ecx);
				_t12 = __eax;
				_t7 = ReadFile( *(__eax + 4), __edx, __ecx,  &_v16, 0); // executed
				if(_t7 == 0 && ( *((char*)(_t12 + 8)) != 0 || GetLastError() != 0x6d)) {
					E0040C1E4( *_t12);
				}
				return _v16;
			}

0x0040c393
0x0040c398
0x0040c3a7
0x0040c3ae
0x0040c3c2
0x0040c3c2
0x0040c3ce

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040C3A7
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 0040C3B6

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 30cf0fc7fcda4529806b73604fb8d9908d86cd92c6d9eb36858da68b1bf07751
Instruction ID: e0f4121c1e9b4399ab2b1c9bf066f68ed76d1cae12be267a3e8b7d415970813a
Opcode Fuzzy Hash: 30cf0fc7fcda4529806b73604fb8d9908d86cd92c6d9eb36858da68b1bf07751
Instruction Fuzzy Hash: 78E09B72214150EADB10E75A9CC4F5B57DCCB86314F04817BF904DB281C674CC10C775

Uniqueness

Uniqueness Score: -1.00%

Function 0040C328, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C328(intOrPtr* __eax, long* __edx) {
				long _t8;
				long* _t11;
				intOrPtr* _t13;

				_t11 = __edx;
				_t13 = __eax;
				 *(__edx + 4) = 0;
				_t8 = SetFilePointer( *(__eax + 4), 0, __edx + 4, 1); // executed
				 *_t11 = _t8;
				if( *_t11 == 0xffffffff) {
					_t8 = GetLastError();
					if(_t8 != 0) {
						return E0040C1E4( *_t13);
					}
				}
				return _t8;
			}

0x0040c32a
0x0040c32c
0x0040c330
0x0040c33f
0x0040c344
0x0040c349
0x0040c34b
0x0040c352
0x00000000
0x0040c356
0x0040c352
0x0040c35d

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 0040C33F
GetLastError.KERNEL32(?,00000000,?,00000001), ref: 0040C34B

Part of subcall function 0040C1E4: GetLastError.KERNEL32(0040C0A4,0040C287,?,?,023626AC,?,0041187B,00000001,00000000,00000002,00000000,00411E7A,?,00000000,00411EBE), ref: 0040C1E7

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: b5bc04d13ce7e0f4b6f76b7c9c32d4ca4eee90dc55d430a3763c41653256f821
Instruction ID: 6bb32860de773fec7b433492fb75275ead893e8bd59b77a14ca8c87ab5f49da4
Opcode Fuzzy Hash: b5bc04d13ce7e0f4b6f76b7c9c32d4ca4eee90dc55d430a3763c41653256f821
Instruction Fuzzy Hash: E1E04FB1600210DFEB10EFB588C1B66B6D89F04368F098676EA15DF2C5E675CC00C7A4

Uniqueness

Uniqueness Score: -1.00%

Function 0040C42C, Relevance: 1.5, APIs: 1, Instructions: 29
fileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C42C(intOrPtr* __eax, long __ecx, void* __edx, void* __ebp) {
				long _v16;
				void* __ebx;
				int _t6;
				intOrPtr* _t9;
				long _t15;

				_push(__ecx);
				_t15 = __ecx;
				_t9 = __eax;
				_t6 = WriteFile( *(__eax + 4), __edx, __ecx,  &_v16, 0); // executed
				if(_t6 == 0) {
					_t6 = E0040C1E4( *_t9);
				}
				if(_t15 != _v16) {
					_t6 = E0040C130(_t9, 0x1d);
				}
				return _t6;
			}

0x0040c42f
0x0040c430
0x0040c434
0x0040c443
0x0040c44a
0x0040c44e
0x0040c44e
0x0040c456
0x0040c45f
0x0040c45f
0x0040c468

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040C443

Part of subcall function 0040C1E4: GetLastError.KERNEL32(0040C0A4,0040C287,?,?,023626AC,?,0041187B,00000001,00000000,00000002,00000000,00411E7A,?,00000000,00411EBE), ref: 0040C1E7

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 3f27af93616d44cafd920d86f12288abf041101562baca60bd8f4dd466a85639
Instruction ID: 5f691bc60c61b380f8ace00ad4bc758de0d67d566e919883e0a27f2df786f2ed
Opcode Fuzzy Hash: 3f27af93616d44cafd920d86f12288abf041101562baca60bd8f4dd466a85639
Instruction Fuzzy Hash: BAE01272704110ABDB10E75ED8C0F67A7DCDF85754F00817BB548DB256D574DC048AB5

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF84, Relevance: 1.5, APIs: 1, Instructions: 28
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040BF84(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00404DD4(_t10, _t7, _t17, _t20);
			}

0x0040bf8b
0x0040bfa3
0x0040bfab
0x0040bfaf
0x0040bfb8
0x0040bfaa
0x0040bfaa
0x0040bfaa
0x00000000
0x0040bfba
0x0040bfba
0x0040bfbe
0x00000000
0x00000000
0x0040bfbe
0x00000000
0x0040bfb8
0x0040bfd1

APIs

FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,0040C156,00000000,0040C1A7,?,0040C360), ref: 0040BFA3

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 78b631aa6f0c220d234d81b028a8f39ac27aaf547ccc31545c27bd411d18f62e
Instruction ID: 54a6effb2ad2d49ab466ee6a75d0bb386577af74ea474ee3005c175c4631f906
Opcode Fuzzy Hash: 78b631aa6f0c220d234d81b028a8f39ac27aaf547ccc31545c27bd411d18f62e
Instruction Fuzzy Hash: F8E0D8A075430316F22911144C03B7B1109CBC0B00FA08436B600EF3D9DBBE985986DE

Uniqueness

Uniqueness Score: -1.00%

Function 0040B698, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E0040B698(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x40b6de);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E0040B62C(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E00404D24(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E0040B6E5);
				return L00404C88( &_v8);
			}

0x0040b69b
0x0040b6a2
0x0040b6a3
0x0040b6a8
0x0040b6ab
0x0040b6b3
0x0040b6c1
0x0040b6ca
0x0040b6cd
0x0040b6d0
0x0040b6dd

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,0040B6DE,?,?,00000000,?,0040B6F1,0040BA6E,00000000,0040BAB3,?,?,00000000,00000000), ref: 0040B6C1

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 4d65c1aa47821c360c71166b3d4a266793d1786de3f7429b732c39a9dcd030f1
Instruction ID: a06aa6656fdad5e9dbbd83ce560a082ed6b537c9876e7170b744a42e3e33ef30
Opcode Fuzzy Hash: 4d65c1aa47821c360c71166b3d4a266793d1786de3f7429b732c39a9dcd030f1
Instruction Fuzzy Hash: B3E09271704308AFE701EB72DD5391DB3ECD789704BA2087AF900F3A81E67A9E00855C

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2E0, Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C2E0(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E00404D24(__edx),  *(0x4129dc + (_a8 & 0x000000ff) * 4),  *(0x4129e8 + (_a4 & 0x000000ff) * 4), 0,  *(0x4129f8 + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}

0x0040c31d
0x0040c325

APIs

CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 0040C31D

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 63fc4f49aec430f3829336a694d8165bea7383a72ca2888a76604ad14c713c38
Instruction ID: 13404cbe62acdba55d2813df6ef1882d8c39da72c30555add375271e33042dcc
Opcode Fuzzy Hash: 63fc4f49aec430f3829336a694d8165bea7383a72ca2888a76604ad14c713c38
Instruction Fuzzy Hash: 20E012B134416C2ED240969DAC51FA6779CA719715F008023F994DB281C0A6D9209AE8

Uniqueness

Uniqueness Score: -1.00%

Function 00405B48, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405B48(void* __eax) {
				short _v532;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				WCHAR* _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x400000
					GetModuleFileNameW( *_t3,  &_v532, 0x20a);
					_t14 = E00405DE8(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x400000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x400000
				return  *_t7;
			}

0x00405b50
0x00405b56
0x00405b62
0x00405b66
0x00405b6f
0x00405b74
0x00405b76
0x00405b7b
0x00405b7d
0x00405b80
0x00405b80
0x00405b7b
0x00405b83
0x00405b8e

APIs

GetModuleFileNameW.KERNEL32(00400000,?,0000020A), ref: 00405B66

Part of subcall function 00405DE8: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00400000,004127B4), ref: 00405E04
Part of subcall function 00405DE8: RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,004127B4), ref: 00405E24
Part of subcall function 00405DE8: RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,004127B4), ref: 00405E42
Part of subcall function 00405DE8: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 00405E60
Part of subcall function 00405DE8: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00405E7E
Part of subcall function 00405DE8: RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,00405F1C,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 00405EC7
Part of subcall function 00405DE8: RegQueryValueExW.ADVAPI32(?,00406110,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,00405F1C,?,80000001), ref: 00405EE5
Part of subcall function 00405DE8: RegCloseKey.ADVAPI32(?,00405F23,00000000,?,?,00000000,00405F1C,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 00405F16

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Open$FileModuleNameQueryValue$Close
String ID:
API String ID: 2796650324-0
Opcode ID: 8c9758be25788c771a96be9b96f2f469653191ca95e081fd4ab6892ed6ab7e97
Instruction ID: 514b741bebc9be100643021af33e25a7a2a1590cfa8c206c69565e72355c73da
Opcode Fuzzy Hash: 8c9758be25788c771a96be9b96f2f469653191ca95e081fd4ab6892ed6ab7e97
Instruction Fuzzy Hash: DBE0C971A007109FCB14DE58C8C5A5737E4AF08764F044A66AD14EF386D375E9108BD5

Uniqueness

Uniqueness Score: -1.00%

Function 0040C410, Relevance: 1.5, APIs: 1, Instructions: 11
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C410(intOrPtr* __eax) {
				int _t4;
				intOrPtr* _t7;

				_t7 = __eax;
				_t4 = SetEndOfFile( *(__eax + 4)); // executed
				if(_t4 == 0) {
					return E0040C1E4( *_t7);
				}
				return _t4;
			}

0x0040c411
0x0040c417
0x0040c41e
0x00000000
0x0040c422
0x0040c428

APIs

SetEndOfFile.KERNEL32(?,7FD80010,00411C36,00000000), ref: 0040C417

Part of subcall function 0040C1E4: GetLastError.KERNEL32(0040C0A4,0040C287,?,?,023626AC,?,0041187B,00000001,00000000,00000002,00000000,00411E7A,?,00000000,00411EBE), ref: 0040C1E7

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: a3404d2f1f053cf2f3e86efe0e478a67ee0e867368918682c51ca0df89d9ab2f
Instruction ID: 6b5fd851a2480aff7a6dd7d3e712bfbbac8f25b2dfd40299735038a0fc5377eb
Opcode Fuzzy Hash: a3404d2f1f053cf2f3e86efe0e478a67ee0e867368918682c51ca0df89d9ab2f
Instruction Fuzzy Hash: C0C04CB1201100C7CB00ABEAD5C191666DC6A483083448176B504DF247D678D8108A25

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACDF, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E0040ACDF() {
				int _t4;
				intOrPtr _t7;
				void* _t8;

				_pop(_t7);
				 *[fs:eax] = _t7;
				_push(E0040ACFD);
				_t4 = SetErrorMode( *(_t8 - 0xc)); // executed
				return _t4;
			}

0x0040ace1
0x0040ace4
0x0040ace7
0x0040acf0
0x0040acf5

APIs

SetErrorMode.KERNEL32(?,0040ACFD), ref: 0040ACF0

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: fc285dc2b3e37b3a2430b6cb798d4d006232da26ef733131f1ea31aed88b1510
Instruction ID: 112f59639df773ce5e8ef13905132ba6fc2be3043f547875694a47c1d55f0219
Opcode Fuzzy Hash: fc285dc2b3e37b3a2430b6cb798d4d006232da26ef733131f1ea31aed88b1510
Instruction Fuzzy Hash: 1CB09B7764C7405EF705D695A41152863D8D7C47143A2C477F412D65C0D53D55104519

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACFB, Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ACFB() {
				int _t3;
				void* _t4;

				_t3 = SetErrorMode( *(_t4 - 0xc)); // executed
				return _t3;
			}

0x0040acf0
0x0040acf5

APIs

SetErrorMode.KERNEL32(?,0040ACFD), ref: 0040ACF0

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: e041ad833e26832a7a46faca488033c8bf34126b8d66408357392999026807de
Instruction ID: 0d6ffb28b60556907f55dc5a8f6c8d323e4632824e5f7ee3d30a7447b9079724
Opcode Fuzzy Hash: e041ad833e26832a7a46faca488033c8bf34126b8d66408357392999026807de
Instruction Fuzzy Hash: A5A0222AC0C200B3CE00F2E0800082C232C3A883003C2C8A23002B2080C03E80200A0B

Uniqueness

Uniqueness Score: -1.00%

Function 0040CE24, Relevance: 1.3, APIs: 1, Instructions: 62
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040CE24(void* __eax, void* __fp0) {
				char _v16;
				char _v20;
				void* _v28;
				void* _t29;
				void* _t32;
				void* _t40;
				void* _t50;
				long _t52;

				_t40 = __eax;
				if( *((intOrPtr*)(__eax + 8))() != 5) {
					E0040CC3C(1);
				}
				E00403250(_t40 + 0x14, 0x50);
				if(E0040D9D8(_t40 + 0x14, 0x50,  &_v16,  &_v20, 5) != 0) {
					E0040CC3C(3);
				}
				if(_v16 > 0x4000000) {
					E0040CC3C(7);
				}
				_t52 = _v20 + _v16;
				if(_t52 !=  *(_t40 + 0x68)) {
					E0040CDCC(_t40);
					_t32 = VirtualAlloc(0, _t52, 0x1000, 4); // executed
					_t50 = _t32;
					 *(_t40 + 0x64) = _t50;
					if(_t50 == 0) {
						E00409818();
					}
					 *(_t40 + 0x68) = _t52;
				}
				_t29 = E0040DA28(_t40 + 0x14,  *(_t40 + 0x64) + _v20,  *(_t40 + 0x64));
				 *((char*)(_t40 + 0x11)) = 1;
				return _t29;
			}

0x0040ce2a
0x0040ce3c
0x0040ce43
0x0040ce43
0x0040ce52
0x0040ce76
0x0040ce7d
0x0040ce7d
0x0040ce8a
0x0040ce91
0x0040ce91
0x0040ce9a
0x0040cea1
0x0040cea5
0x0040ceb4
0x0040ceb9
0x0040cebb
0x0040cec0
0x0040cec2
0x0040cec2
0x0040cec7
0x0040cec7
0x0040ced7
0x0040cedc
0x0040cee6

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0040CEB4

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1c33fdcd7db3a91dc0bea8e59b530216931318dc07da37a5218f5d87b59fbcef
Instruction ID: b6681b459df67ccd1e5ce076e039c9ae0ad0e44203837902a123d5042d1e434f
Opcode Fuzzy Hash: 1c33fdcd7db3a91dc0bea8e59b530216931318dc07da37a5218f5d87b59fbcef
Instruction Fuzzy Hash: 31117231604204DBDB10EF59D8C1B5B3798DF84319F00817AF949AB2C6D638D805CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401706, Relevance: 1.3, APIs: 1, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00401706(void* __eax) {
				struct _MEMORY_BASIC_INFORMATION _v44;
				void* _v48;
				void* _t13;
				int _t20;
				void* _t22;
				signed int _t26;
				signed int _t29;
				signed int _t30;
				void* _t34;
				intOrPtr _t35;
				signed int _t39;
				void* _t41;
				void* _t42;

				_push(_t29);
				_t42 = _t41 + 0xffffffdc;
				_t34 = __eax - 0x10;
				E0040165C();
				_t13 = _t34;
				 *_t42 =  *_t13;
				_v48 =  *((intOrPtr*)(_t13 + 4));
				_t26 =  *(_t13 + 0xc);
				if((_t26 & 0x00000008) != 0) {
					_t22 = _t34;
					_t39 = _t26 & 0xfffffff0;
					_t30 = 0;
					while(1) {
						VirtualQuery(_t22,  &_v44, 0x1c);
						if(VirtualFree(_t22, 0, 0x8000) == 0) {
							break;
						}
						_t35 = _v44.RegionSize;
						if(_t39 > _t35) {
							_t39 = _t39 - _t35;
							_t22 = _t22 + _t35;
							continue;
						}
						goto L10;
					}
					_t30 = _t30 | 0xffffffff;
				} else {
					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
					if(_t20 == 0) {
						_t30 = _t29 | 0xffffffff;
					} else {
						_t30 = 0;
					}
				}
				L10:
				if(_t30 == 0) {
					 *_v48 =  *_t42;
					 *( *_t42 + 4) = _v48;
				}
				 *0x415ac4 = 0;
				return _t30;
			}

0x0040170a
0x0040170c
0x00401711
0x00401714
0x00401719
0x0040171d
0x00401723
0x00401727
0x0040172d
0x00401749
0x0040174d
0x00401750
0x00401752
0x0040175a
0x0040176e
0x00000000
0x00000000
0x00401775
0x0040177b
0x0040177d
0x0040177f
0x00000000
0x0040177f
0x00000000
0x0040177b
0x00401770
0x0040172f
0x00401737
0x0040173e
0x00401744
0x00401740
0x00401740
0x00401740
0x0040173e
0x00401783
0x00401785
0x0040178e
0x00401797
0x00401797
0x0040179a
0x004017aa

APIs

VirtualFree.KERNEL32(?,00000000,00008000), ref: 00401737
VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040175A
VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00401767

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Virtual$Free$Query
String ID:
API String ID: 778034434-0
Opcode ID: 43b31ffd2dcb21ba126ba47275f83cb699e8ecf7e15fc526de2abcc2949b695d
Instruction ID: b087b523a7cdde792340b118d0caba1a8ecc00495ea843c26d989cfd8e6ee0d2
Opcode Fuzzy Hash: 43b31ffd2dcb21ba126ba47275f83cb699e8ecf7e15fc526de2abcc2949b695d
Instruction Fuzzy Hash: D3F069343046009FD310DB2AC984B5BB7E5EFC8760F19C67AE9889B3A1D635DC02979A

Uniqueness

Uniqueness Score: -1.00%

Function 004015E4, Relevance: 1.3, APIs: 1, Instructions: 38
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004015E4(signed int __eax) {
				void* _t4;
				intOrPtr _t7;
				signed int _t8;
				void* _t10;
				void** _t15;
				void* _t17;

				_t8 = __eax;
				E00401578(__eax);
				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
				if(_t4 == 0) {
					 *0x413a3c = 0;
					return 0;
				} else {
					_t15 =  *0x413a28; // 0x24b0000
					_t10 = _t4;
					 *_t10 = 0x413a24;
					 *0x413a28 = _t4;
					 *(_t10 + 4) = _t15;
					 *_t15 = _t4;
					_t17 = _t4 + 0x13fff0;
					 *((intOrPtr*)(_t17 - 4)) = 2;
					 *0x413a3c = 0x13ffe0 - _t8;
					_t7 = _t17 - _t8;
					 *0x413a38 = _t7;
					 *(_t7 - 4) = _t8 | 0x00000002;
					return _t7;
				}
			}

0x004015e5
0x004015e7
0x004015fa
0x00401601
0x00401652
0x0040165a
0x00401603
0x00401603
0x00401609
0x0040160b
0x00401611
0x00401616
0x00401619
0x0040161d
0x00401628
0x00401635
0x0040163d
0x0040163f
0x0040164c
0x0040164f
0x0040164f

APIs

VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,00401BF3,?,004018C6), ref: 004015FA

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 39421edb908c6995d62f2c0b4cea7b3dead7872c1aad425fc2c1c6bc86b03942
Instruction ID: cf32fbc5601a1205f328c6ffb622e927ebfe32a850b6ecb500ba2c71dea074df
Opcode Fuzzy Hash: 39421edb908c6995d62f2c0b4cea7b3dead7872c1aad425fc2c1c6bc86b03942
Instruction Fuzzy Hash: 49F06DF1B103405FDB04DF7A9E817427BD6AB89396F20C03EE549EB7A8E77585418B08

Uniqueness

Uniqueness Score: -1.00%

Function 0040C2AC, Relevance: 1.3, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040C2AC(signed int __edx) {
				void* _t3;
				void* _t4;
				void* _t6;
				signed int _t11;
				void* _t15;

				_t4 = E00403A8C(_t3, __edx);
				_t11 = __edx;
				_t15 = _t4;
				if( *((char*)(_t15 + 8)) != 0) {
					CloseHandle( *(_t15 + 4)); // executed
				}
				_t6 = E00403884(_t11 & 0x000000fc);
				if(_t11 > 0) {
					return E00403A34(_t15);
				}
				return _t6;
			}

0x0040c2ae
0x0040c2b3
0x0040c2b5
0x0040c2bb
0x0040c2c1
0x0040c2c1
0x0040c2cd
0x0040c2d4
0x00000000
0x0040c2d8
0x0040c2df

APIs

CloseHandle.KERNEL32(?), ref: 0040C2C1

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: f207754768eb2adbf3d9bba580aefa7a1eecef27c8b5d337bcd18dd9ac0b30e3
Instruction ID: 52e0be0a24c7e9235cb3898ef0266e034d147dd7413e0674b114539fed1210a4
Opcode Fuzzy Hash: f207754768eb2adbf3d9bba580aefa7a1eecef27c8b5d337bcd18dd9ac0b30e3
Instruction Fuzzy Hash: 19D02B42B00A2003C21177FE44C128BA6884F0436AB084A7EB590E72D2D73CCE01439C

Uniqueness

Uniqueness Score: -1.00%

Function 0040CDCC, Relevance: 1.3, APIs: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040CDCC(void* __eax) {
				void* _t6;
				void* _t9;

				_t9 = __eax;
				 *((intOrPtr*)(__eax + 0x68)) = 0;
				_t6 =  *(__eax + 0x64);
				if(_t6 != 0) {
					VirtualFree(_t6, 0, 0x8000); // executed
					 *((intOrPtr*)(_t9 + 0x64)) = 0;
					return 0;
				}
				return _t6;
			}

0x0040cdcd
0x0040cdd1
0x0040cdd4
0x0040cdd9
0x0040cde3
0x0040cdea
0x00000000
0x0040cdea
0x0040cdee

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,0040CDB2), ref: 0040CDE3

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: ff04fd8dcd11e6fbafa61476d2b9ef1a7874464dd62cbe148c55b2defef5a7c5
Instruction ID: d4de7230741a84b6279af0e8d68159cf60326ecd709791186f7f3d6a8192444b
Opcode Fuzzy Hash: ff04fd8dcd11e6fbafa61476d2b9ef1a7874464dd62cbe148c55b2defef5a7c5
Instruction Fuzzy Hash: 83D0E9B17553009BEB90FF794DC1B023BD96F08740F11447A6508EA286E674D454C654

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00405BEC, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 152
stringlibraryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E00405BEC(WCHAR* __eax, int __edx) {
				WCHAR* _v8;
				int _v12;
				WCHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t53;
				signed int _t54;
				signed int _t59;
				signed int _t60;
				signed int _t105;
				signed int _t106;
				intOrPtr* _t107;
				WCHAR* _t114;
				WCHAR* _t116;
				short* _t117;
				void* _t118;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_v20 = GetModuleHandleW(L"kernel32.dll");
				if(_v20 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t116 =  &(_v8[2]);
						goto L10;
					} else {
						if(_v8[1] == 0x5c) {
							_t117 = E00405BC8( &(_v8[2]));
							if( *_t117 != 0) {
								_t17 = _t117 + 2; // 0x2
								_t116 = E00405BC8(_t17);
								if( *_t116 != 0) {
									L10:
									_t105 = _t116 - _v8;
									_t106 = _t105 >> 1;
									if(_t105 < 0) {
										asm("adc ebx, 0x0");
									}
									lstrcpynW( &_v1134, _v8, _t106 + 1);
									while( *_t116 != 0) {
										_t114 = E00405BC8( &(_t116[1]));
										_t53 = _t114 - _t116;
										_t54 = _t53 >> 1;
										if(_t53 < 0) {
											asm("adc eax, 0x0");
										}
										if(_t54 + _t106 + 1 <= 0x105) {
											_t59 = _t114 - _t116;
											_t60 = _t59 >> 1;
											if(_t59 < 0) {
												asm("adc eax, 0x0");
											}
											lstrcpynW( &_v1134 + _t106 + _t106, _t116, _t60 + 1);
											_v20 = FindFirstFileW( &_v1134,  &_v612);
											if(_v20 != 0xffffffff) {
												FindClose(_v20);
												if(lstrlenW( &(_v612.cFileName)) + _t106 + 1 + 1 <= 0x105) {
													 *((short*)(_t118 + _t106 * 2 - 0x46a)) = 0x5c;
													lstrcpynW( &(( &_v1134 + _t106 + _t106)[1]),  &(_v612.cFileName), 0x105 - _t106 - 1);
													_t106 = _t106 + lstrlenW( &(_v612.cFileName)) + 1;
													_t116 = _t114;
													continue;
												}
											}
										}
										goto L23;
									}
									lstrcpynW(_v8,  &_v1134, _v12);
								}
							}
						}
					}
				} else {
					_t107 = GetProcAddress(_v20, "GetLongPathNameW");
					if(_t107 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t107() == 0) {
							goto L4;
						} else {
							lstrcpynW(_v8,  &_v1134, _v12);
						}
					}
				}
				L23:
				return _v16;
			}

0x00405bf8
0x00405bfb
0x00405c01
0x00405c0e
0x00405c15
0x00405c5a
0x00405c61
0x00405ca1
0x00000000
0x00405c63
0x00405c6b
0x00405c7c
0x00405c82
0x00405c88
0x00405c90
0x00405c96
0x00405ca4
0x00405ca6
0x00405ca9
0x00405cab
0x00405cad
0x00405cad
0x00405cbf
0x00405d8e
0x00405cd1
0x00405cd5
0x00405cd7
0x00405cd9
0x00405cdb
0x00405cdb
0x00405ce6
0x00405cee
0x00405cf0
0x00405cf2
0x00405cf4
0x00405cf4
0x00405d07
0x00405d1f
0x00405d26
0x00405d30
0x00405d4c
0x00405d4e
0x00405d78
0x00405d8a
0x00405d8c
0x00000000
0x00405d8c
0x00405d4c
0x00405d26
0x00000000
0x00405ce6
0x00405da7
0x00405da7
0x00405c96
0x00405c82
0x00405c6b
0x00405c17
0x00405c25
0x00405c29
0x00000000
0x00405c2b
0x00405c2b
0x00405c36
0x00405c3a
0x00405c3f
0x00000000
0x00405c41
0x00405c50
0x00405c50
0x00405c3f
0x00405c29
0x00405dac
0x00405db5

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00407574,00400000,004127B4), ref: 00405C09
GetProcAddress.KERNEL32(?,GetLongPathNameW), ref: 00405C20
lstrcpynW.KERNEL32(?,?,?), ref: 00405C50
lstrcpynW.KERNEL32(?,?,?,kernel32.dll,00407574,00400000,004127B4), ref: 00405CBF
lstrcpynW.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,00407574,00400000,004127B4), ref: 00405D07
FindFirstFileW.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,00407574,00400000,004127B4), ref: 00405D1A
FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,00407574,00400000,004127B4), ref: 00405D30
lstrlenW.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,00407574,00400000,004127B4), ref: 00405D3C
lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,00407574,00400000), ref: 00405D78
lstrlenW.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,00407574), ref: 00405D84
lstrcpynW.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 00405DA7

Strings

GetLongPathNameW, xrefs: 00405C17
kernel32.dll, xrefs: 00405C04
\, xrefs: 00405D4E

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 3245196872-3908791685
Opcode ID: 1253a85fb23fe974578941fb111989e320402073ff3a7dddb8b82e84d419481d
Instruction ID: c2074287e695d44b88807d81ef8362fcd301c369dd62e3440cf0f4018af864f0
Opcode Fuzzy Hash: 1253a85fb23fe974578941fb111989e320402073ff3a7dddb8b82e84d419481d
Instruction Fuzzy Hash: DB515071A006199BDB10DAA9CC89ADF73BCEF48310F1445B7A604F7291E778AE408F58

Uniqueness

Uniqueness Score: -1.00%

Function 0040E538, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040E538() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				intOrPtr* _t6;
				int _t7;

				_t6 =  *0x412c7c; // 0x4127d8
				if( *_t6 != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}

0x0040e53b
0x0040e543
0x0040e5a0
0x0040e5a4
0x0040e5ac
0x00000000
0x0040e5ae
0x0040e555
0x0040e567
0x0040e56c
0x0040e574
0x0040e58e
0x0040e59a
0x00000000
0x00000000
0x00000000
0x0040e59c
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 0040E548
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 0040E54E
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 0040E567
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E58E
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E593
ExitWindowsEx.USER32(00000002,00000000), ref: 0040E5A4

Strings

SeShutdownPrivilege, xrefs: 0040E560

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 73c640dd25bf0da1a066829e78cec9cf5526ed5c6ab4e34b88ea435bccd2a059
Instruction ID: ae4826e5ab51033c7cebb5d2f9562618bb8fce06cce608ca78d8d7bd7c41feda
Opcode Fuzzy Hash: 73c640dd25bf0da1a066829e78cec9cf5526ed5c6ab4e34b88ea435bccd2a059
Instruction Fuzzy Hash: DAF04F70255302BAE610AAA68C07F6B71885B40B0CF544C3AF641FA1C1F7BDD525866E

Uniqueness

Uniqueness Score: -1.00%

Function 0040EE14, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040EE14() {
				struct HRSRC__* _t10;
				void* _t11;
				void* _t12;

				_t10 = FindResourceW(0, 0x2b67, 0xa);
				if(_t10 == 0) {
					E0040EC58();
				}
				if(SizeofResource(0, _t10) != 0x2c) {
					E0040EC58();
				}
				_t11 = LoadResource(0, _t10);
				if(_t11 == 0) {
					E0040EC58();
				}
				_t12 = LockResource(_t11);
				if(_t12 == 0) {
					E0040EC58();
				}
				return _t12;
			}

0x0040ee23
0x0040ee27
0x0040ee29
0x0040ee29
0x0040ee39
0x0040ee3b
0x0040ee3b
0x0040ee48
0x0040ee4c
0x0040ee4e
0x0040ee4e
0x0040ee59
0x0040ee5d
0x0040ee5f
0x0040ee5f
0x0040ee67

APIs

FindResourceW.KERNEL32(00000000,00002B67,0000000A,?,00411893,00000000,00411E26,?,00000001,00000000,00000002,00000000,00411E7A,?,00000000,00411EBE), ref: 0040EE1E
SizeofResource.KERNEL32(00000000,00000000,00000000,00002B67,0000000A,?,00411893,00000000,00411E26,?,00000001,00000000,00000002,00000000,00411E7A), ref: 0040EE31
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,00411893,00000000,00411E26,?,00000001,00000000,00000002,00000000), ref: 0040EE43
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00002B67,0000000A,?,00411893,00000000,00411E26,?,00000001,00000000,00000002), ref: 0040EE54

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: beedabd750f458dd06f1c9f94445ebe4908f2dd77a18a1ac7d15fc2b28cb6172
Instruction ID: 9a1a894cb87de906872dbc2c4e5ff6763d0dc0ebe58e3aebe34ffc217bd0bdf7
Opcode Fuzzy Hash: beedabd750f458dd06f1c9f94445ebe4908f2dd77a18a1ac7d15fc2b28cb6172
Instruction Fuzzy Hash: ECE09A8678934A25F51536F748CBB2A41485B2974EF01083FB705792C3DEBDCC78416E

Uniqueness

Uniqueness Score: -1.00%

Function 0040805C, Relevance: 1.6, APIs: 1, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E0040805C(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, WCHAR* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				short _v24;
				signed int _v28;
				intOrPtr _v117;
				intOrPtr* _t28;
				WCHAR* _t29;
				int _t30;
				short _t35;
				intOrPtr _t38;
				WCHAR* _t43;
				intOrPtr* _t44;
				short _t53;
				short _t55;

				_t28 = __eax +  *__eax;
				 *_t28 =  *_t28 + _t28;
				 *__edx =  *__edx + __ebx;
				 *_t28 =  *_t28 + _t28;
				 *_t28 =  *_t28 + _t28;
				_v117 = _v117 + __edx;
				_push(__ebx);
				_t29 = _a8;
				if(_t29 == 0) {
					_t29 = 0;
				}
				_t30 = GetDiskFreeSpaceW(_t29,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t53 = _v24;
				_t35 = E004058EC(_v28, _t53, _v16, 0);
				_t43 = _a8;
				 *_t43 = _t35;
				_t43[2] = _t53;
				_t55 = _v24;
				_t38 = E004058EC(_v28, _t55, _v20, 0);
				_t44 = _a12;
				 *_t44 = _t38;
				 *(_t44 + 4) = _t55;
				return _t30;
			}

0x0040805c
0x0040805e
0x00408061
0x00408063
0x00408065
0x00408067
0x0040806e
0x0040806f
0x00408074
0x00408076
0x00408076
0x00408089
0x00408098
0x0040809b
0x004080a8
0x004080ab
0x004080b0
0x004080b3
0x004080b5
0x004080c2
0x004080c5
0x004080ca
0x004080cd
0x004080cf
0x004080d8

APIs

GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 00408089

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: DiskFreeSpace
String ID:
API String ID: 1705453755-0
Opcode ID: 1b7c22238b0c46b284b2b107f6e5e28a964c48cdf51e692455e1591c4b1c28f1
Instruction ID: a068575fb17e70d0eb2dd941d71b6181fb06f7ad23ffcb3780b10a2596b4250a
Opcode Fuzzy Hash: 1b7c22238b0c46b284b2b107f6e5e28a964c48cdf51e692455e1591c4b1c28f1
Instruction Fuzzy Hash: C01112B5E05249AFCB01DFA9C8818EFBBF5EF89300B14C5AAE405EB251D6315E05CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00408EB4, Relevance: 1.5, APIs: 1, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00408EB4(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				short _v516;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00404C98(_t10, _t18);
				}
				return E00404DD4(_t10, _t5 - 1,  &_v516, _t19);
			}

0x00408ebf
0x00408ec1
0x00408ed2
0x00408ed7
0x00408ed9
0x00000000
0x00408ef1
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00408ED2

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 246054f9c36c1f2196f49bbd947a24d2e959c1ac7231b52c9a5afb00355492ba
Instruction ID: efd930654affab819bb145c5b770efe1d407367608a80b1910e27d3113095914
Opcode Fuzzy Hash: 246054f9c36c1f2196f49bbd947a24d2e959c1ac7231b52c9a5afb00355492ba
Instruction Fuzzy Hash: B5E0927170021857E714A5998D869E7725C9B88300F00017FBA05E7383ED759D5043E9

Uniqueness

Uniqueness Score: -1.00%

Function 00408F00, Relevance: 1.5, APIs: 1, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00408F00(int __eax, signed int __ecx, int __edx) {
				short _v16;
				signed int _t5;
				signed int _t10;

				_push(__ecx);
				_t10 = __ecx;
				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t10;
				} else {
					_t5 = _v16 & 0x0000ffff;
				}
				return _t5;
			}

0x00408f03
0x00408f04
0x00408f1a
0x00408f22
0x00408f1c
0x00408f1c
0x00408f1c
0x00408f28

APIs

GetLocaleInfoW.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040A65C,00000000,0040A886,?,?,00000000,00000000), ref: 00408F13

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 94732180e3b9d4c1534f10bd835daa7b5d390fea32fce7ec4f8fcd00424c145c
Instruction ID: c1a5af872d8d8e0d8faaa3b155c0f045d42fbc39b27c6cde3df4525be18a7e6a
Opcode Fuzzy Hash: 94732180e3b9d4c1534f10bd835daa7b5d390fea32fce7ec4f8fcd00424c145c
Instruction Fuzzy Hash: 20D0A7B630922076E620916B7E45D7766DDCBC4772F10443FBA89D7281D674CC05D379

Uniqueness

Uniqueness Score: -1.00%

Function 0040E640, Relevance: 1.5, APIs: 1, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E640(signed int __eax) {
				short _v8;
				signed int _t6;

				_t6 = GetLocaleInfoW(__eax & 0x0000ffff, 0x20001004,  &_v8, 2);
				if(_t6 <= 0) {
					return _t6 | 0xffffffff;
				}
				return _v8;
			}

0x0040e656
0x0040e65d
0x00000000
0x0040e664
0x00000000

APIs

GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,0040E73F), ref: 0040E656

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6308b6ad815ab94f5877452a5c18b2a5c5f0fe134cd48218108c47e1a222a2b6
Instruction ID: 61ad4570fdc9bd1f637c2ab62d59952224da12b932db04316d1523c8ac21b311
Opcode Fuzzy Hash: 6308b6ad815ab94f5877452a5c18b2a5c5f0fe134cd48218108c47e1a222a2b6
Instruction Fuzzy Hash: 2BD05BA1514308FAF900C1E66D42D7672DCD704728F500A27F614D61C1D567EE109225

Uniqueness

Uniqueness Score: -1.00%

Function 0041259C, Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

&A, xrefs: 004126D0

Memory Dump Source

Source File: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID: &A
API String ID: 0-2212290781
Opcode ID: 7cda35c2fd951c8a4d2e45f027828ecc992470c42a4f9e30a6a1d732ba2a0d1d
Instruction ID: 306928f97ec2f51691e63637be24080422374242fbd85ed4d93a80dcf80ae8aa
Opcode Fuzzy Hash: 7cda35c2fd951c8a4d2e45f027828ecc992470c42a4f9e30a6a1d732ba2a0d1d
Instruction Fuzzy Hash: 1851CE6244E3C0AFD3274B3489651957FB0AEAB22475A01CFC4C5CF4B3DA6E099BC726

Uniqueness

Uniqueness Score: -1.00%

Function 0040D33C, Relevance: .5, Instructions: 545
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E0040D33C(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				char _v25;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				char _v64;
				char* _v68;
				void* _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed int _v88;
				char _v89;
				char _v96;
				signed int _v100;
				signed int _v104;
				short* _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				char _v136;
				signed int _t370;
				void* _t375;
				signed int _t377;
				signed int _t381;
				signed int _t389;
				signed int _t395;
				signed int _t411;
				intOrPtr _t422;
				signed int _t426;
				signed int _t435;
				void* _t448;
				signed int _t458;
				char _t460;
				signed int _t474;
				char* _t503;
				signed int _t508;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t622;

				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 =  *((intOrPtr*)(_v8 + 0x10));
				_v24 = 0;
				_v32 = (1 <<  *(_v8 + 8)) - 1;
				_v36 = (1 <<  *(_v8 + 4)) - 1;
				_v40 =  *_v8;
				_t617 =  *((intOrPtr*)(_v8 + 0x34));
				_t474 =  *(_v8 + 0x44);
				_v44 =  *((intOrPtr*)(_v8 + 0x38));
				_v48 =  *((intOrPtr*)(_v8 + 0x3c));
				_v52 =  *((intOrPtr*)(_v8 + 0x40));
				_v56 =  *((intOrPtr*)(_v8 + 0x48));
				_v60 =  *((intOrPtr*)(_v8 + 0x2c));
				_v64 =  *((intOrPtr*)(_v8 + 0x30));
				_v68 =  *((intOrPtr*)(_v8 + 0x1c));
				_v72 =  *((intOrPtr*)(_v8 + 0xc));
				_t616 =  *((intOrPtr*)(_v8 + 0x28));
				_v128 =  *((intOrPtr*)(_v8 + 0x20));
				_v124 =  *((intOrPtr*)(_v8 + 0x24));
				_v120 = _v12;
				_v136 =  *((intOrPtr*)(_v8 + 0x14));
				_v132 =  *((intOrPtr*)(_v8 + 0x18));
				 *_a4 = 0;
				if(_v56 == 0xffffffff) {
					return 0;
				}
				__eflags = _v72;
				if(_v72 == 0) {
					_v68 =  &_v76;
					_v72 = 1;
					_v76 =  *((intOrPtr*)(_v8 + 0x4c));
				}
				__eflags = _v56 - 0xfffffffe;
				if(_v56 != 0xfffffffe) {
					L12:
					_v108 = _v16 + _v24;
					while(1) {
						__eflags = _v56;
						if(_v56 == 0) {
							break;
						}
						__eflags = _v24 - _a8;
						if(_v24 < _a8) {
							_t458 = _t616 - _t617;
							__eflags = _t458 - _v72;
							if(_t458 >= _v72) {
								_t458 = _t458 + _v72;
								__eflags = _t458;
							}
							_t460 =  *((intOrPtr*)(_v68 + _t458));
							 *((char*)(_v68 + _t616)) = _t460;
							 *_v108 = _t460;
							_v24 = _v24 + 1;
							_v108 = _v108 + 1;
							_t616 = _t616 + 1;
							__eflags = _t616 - _v72;
							if(_t616 == _v72) {
								_t616 = 0;
								__eflags = 0;
							}
							_t116 =  &_v56;
							 *_t116 = _v56 - 1;
							__eflags =  *_t116;
							continue;
						}
						break;
					}
					__eflags = _t616;
					if(_t616 != 0) {
						_v25 =  *((intOrPtr*)(_v68 + _t616 - 1));
					} else {
						_v25 =  *((intOrPtr*)(_v68 + _v72 - 1));
					}
					__eflags = 0;
					_v116 = 0;
					_v112 = 0;
					while(1) {
						L24:
						_v108 = _v16 + _v24;
						__eflags = _v24 - _a8;
						if(_v24 >= _a8) {
							break;
						} else {
							goto L25;
						}
						while(1) {
							L25:
							_v88 = _v24 + _v60 & _v32;
							__eflags = _v116;
							if(_v116 != 0) {
								break;
							}
							__eflags = _v112;
							if(_v112 == 0) {
								_t370 = E0040D094((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88,  &_v136);
								__eflags = _t370;
								if(_t370 != 0) {
									_t375 = E0040D094(_t474 + _t474 + _v20 + 0x180,  &_v136);
									__eflags = _t375 != 1;
									if(_t375 != 1) {
										_v52 = _v48;
										_v48 = _v44;
										_v44 = _t617;
										__eflags = _t474 - 7;
										if(__eflags >= 0) {
											_t377 = 0xa;
										} else {
											_t377 = 7;
										}
										_t474 = _t377;
										_v56 = E0040D244(_v20 + 0x664, _v88,  &_v136, __eflags);
										_t503 =  &_v136;
										__eflags = _v56 - 4;
										if(_v56 >= 4) {
											_t381 = 3;
										} else {
											_t381 = _v56;
										}
										_v100 = E0040D11C((_t381 << 6) + (_t381 << 6) + _v20 + 0x360, _t503, 6);
										__eflags = _v100 - 4;
										if(_v100 < 4) {
											_t618 = _v100;
										} else {
											_v104 = (_v100 >> 1) - 1;
											_t524 = _v104;
											_t622 = (_v100 & 0x00000001 | 0x00000002) << _v104;
											__eflags = _v100 - 0xe;
											if(_v100 >= 0xe) {
												_t395 = E0040D034( &_v136, _t524, _v104 + 0xfffffffc);
												_t618 = _t622 + (_t395 << 4) + E0040D160(_v20 + 0x644,  &_v136, 4);
											} else {
												_t618 = _t622 + E0040D160(_t622 + _t622 + _v20 + 0x560 - _v100 + _v100 + 0xfffffffe,  &_v136, _v104);
											}
										}
										_t617 = _t618 + 1;
										__eflags = _t617;
										if(_t617 != 0) {
											L82:
											_v56 = _v56 + 2;
											__eflags = _t617 - _v64;
											if(_t617 <= _v64) {
												__eflags = _v72 - _v64 - _v56;
												if(_v72 - _v64 <= _v56) {
													_v64 = _v72;
												} else {
													_v64 = _v64 + _v56;
												}
												while(1) {
													_t389 = _t616 - _t617;
													__eflags = _t389 - _v72;
													if(_t389 >= _v72) {
														_t389 = _t389 + _v72;
														__eflags = _t389;
													}
													_v25 =  *((intOrPtr*)(_v68 + _t389));
													 *((char*)(_v68 + _t616)) = _v25;
													_t616 = _t616 + 1;
													__eflags = _t616 - _v72;
													if(_t616 == _v72) {
														_t616 = 0;
														__eflags = 0;
													}
													_v56 = _v56 - 1;
													 *_v108 = _v25;
													_v24 = _v24 + 1;
													_v108 = _v108 + 1;
													__eflags = _v56;
													if(_v56 == 0) {
														break;
													}
													__eflags = _v24 - _a8;
													if(_v24 < _a8) {
														continue;
													}
													break;
												}
												L93:
												__eflags = _v24 - _a8;
												if(_v24 < _a8) {
													continue;
												}
												goto L94;
											}
											return 1;
										} else {
											_v56 = 0xffffffff;
											goto L94;
										}
									}
									_t411 = E0040D094(_t474 + _t474 + _v20 + 0x198,  &_v136);
									__eflags = _t411;
									if(_t411 != 0) {
										__eflags = E0040D094(_t474 + _t474 + _v20 + 0x1b0,  &_v136);
										if(__eflags != 0) {
											__eflags = E0040D094(_t474 + _t474 + _v20 + 0x1c8,  &_v136);
											if(__eflags != 0) {
												_t422 = _v52;
												_v52 = _v48;
											} else {
												_t422 = _v48;
											}
											_v48 = _v44;
										} else {
											_t422 = _v44;
										}
										_v44 = _t617;
										_t617 = _t422;
										L65:
										_v56 = E0040D244(_v20 + 0xa68, _v88,  &_v136, __eflags);
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t426 = 0xb;
										} else {
											_t426 = 8;
										}
										_t474 = _t426;
										goto L82;
									}
									__eflags = E0040D094((_t474 << 4) + (_t474 << 4) + _v20 + _v88 + _v88 + 0x1e0,  &_v136);
									if(__eflags != 0) {
										goto L65;
									}
									__eflags = _v64;
									if(_v64 != 0) {
										__eflags = _t474 - 7;
										if(_t474 >= 7) {
											_t508 = 0xb;
										} else {
											_t508 = 9;
										}
										_t474 = _t508;
										_t435 = _t616 - _t617;
										__eflags = _t435 - _v72;
										if(_t435 >= _v72) {
											_t435 = _t435 + _v72;
											__eflags = _t435;
										}
										_v25 =  *((intOrPtr*)(_v68 + _t435));
										 *((char*)(_v68 + _t616)) = _v25;
										_t616 = _t616 + 1;
										__eflags = _t616 - _v72;
										if(_t616 == _v72) {
											_t616 = 0;
											__eflags = 0;
										}
										 *_v108 = _v25;
										_v24 = _v24 + 1;
										__eflags = _v64 - _v72;
										if(_v64 < _v72) {
											_v64 = _v64 + 1;
										}
										goto L24;
									}
									return 1;
								}
								_t448 = (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) + (((_v24 + _v60 & _v36) << _v40) + (0 >> 8 - _v40) << 8) * 2 + _v20 + 0xe6c;
								__eflags = _t474 - 7;
								if(__eflags < 0) {
									_v25 = E0040D1A4(_t448,  &_v136, __eflags);
								} else {
									_v96 = _t616 - _t617;
									__eflags = _v96 - _v72;
									if(__eflags >= 0) {
										_t161 =  &_v96;
										 *_t161 = _v96 + _v72;
										__eflags =  *_t161;
									}
									_v89 =  *((intOrPtr*)(_v68 + _v96));
									_v25 = E0040D1D0(_t448, _v89,  &_v136, __eflags);
								}
								 *_v108 = _v25;
								_v24 = _v24 + 1;
								_v108 = _v108 + 1;
								__eflags = _v64 - _v72;
								if(_v64 < _v72) {
									_t180 =  &_v64;
									 *_t180 = _v64 + 1;
									__eflags =  *_t180;
								}
								 *((char*)(_v68 + _t616)) = _v25;
								_t616 = _t616 + 1;
								__eflags = _t616 - _v72;
								if(_t616 == _v72) {
									_t616 = 0;
									__eflags = 0;
								}
								__eflags = _t474 - 4;
								if(_t474 >= 4) {
									__eflags = _t474 - 0xa;
									if(_t474 >= 0xa) {
										_t474 = _t474 - 6;
									} else {
										_t474 = _t474 - 3;
									}
								} else {
									_t474 = 0;
								}
								goto L93;
							}
							return 1;
						}
						return _v116;
					}
					L94:
					 *((intOrPtr*)(_v8 + 0x20)) = _v128;
					 *((intOrPtr*)(_v8 + 0x24)) = _v124;
					 *((intOrPtr*)(_v8 + 0x28)) = _t616;
					 *((intOrPtr*)(_v8 + 0x2c)) = _v60 + _v24;
					 *((intOrPtr*)(_v8 + 0x30)) = _v64;
					 *((intOrPtr*)(_v8 + 0x34)) = _t617;
					 *((intOrPtr*)(_v8 + 0x38)) = _v44;
					 *((intOrPtr*)(_v8 + 0x3c)) = _v48;
					 *((intOrPtr*)(_v8 + 0x40)) = _v52;
					 *(_v8 + 0x44) = _t474;
					 *((intOrPtr*)(_v8 + 0x48)) = _v56;
					 *((char*)(_v8 + 0x4c)) = _v76;
					 *((intOrPtr*)(_v8 + 0x14)) = _v136;
					 *((intOrPtr*)(_v8 + 0x18)) = _v132;
					 *_a4 = _v24;
					__eflags = 0;
					return 0;
				}
				_v80 = (0x300 <<  *(_v8 + 4) + _v40) + 0x736;
				_v84 = 0;
				_v108 = _v20;
				__eflags = _v84 - _v80;
				if(_v84 >= _v80) {
					L7:
					_v52 = 1;
					_v48 = 1;
					_v44 = 1;
					_t617 = 1;
					_v60 = 0;
					_v64 = 0;
					_t474 = 0;
					_t616 = 0;
					 *((char*)(_v68 + _v72 - 1)) = 0;
					E0040CFF4( &_v136);
					__eflags = _v116;
					if(_v116 != 0) {
						return _v116;
					}
					__eflags = _v112;
					if(_v112 == 0) {
						__eflags = 0;
						_v56 = 0;
						goto L12;
					} else {
						return 1;
					}
				} else {
					goto L6;
				}
				do {
					L6:
					 *_v108 = 0x400;
					_v84 = _v84 + 1;
					_v108 = _v108 + 2;
					__eflags = _v84 - _v80;
				} while (_v84 < _v80);
				goto L7;
			}

0x0040d348
0x0040d34b
0x0040d34e
0x0040d359
0x0040d35c
0x0040d36d
0x0040d37e
0x0040d386
0x0040d38f
0x0040d395
0x0040d39b
0x0040d3a4
0x0040d3ad
0x0040d3b6
0x0040d3bf
0x0040d3c8
0x0040d3d1
0x0040d3da
0x0040d3e3
0x0040d3e9
0x0040d3f2
0x0040d3f8
0x0040d401
0x0040d40f
0x0040d415
0x0040d41b
0x00000000
0x0040d41d
0x0040d424
0x0040d428
0x0040d42d
0x0040d430
0x0040d43d
0x0040d43d
0x0040d440
0x0040d444
0x0040d4e5
0x0040d4ee
0x0040d523
0x0040d523
0x0040d527
0x00000000
0x00000000
0x0040d52c
0x0040d52f
0x0040d4f5
0x0040d4f7
0x0040d4fa
0x0040d4fc
0x0040d4fc
0x0040d4fc
0x0040d509
0x0040d50a
0x0040d510
0x0040d512
0x0040d515
0x0040d518
0x0040d519
0x0040d51c
0x0040d51e
0x0040d51e
0x0040d51e
0x0040d520
0x0040d520
0x0040d520
0x00000000
0x0040d520
0x00000000
0x0040d52f
0x0040d531
0x0040d533
0x0040d54b
0x0040d535
0x0040d53f
0x0040d53f
0x0040d550
0x0040d552
0x0040d555
0x0040d558
0x0040d558
0x0040d561
0x0040d567
0x0040d56a
0x00000000
0x00000000
0x00000000
0x00000000
0x0040d570
0x0040d570
0x0040d579
0x0040d57c
0x0040d580
0x00000000
0x00000000
0x0040d58a
0x0040d58e
0x0040d5b1
0x0040d5b6
0x0040d5b8
0x0040d691
0x0040d696
0x0040d697
0x0040d7d7
0x0040d7dd
0x0040d7e0
0x0040d7e3
0x0040d7e6
0x0040d7ef
0x0040d7e8
0x0040d7e8
0x0040d7e8
0x0040d7f4
0x0040d80c
0x0040d80f
0x0040d815
0x0040d819
0x0040d820
0x0040d81b
0x0040d81b
0x0040d81b
0x0040d83c
0x0040d83f
0x0040d843
0x0040d8bc
0x0040d845
0x0040d84b
0x0040d84e
0x0040d85a
0x0040d85c
0x0040d860
0x0040d896
0x0040d8b8
0x0040d862
0x0040d886
0x0040d886
0x0040d860
0x0040d8bf
0x0040d8bf
0x0040d8c0
0x0040d8cb
0x0040d8cb
0x0040d8cf
0x0040d8d2
0x0040d8e4
0x0040d8e7
0x0040d8f4
0x0040d8e9
0x0040d8ec
0x0040d8ec
0x0040d8f7
0x0040d8f9
0x0040d8fb
0x0040d8fe
0x0040d900
0x0040d900
0x0040d900
0x0040d909
0x0040d912
0x0040d915
0x0040d916
0x0040d919
0x0040d91b
0x0040d91b
0x0040d91b
0x0040d91d
0x0040d926
0x0040d928
0x0040d92b
0x0040d92e
0x0040d932
0x00000000
0x00000000
0x0040d937
0x0040d93a
0x00000000
0x00000000
0x00000000
0x0040d93a
0x0040d93c
0x0040d93f
0x0040d942
0x00000000
0x00000000
0x00000000
0x0040d942
0x00000000
0x0040d8c2
0x0040d8c2
0x00000000
0x0040d8c2
0x0040d8c0
0x0040d6af
0x0040d6b4
0x0040d6b6
0x0040d766
0x0040d768
0x0040d786
0x0040d788
0x0040d78f
0x0040d795
0x0040d78a
0x0040d78a
0x0040d78a
0x0040d79b
0x0040d76a
0x0040d76a
0x0040d76a
0x0040d79e
0x0040d7a1
0x0040d7a3
0x0040d7b9
0x0040d7bc
0x0040d7bf
0x0040d7c8
0x0040d7c1
0x0040d7c1
0x0040d7c1
0x0040d7cd
0x00000000
0x0040d7cd
0x0040d6dd
0x0040d6df
0x00000000
0x00000000
0x0040d6e5
0x0040d6e9
0x0040d6f5
0x0040d6f8
0x0040d701
0x0040d6fa
0x0040d6fa
0x0040d6fa
0x0040d706
0x0040d70a
0x0040d70c
0x0040d70f
0x0040d711
0x0040d711
0x0040d711
0x0040d71a
0x0040d723
0x0040d726
0x0040d727
0x0040d72a
0x0040d72c
0x0040d72c
0x0040d72c
0x0040d734
0x0040d736
0x0040d73c
0x0040d73f
0x0040d745
0x0040d745
0x00000000
0x0040d73f
0x00000000
0x0040d6eb
0x0040d5e8
0x0040d5ed
0x0040d5f0
0x0040d631
0x0040d5f2
0x0040d5f6
0x0040d5fc
0x0040d5ff
0x0040d604
0x0040d604
0x0040d604
0x0040d604
0x0040d610
0x0040d621
0x0040d621
0x0040d63a
0x0040d63c
0x0040d63f
0x0040d645
0x0040d648
0x0040d64a
0x0040d64a
0x0040d64a
0x0040d64a
0x0040d653
0x0040d656
0x0040d657
0x0040d65a
0x0040d65c
0x0040d65c
0x0040d65c
0x0040d65e
0x0040d661
0x0040d66a
0x0040d66d
0x0040d677
0x0040d66f
0x0040d66f
0x0040d66f
0x0040d663
0x0040d663
0x0040d663
0x00000000
0x0040d661
0x00000000
0x0040d590
0x00000000
0x0040d582
0x0040d948
0x0040d94e
0x0040d957
0x0040d95d
0x0040d969
0x0040d972
0x0040d978
0x0040d981
0x0040d98a
0x0040d993
0x0040d999
0x0040d9a2
0x0040d9ab
0x0040d9b7
0x0040d9c0
0x0040d9c9
0x0040d9cb
0x00000000
0x0040d9cb
0x0040d461
0x0040d464
0x0040d46c
0x0040d472
0x0040d475
0x0040d48e
0x0040d495
0x0040d498
0x0040d49b
0x0040d49e
0x0040d4a0
0x0040d4a5
0x0040d4a8
0x0040d4b0
0x0040d4b2
0x0040d4bd
0x0040d4c2
0x0040d4c6
0x00000000
0x0040d4c8
0x0040d4d0
0x0040d4d4
0x0040d4e0
0x0040d4e2
0x00000000
0x0040d4d6
0x00000000
0x0040d4d6
0x00000000
0x00000000
0x00000000
0x0040d477
0x0040d477
0x0040d47a
0x0040d47f
0x0040d482
0x0040d489
0x0040d489
0x00000000

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
Instruction ID: a068efe37126c024b14c2b8cc3b836a628f8053012d03d8a2c3558ca0f700bcf
Opcode Fuzzy Hash: 7cb438cf7f0ff76753a1d16800e3023f3e313fbbfbb21f985cf38b771b24bb28
Instruction Fuzzy Hash: 2532D375E00219DFCB14CFD9C980AADBBB2BF88314F24816AD815BB395D734AE46CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00402260, Relevance: .1, Instructions: 94
COMMONCrypto

Download Yara Rule

C-Code - Quality: 51%

			E00402260(void* __eax, char* __edx) {
				char* _t103;

				_t103 = __edx;
				_t39 = __eax + 1;
				 *__edx = 0xffffffff89705f71;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = 0xbadbbd;
				asm("sbb edi, 0xffffffff");
				 *__edx = ((((((((((__eax + 0x00000001) * 0x89705f41 >> 0x00000020 & 0x1fffffff) + 0xfffffffe25c17d04 + (_t39 * 0x89705f41 >> 0x0000001e) & 0x0fffffff) + 0xfffffffe25c17d04 & 0x07ffffff) + 0xfffffffe25c17d04 & 0x03ffffff) + 0xfffffffe25c17d04 & 0x01ffffff) + 0xfffffffe25c17d04 & 0x00ffffff) + 0xfffffffe25c17d04 & 0x007fffff) + 0xfffffffe25c17d04 & 0x003fffff) + 0xfffffffe25c17d04 & 0x001fffff) + 0xfffffffe25c17d04 >> 0x00000014 | 0x00000030;
				_t37 = _t103 + 1; // 0x1
				return _t37;
			}

0x00402261
0x00402263
0x00402285
0x0040228c
0x0040229d
0x004022a8
0x004022b9
0x004022c4
0x004022d5
0x004022e0
0x004022f1
0x004022fc
0x0040230d
0x00402318
0x00402329
0x00402334
0x00402345
0x00402350
0x00402361
0x00402369
0x00402372
0x00402374
0x00402378

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
Instruction ID: d9ca5c35b085eece62e9f9345e2df5b5b2dbbbf6d6fdc43b5a6e4acac797e09a
Opcode Fuzzy Hash: b6d55ffda06be9354f45c85752ae1684c48c89628f5d423d6395e0bf3078b847
Instruction Fuzzy Hash: 44317E3213659B4EC7088B3CC8514ADAB93BE937353A843B7C071CB5D7D7B5A26E8290

Uniqueness

Uniqueness Score: -1.00%

Function 004096AC, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E004096AC(long __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char* _v8;
				long _v12;
				short _v140;
				short _v2188;
				void* _t16;
				char* _t18;
				intOrPtr _t20;
				intOrPtr _t22;
				intOrPtr _t31;
				intOrPtr _t55;
				intOrPtr _t56;
				int _t60;
				void* _t63;

				_push(__ebx);
				_push(__esi);
				_v8 = 0;
				_push(_t63);
				_push(0x4097d1);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t63 + 0xfffff778;
				_t60 = E004094C0(_t16, __ebx,  &_v2188, __edx, __edi, __esi, __fp0, 0x400);
				_t18 =  *0x412c2c; // 0x41304c
				if( *_t18 == 0) {
					_t20 =  *0x412b48; // 0x406b84
					_t12 = _t20 + 4; // 0xffe8
					_t22 =  *0x415b48; // 0x400000
					LoadStringW(E00405B90(_t22),  *_t12,  &_v140, 0x40);
					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
				} else {
					_t31 =  *0x412b68; // 0x413324
					E00402F6C(E0040317C(_t31));
					WideCharToMultiByte(1, 0,  &_v2188, _t60, 0, 0, 0, 0);
					 *((intOrPtr*)(__ebx + 0x458d53d8)) =  *((intOrPtr*)(__ebx + 0x458d53d8)) - 1;
					asm("cld");
					E00405AD8();
					WideCharToMultiByte(1, 0,  &_v2188, _t60, _v8, __ebx, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v8, __ebx,  &_v12, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x4097ec, 2,  &_v12, 0);
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E004097D8);
				_t56 =  *0x409688; // 0x40968c
				return E00405AE4( &_v8, _t56);
			}

0x004096b5
0x004096b6
0x004096b9
0x004096be
0x004096bf
0x004096c4
0x004096c7
0x004096da
0x004096dc
0x004096e4
0x00409782
0x00409787
0x0040978b
0x00409796
0x004097b0
0x004096ea
0x004096ea
0x004096f4
0x0040970d
0x00409711
0x00409717
0x00409723
0x00409740
0x00409758
0x00409772
0x00409772
0x004097b7
0x004097ba
0x004097bd
0x004097c5
0x004097d0

APIs

Part of subcall function 004094C0: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040966C), ref: 004094F3
Part of subcall function 004094C0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00409517
Part of subcall function 004094C0: GetModuleFileNameW.KERNEL32(00400000,?,00000105), ref: 00409532
Part of subcall function 004094C0: LoadStringW.USER32(00000000,0000FFE7,?,00000100), ref: 004095CD

WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,004097D1), ref: 0040970D
WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00409740
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00409752
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00409758
GetStdHandle.KERNEL32(000000F4,004097EC,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0040976C
WriteFile.KERNEL32(00000000,000000F4,004097EC,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 00409772
LoadStringW.USER32(00000000,0000FFE8,?,00000040), ref: 00409796
MessageBoxW.USER32(00000000,?,?,00002010), ref: 004097B0

Strings

L0A, xrefs: 004096DC
$3A, xrefs: 004096EA

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
String ID: $3A$L0A
API String ID: 135118572-3383676211
Opcode ID: 6256b621ce2eaf9d39ea15f4150e8e09d1030e9b365cd881d9086c78bb695208
Instruction ID: d743ab820349e8adbd7c60ec5032b16471490a2e5750d79ad5bafee0f0e263d8
Opcode Fuzzy Hash: 6256b621ce2eaf9d39ea15f4150e8e09d1030e9b365cd881d9086c78bb695208
Instruction Fuzzy Hash: A3317572644204BFEB10EB65DC82FDA77BCEB08704F508176B605F71D2DA74AE508B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040969F, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0040969F(void* __eax, long __ebx, void* __ecx, void* __edx, void* __edi, int __esi, void* __fp0, intOrPtr _a8) {
				void* _v4;
				long _v8;
				intOrPtr _v16;
				short _v140;
				char _v1564;
				char _v1636;
				short _v2184;
				short _v2188;
				char _v2196;
				intOrPtr* _t22;
				long _t44;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t58;
				int _t60;

				_t60 = __esi;
				_t44 = __ebx;
				_t22 = __eax + 1;
				 *_t22 =  *_t22 + __ecx;
				_push(__ebx);
				if( *_t22 >= 0) {
					L9:
					E00405AD8();
					WideCharToMultiByte(1, 0,  &_v2184, _t60, _v4, _t44, 0, 0);
					WriteFile(GetStdHandle(0xfffffff4), _v4, _t44,  &_v8, 0);
					WriteFile(GetStdHandle(0xfffffff4), 0x4097ec, 2,  &_v8, 0);
					goto L11;
				} else {
					_push(__ebp);
					if(__eflags == 0) {
						L8:
						 *((intOrPtr*)(__ebx + 0x458d53d8)) =  *((intOrPtr*)(__ebx + 0x458d53d8)) - 1;
						asm("cld");
						goto L9;
					} else {
						asm("insb");
						if(__eflags >= 0) {
							E00408290(_v4,  &_v1564, _a8, __fp0);
							E004080DC(_v4);
							_t58 = 4;
							 *[fs:eax] = _t58;
							_push(E00409673);
							return L00404C88( &_v1636);
						} else {
							asm("rcl byte [ebp-0x75], 0xec");
							_push(__ebp);
							__ebp = __esp;
							__esp = __esp + 0xfffff778;
							_push(__ebx);
							_push(__esi);
							__ecx = 0;
							_v16 = 0;
							__ecx = 0;
							_push(__ebp);
							_push(0x4097d1);
							_push( *[fs:ecx]);
							 *[fs:ecx] = __esp;
							__ecx =  &_v2196;
							__esi = __eax;
							__eax =  *0x412c2c; // 0x41304c
							__eflags =  *__eax;
							if( *__eax == 0) {
								__eax =  &_v140;
								__eax =  *0x412b48; // 0x406b84
								_t17 = __eax + 4; // 0xffe8
								__eax =  *_t17;
								__eax =  *0x415b48; // 0x400000
								 &_v140 =  &_v2188;
								__eax = MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
							} else {
								__eax =  *0x412b68; // 0x413324
								 &_v2188 = WideCharToMultiByte(1, 0,  &_v2188, __esi, 0, 0, 0, 0);
								goto L8;
							}
							L11:
							__eflags = 0;
							_pop(_t55);
							 *[fs:eax] = _t55;
							_push(E004097D8);
							_t56 =  *0x409688; // 0x40968c
							return E00405AE4( &_v4, _t56);
						}
					}
				}
			}

0x0040969f
0x0040969f
0x0040969f
0x004096a0
0x004096a2
0x004096a3
0x00409718
0x00409723
0x00409740
0x00409758
0x00409772
0x00000000
0x004096a5
0x004096a5
0x004096a6
0x00409711
0x00409711
0x00409717
0x00000000
0x004096a8
0x004096a8
0x004096a9
0x00409644
0x0040964c
0x00409655
0x00409658
0x0040965b
0x0040966b
0x004096ab
0x004096ab
0x004096ac
0x004096ad
0x004096af
0x004096b5
0x004096b6
0x004096b7
0x004096b9
0x004096bc
0x004096be
0x004096bf
0x004096c4
0x004096c7
0x004096cf
0x004096da
0x004096dc
0x004096e1
0x004096e4
0x0040977b
0x00409782
0x00409787
0x00409787
0x0040978b
0x004097a7
0x004097b0
0x004096ea
0x004096ea
0x0040970d
0x00000000
0x0040970d
0x004097b5
0x004097b5
0x004097b7
0x004097ba
0x004097bd
0x004097c5
0x004097d0
0x004097d0
0x004096a9
0x004096a6

APIs

WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,004097D1), ref: 0040970D
WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00409740
GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00409752
WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00409758
GetStdHandle.KERNEL32(000000F4,004097EC,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 0040976C
WriteFile.KERNEL32(00000000,000000F4,004097EC,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 00409772

Part of subcall function 004094C0: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040966C), ref: 004094F3
Part of subcall function 004094C0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00409517
Part of subcall function 004094C0: GetModuleFileNameW.KERNEL32(00400000,?,00000105), ref: 00409532
Part of subcall function 004094C0: LoadStringW.USER32(00000000,0000FFE7,?,00000100), ref: 004095CD

LoadStringW.USER32(00000000,0000FFE8,?,00000040), ref: 00409796
MessageBoxW.USER32(00000000,?,?,00002010), ref: 004097B0

Strings

L0A, xrefs: 004096DC
$3A, xrefs: 004096EA

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
String ID: $3A$L0A
API String ID: 135118572-3383676211
Opcode ID: 59a5544e00e8df00c93c8ac2435b0a387c19da4843a0f052570015d5bc5b541a
Instruction ID: 9623f77fa857817c419b37d2b63328917fb83caa2a3adea5a2c34ff05e22799b
Opcode Fuzzy Hash: 59a5544e00e8df00c93c8ac2435b0a387c19da4843a0f052570015d5bc5b541a
Instruction Fuzzy Hash: 0331B272644204BFEB14EB61DC82F9A77BCDB44714F6041BAB601B71D2DAB96E408A68

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCB4, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82
registryCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E0040BCB4(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr* _t22;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x40bdae);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E00406728(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					_t22 =  *0x412c7c; // 0x4127d8
					if( *_t22 != 2) {
						if(E0040BC8C(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E0040BC80();
							RegCloseKey(_v12);
						}
					} else {
						if(E0040BC8C(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E0040BC80();
							RegCloseKey(_v12);
						}
					}
					E00405058( &_v20, _v8, E0040BEC4);
					E004032EC(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E0040BDB5);
				L00404C88( &_v20);
				return L00404C88( &_v8);
			}

0x0040bcba
0x0040bcbd
0x0040bcc0
0x0040bcc5
0x0040bcc6
0x0040bccb
0x0040bcce
0x0040bce1
0x0040bce8
0x0040bcf3
0x0040bcfb
0x0040bd50
0x0040bd5d
0x0040bd66
0x0040bd66
0x0040bcfd
0x0040bd18
0x0040bd25
0x0040bd2e
0x0040bd2e
0x0040bd18
0x0040bd76
0x0040bd81
0x0040bd8c
0x0040bd8c
0x0040bcea
0x0040bcea
0x0040bcec
0x0040bd92
0x0040bd95
0x0040bd98
0x0040bda0
0x0040bdad

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,0040BDAE), ref: 0040BCDB

Part of subcall function 00406728: GetProcAddress.KERNEL32(?,0040BDAE), ref: 0040674C

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,0040BDAE), ref: 0040BD2E

Strings

Locale, xrefs: 0040BD1D
GetUserDefaultUILanguage, xrefs: 0040BCD1
.DEFAULT\Control Panel\International, xrefs: 0040BD05
Control Panel\Desktop\ResourceLocale, xrefs: 0040BD3D
kernel32.dll, xrefs: 0040BCD6

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: ff68f8bc8c37020399e68e1f56bafd439613cb074afb5eacf4222545351c9975
Instruction ID: 8956addf40242155cfdb2216673929f7d9524eb236bbacd825fdfe017c78867f
Opcode Fuzzy Hash: ff68f8bc8c37020399e68e1f56bafd439613cb074afb5eacf4222545351c9975
Instruction Fuzzy Hash: 6D212330604209ABEB10EAA5CC52BDEB7A9EF44304F61447BA500F76D1EB7C9E4587DC

Uniqueness

Uniqueness Score: -1.00%

Function 0040A5A8, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 203
threadCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E0040A5A8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t135;
				intOrPtr _t187;
				intOrPtr _t197;
				intOrPtr _t198;

				_t195 = __esi;
				_t194 = __edi;
				_t197 = _t198;
				_t135 = 8;
				do {
					_push(0);
					_push(0);
					_t135 = _t135 - 1;
				} while (_t135 != 0);
				_push(__ebx);
				_push(_t197);
				_push(0x40a886);
				_push( *[fs:eax]);
				 *[fs:eax] = _t198;
				E0040A4F0();
				E00408F68(__ebx, __edi, __esi);
				_t200 =  *0x415c3c;
				if( *0x415c3c != 0) {
					E00409140(__esi, _t200);
				}
				_t134 = GetThreadLocale();
				E00408EB4(_t43, 0, 0x14,  &_v20);
				E00404C98(0x415b6c, _v20);
				E00408EB4(_t43, 0x40a8a0, 0x1b,  &_v24);
				 *0x415b70 = E00407F10(0x40a8a0, 0, _t200);
				E00408EB4(_t134, 0x40a8a0, 0x1c,  &_v28);
				 *0x415b71 = E00407F10(0x40a8a0, 0, _t200);
				 *0x415b72 = E00408F00(_t134, 0x2c, 0xf);
				 *0x415b74 = E00408F00(_t134, 0x2e, 0xe);
				E00408EB4(_t134, 0x40a8a0, 0x19,  &_v32);
				 *0x415b76 = E00407F10(0x40a8a0, 0, _t200);
				 *0x415b78 = E00408F00(_t134, 0x2f, 0x1d);
				E00408EB4(_t134, L"m/d/yy", 0x1f,  &_v40);
				E004091F4(_v40, _t134,  &_v36, _t194, _t195, _t200);
				E00404C98(0x415b7c, _v36);
				E00408EB4(_t134, L"mmmm d, yyyy", 0x20,  &_v48);
				E004091F4(_v48, _t134,  &_v44, _t194, _t195, _t200);
				E00404C98(0x415b80, _v44);
				 *0x415b84 = E00408F00(_t134, 0x3a, 0x1e);
				E00408EB4(_t134, 0x40a8f4, 0x28,  &_v52);
				E00404C98(0x415b88, _v52);
				E00408EB4(_t134, 0x40a908, 0x29,  &_v56);
				E00404C98(0x415b8c, _v56);
				E00404CEC( &_v12, 0);
				E00404CEC( &_v16, 0);
				E00408EB4(_t134, 0x40a8a0, 0x25,  &_v60);
				_t104 = E00407F10(0x40a8a0, 0, _t200);
				_t201 = _t104;
				if(_t104 != 0) {
					E00404CEC( &_v8, 0x40a92c);
				} else {
					E00404CEC( &_v8, 0x40a91c);
				}
				E00408EB4(_t134, 0x40a8a0, 0x23,  &_v64);
				_t111 = E00407F10(0x40a8a0, 0, _t201);
				_t202 = _t111;
				if(_t111 == 0) {
					E00408EB4(_t134, 0x40a8a0, 0x1005,  &_v68);
					if(E00407F10(0x40a8a0, 0, _t202) != 0) {
						E00404CEC( &_v12, L"AMPM ");
					} else {
						E00404CEC( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E0040513C(0x415b90, 4, _t194);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E0040513C(0x415b94, 4, _t194);
				 *0x415c3e = E00408F00(_t134, 0x2c, 0xc);
				_pop(_t187);
				 *[fs:eax] = _t187;
				_push(E0040A88D);
				return L00404C90( &_v68, 0x10);
			}

0x0040a5a8
0x0040a5a8
0x0040a5a9
0x0040a5ab
0x0040a5b0
0x0040a5b0
0x0040a5b2
0x0040a5b4
0x0040a5b4
0x0040a5b7
0x0040a5ba
0x0040a5bb
0x0040a5c0
0x0040a5c3
0x0040a5c6
0x0040a5cb
0x0040a5d0
0x0040a5d7
0x0040a5d9
0x0040a5d9
0x0040a5e3
0x0040a5f2
0x0040a5ff
0x0040a614
0x0040a623
0x0040a638
0x0040a647
0x0040a65c
0x0040a672
0x0040a688
0x0040a697
0x0040a6ac
0x0040a6c2
0x0040a6cd
0x0040a6da
0x0040a6ef
0x0040a6fa
0x0040a707
0x0040a71c
0x0040a732
0x0040a73f
0x0040a754
0x0040a761
0x0040a76b
0x0040a775
0x0040a78a
0x0040a794
0x0040a799
0x0040a79b
0x0040a7b4
0x0040a79d
0x0040a7a5
0x0040a7a5
0x0040a7c9
0x0040a7d3
0x0040a7d8
0x0040a7da
0x0040a7ec
0x0040a7fd
0x0040a816
0x0040a7ff
0x0040a807
0x0040a807
0x0040a7fd
0x0040a81b
0x0040a81e
0x0040a821
0x0040a826
0x0040a833
0x0040a838
0x0040a83b
0x0040a83e
0x0040a843
0x0040a850
0x0040a865
0x0040a86d
0x0040a870
0x0040a873
0x0040a885

APIs

GetThreadLocale.KERNEL32(00000000,0040A886,?,?,00000000,00000000), ref: 0040A5DE

Part of subcall function 00408EB4: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00408ED2

Strings

:mm:ss, xrefs: 0040A83E
AMPM , xrefs: 0040A811
mmmm d, yyyy, xrefs: 0040A6E3
AMPM, xrefs: 0040A802
:mm, xrefs: 0040A821
m/d/yy, xrefs: 0040A6B6

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Locale$InfoThread
String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
API String ID: 4232894706-2493093252
Opcode ID: 8a50f68389ff190409cc6e1354995ac59f3095b9dfab6b774593af29b2008bc8
Instruction ID: 937fad03d119ad446409e4fc6370febcefa1a0408b23a60a3ce11da87fe3f1e8
Opcode Fuzzy Hash: 8a50f68389ff190409cc6e1354995ac59f3095b9dfab6b774593af29b2008bc8
Instruction Fuzzy Hash: 01710A75B042499BDB00EBA5D841ADF7266ABC8308F51D43BB201BB3C6DA3CDD16879D

Uniqueness

Uniqueness Score: -1.00%

Function 004044F0, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E004044F0(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x41304c == 0) {
					if( *0x412028 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x413328 == 0xd7b2 &&  *0x413330 > 0) {
						 *0x413340();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E0040457C, 2,  &_v4, 0);
				}
			}

0x004044f8
0x00404558
0x00404568
0x00404568
0x0040456e
0x004044fa
0x00404503
0x00404513
0x00404513
0x0040452f
0x00404550
0x00404550

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004045A1,?,?,?,00000001,004046B6,00402F13,00402F5A,00000000,?), ref: 00404529
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004045A1,?,?,?,00000001,004046B6,00402F13,00402F5A,00000000), ref: 0040452F
GetStdHandle.KERNEL32(000000F5,0040457C,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004045A1,?,?), ref: 00404544
WriteFile.KERNEL32(00000000,000000F5,0040457C,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004045A1,?,?), ref: 0040454A
MessageBoxA.USER32 ref: 00404568

Strings

Error, xrefs: 0040455C
Runtime error at 00000000, xrefs: 00404522, 00404561

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: 702207360e6f67392dae8c09e50a71dce199e074f7270a58720f1a5ddd4bdc6b
Instruction ID: fdc5a69791f8b721a84368f61c8a4f4698a1174428d9f6e56fc121f1a8fce5d1
Opcode Fuzzy Hash: 702207360e6f67392dae8c09e50a71dce199e074f7270a58720f1a5ddd4bdc6b
Instruction Fuzzy Hash: 8CF02BF0A8038479E620B7609D06FD626880384F1AFA0823BB370F54E6C6FC45C4C62D

Uniqueness

Uniqueness Score: -1.00%

Function 00401E74, Relevance: 10.9, APIs: 7, Instructions: 407
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00401E74(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t180;
				intOrPtr _t193;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				void* _t206;
				unsigned int _t208;
				intOrPtr _t214;
				void* _t226;
				intOrPtr _t228;
				void* _t229;
				signed int _t231;
				void* _t233;
				signed int _t234;
				signed int _t235;
				signed int _t239;
				signed int _t242;
				void* _t244;
				intOrPtr* _t245;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t218 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t218);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t226);
							_t245 = _t244 + 0xffffffe0;
							_t219 = __edx;
							_t203 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (_t69 & 0xfffffff0) - 0x14;
							if(_t148 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = E004018F8(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t219 - 0x40a2c;
										if(_t219 > 0x40a2c) {
											_t78 = _t203 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t219;
										}
										E004014BC(_t203, _t219, _t150);
										E00401C7C(_t203, _t203, _t226);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								_t180 = (_t148 >> 2) + _t148;
								if(_t180 <= __edx) {
									_t228 = __edx;
								} else {
									_t228 = _t180;
								}
								 *_t245 = _t203 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t245 + 8), _t245 + 8, 0x1c);
								if( *((intOrPtr*)(_t245 + 0x14)) != 0x10000) {
									L12:
									_t150 = E004018F8(_t228);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t228 - 0x40a2c;
										if(_t228 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t219;
										}
										E0040148C(_t203,  *((intOrPtr*)(_t203 - 0x10 + 8)), _t150);
										E00401C7C(_t203, _t203, _t228);
									}
								} else {
									 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0xffff0000;
									_t94 =  *(_t245 + 0x10);
									if(_t219 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t228 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t245 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t245 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t203 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t219;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t203;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t206 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t226);
						if(__edx > _t171) {
							_t102 =  *(_t206 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t229 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t208 = _t171;
								_t109 = E004018F8(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t193 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t229 - 0x40a2c;
									if(_t229 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t193;
									}
									_t231 = _t109;
									E0040148C(_t218, _t208, _t109);
									E00401C7C(_t218, _t208, _t231);
									return _t231;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t233 = _t171 + _t115;
								__eflags = __edx - _t233;
								if(__edx > _t233) {
									goto L75;
								} else {
									__eflags =  *0x41304d;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											E004014D8(_t206);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t196 = _t233 + 4 - _t123;
										__eflags = _t196;
										if(_t196 > 0) {
											 *(_t218 + _t233 - 4) = _t196;
											 *((intOrPtr*)(_t218 - 4 + _t123)) = _t196 + 3;
											_t234 = _t123;
											__eflags = _t196 - 0xb30;
											if(_t196 >= 0xb30) {
												__eflags = _t123 + _t218;
												E00401518(_t123 + _t218, _t171, _t196);
											}
										} else {
											 *(_t218 + _t233) =  *(_t218 + _t233) & 0xfffffff7;
											_t234 = _t233 + 4;
										}
										_t235 = _t234 | _t156;
										__eflags = _t235;
										 *(_t218 - 4) = _t235;
										 *0x413a34 = 0;
										_t109 = _t218;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x413a34], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4138d5;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x413a34], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										_t129 =  *(_t206 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x413a34 = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t233 = _t171 + _t115;
											__eflags = _t176 - _t233;
											if(_t176 > _t233) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t239 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t239;
									__eflags =  *0x41304d;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x413a34], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x4138d5;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x413a34], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										__eflags = 0xf;
									}
									 *(_t218 - 4) = _t156 | _t239;
									_t161 = _t174;
									_t197 =  *(_t206 - 4);
									__eflags = _t197 & 0x00000001;
									if((_t197 & 0x00000001) != 0) {
										_t131 = _t206;
										_t198 = _t197 & 0xfffffff0;
										_t161 = _t161 + _t198;
										_t206 = _t206 + _t198;
										__eflags = _t198 - 0xb30;
										if(_t198 >= 0xb30) {
											E004014D8(_t131);
										}
									} else {
										 *(_t206 - 4) = _t197 | 0x00000008;
									}
									 *((intOrPtr*)(_t206 - 8)) = _t161;
									 *((intOrPtr*)(_t218 + _t239 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										E00401518(_t218 + _t239, _t174, _t161);
									}
									 *0x413a34 = 0;
									return _t218;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t214 = __edx;
										_t140 = E004018F8(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t242 = _t140;
											E004014BC(_t218, _t214, _t140);
											E00401C7C(_t218, _t214, _t242);
											_t140 = _t242;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = E004018F8((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = E00401C7C(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = E004018F8(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = E00401C7C(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00401e74
0x00401e74
0x00401e74
0x00401e7c
0x00401e7e
0x00401f0c
0x00401f0f
0x0040217c
0x0040217d
0x0040217e
0x00402181
0x004017ac
0x004017ad
0x004017ae
0x004017af
0x004017b0
0x004017b3
0x004017b5
0x004017bc
0x004017c3
0x004017c8
0x004018b1
0x004018b3
0x004018c6
0x004018c8
0x004018ca
0x004018cc
0x004018d2
0x004018d6
0x004018d6
0x004018d9
0x004018d9
0x004018e2
0x004018e9
0x004018e9
0x004018b5
0x004018b5
0x004018ba
0x004018ba
0x004017ce
0x004017d3
0x004017d7
0x004017dd
0x004017d9
0x004017d9
0x004017d9
0x004017e9
0x004017f8
0x00401805
0x00401877
0x0040187e
0x00401880
0x00401882
0x00401884
0x0040188a
0x0040188e
0x0040188e
0x00401891
0x00401891
0x004018a1
0x004018a8
0x004018a8
0x00401807
0x00401807
0x00401813
0x00401819
0x00000000
0x0040181b
0x0040182c
0x00401830
0x00401832
0x00401832
0x00401848
0x00000000
0x00401860
0x00401862
0x00401865
0x00401870
0x00401873
0x00401873
0x00401848
0x00401819
0x00401805
0x004018f7
0x00402187
0x00402187
0x00402189
0x00402189
0x00401f15
0x00401f17
0x00401f1a
0x00401f1b
0x00401f1e
0x00401f21
0x00401f24
0x00401f26
0x00401f27
0x0040203c
0x0040203f
0x00402041
0x00402134
0x0040213f
0x00402146
0x00402148
0x0040214b
0x00402150
0x00402151
0x00402153
0x00000000
0x00402155
0x00402155
0x0040215b
0x0040215d
0x0040215d
0x00402160
0x00402168
0x0040216f
0x0040217a
0x0040217a
0x00402047
0x00402047
0x0040204a
0x0040204d
0x0040204f
0x00000000
0x00402055
0x00402055
0x0040205c
0x004020b9
0x004020b9
0x004020be
0x004020c4
0x004020c9
0x004020ca
0x004020ca
0x004020d6
0x004020e7
0x004020ed
0x004020ed
0x004020ef
0x004020fc
0x00402103
0x00402107
0x00402109
0x0040210f
0x00402111
0x00402113
0x00402113
0x004020f1
0x004020f1
0x004020f5
0x004020f5
0x00402118
0x00402118
0x0040211a
0x0040211d
0x00402124
0x00402126
0x0040212a
0x0040205e
0x0040205e
0x00402063
0x0040206b
0x00000000
0x00000000
0x0040206d
0x0040206f
0x00402076
0x00000000
0x00402078
0x0040207c
0x00402081
0x00402082
0x00402088
0x00402090
0x00402096
0x0040209b
0x0040209c
0x00000000
0x0040209c
0x00402090
0x00000000
0x00402076
0x004020a5
0x004020a8
0x004020ab
0x004020ad
0x0040212d
0x0040212d
0x00000000
0x004020af
0x004020af
0x004020b2
0x004020b5
0x004020b7
0x00000000
0x00000000
0x00000000
0x00000000
0x004020b7
0x004020ad
0x0040205c
0x0040204f
0x00401f2d
0x00401f30
0x00401f32
0x00401f3c
0x00401f42
0x00401f59
0x00401f59
0x00401f65
0x00401f6b
0x00401f6d
0x00401f74
0x00401f76
0x00401f7b
0x00401f83
0x00000000
0x00000000
0x00401f85
0x00401f87
0x00401f8e
0x00000000
0x00401f90
0x00401f93
0x00401f98
0x00401f9e
0x00401fa6
0x00401fab
0x00401fb0
0x00000000
0x00401fb0
0x00401fa6
0x00000000
0x00401f8e
0x00401fb9
0x00401fb9
0x00401fb9
0x00401fbe
0x00401fc1
0x00401fc3
0x00401fc6
0x00401fc9
0x00401fd4
0x00401fd6
0x00401fd9
0x00401fdb
0x00401fdd
0x00401fe3
0x00401fe5
0x00401fe5
0x00401fcb
0x00401fce
0x00401fce
0x00401fea
0x00401ff0
0x00401ff4
0x00401ffa
0x00402001
0x00402001
0x00402006
0x00402013
0x00401f44
0x00401f44
0x00401f4a
0x00402014
0x00402018
0x0040201d
0x0040201f
0x00402021
0x00402029
0x00402030
0x00402035
0x00402035
0x0040203b
0x00401f50
0x00401f50
0x00401f55
0x00401f57
0x00000000
0x00000000
0x00000000
0x00000000
0x00401f57
0x00401f4a
0x00401f34
0x00401f34
0x00401f38
0x00401f38
0x00401f32
0x00401f27
0x00401e84
0x00401e84
0x00401e86
0x00401e8a
0x00401e8d
0x00401e8f
0x00401ec8
0x00401ecc
0x00401ecd
0x00401ecf
0x00401ed1
0x00401ed3
0x00401ed6
0x00401ed8
0x00401eda
0x00401edf
0x00401ee1
0x00401ee3
0x00401ee9
0x00401eeb
0x00401eeb
0x00401ef2
0x00401ef2
0x00401ef5
0x00401ef7
0x00401f00
0x00401f05
0x00401f05
0x00401f07
0x00401f08
0x00401f09
0x00401f0a
0x00401e91
0x00401e91
0x00401e98
0x00401e9a
0x00401ea0
0x00401ea2
0x00401ea4
0x00401ea9
0x00401eab
0x00401ead
0x00401eaf
0x00401eb1
0x00401ebc
0x00401ec1
0x00401ec1
0x00401ec3
0x00401ec4
0x00401ec5
0x00401e9c
0x00401e9c
0x00401e9d
0x00401e9e
0x00401e9e
0x00401e9a
0x00401e8f

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f575fe0f9ab75cd77064c69f6d0118a98c1029f4734138360c475f3ddc3b2d0
Instruction ID: e7aaafa73fe3aa34f17de89ed5c93537a6fc3e5f890846df0dd0d21288fe1d67
Opcode Fuzzy Hash: 5f575fe0f9ab75cd77064c69f6d0118a98c1029f4734138360c475f3ddc3b2d0
Instruction Fuzzy Hash: 54C102767002010BE714AA6DDD8976EB2C69BC5325F18823FE214EB3E6DABCC9458348

Uniqueness

Uniqueness Score: -1.00%

Function 004094C0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E004094C0(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				struct HINSTANCE__* _t44;
				intOrPtr _t55;
				struct HINSTANCE__* _t57;
				signed int _t76;
				long _t79;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;
				void* _t113;

				_t113 = __fp0;
				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x40966c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000) {
					L2:
					_t44 =  *0x415b48; // 0x400000
					GetModuleFileNameW(_t44,  &_v1056, 0x105);
					_v12 = E004094B4(_t82);
				} else {
					_t79 = GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105);
					_t108 = _t79;
					if(_t79 != 0) {
						_t85 = _t82 - _v1596.AllocationBase;
						__eflags = _t85;
						_v12 = _t85;
					} else {
						goto L2;
					}
				}
				E00408128( &_v534, 0x104, E0040A48C() + 2, _t108);
				_t83 = 0x409680;
				_t100 = 0x409680;
				_t95 =  *0x406d5c; // 0x406db4
				if(E0040392C(_t102, _t95) != 0) {
					_t83 = E00404D24( *((intOrPtr*)(_t102 + 4)));
					_t76 = E004080DC(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x409684;
					}
				}
				_t55 =  *0x412c70; // 0x406b7c
				_t18 = _t55 + 4; // 0xffe7
				_t57 =  *0x415b48; // 0x400000
				LoadStringW(E00405B90(_t57),  *_t18,  &_v1568, 0x100);
				E00403814( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				_push( &_v1636);
				E00408290(_v8,  &_v1568, _a4, _t113);
				E004080DC(_v8);
				_t98 = 4;
				 *[fs:eax] = _t98;
				_push(E00409673);
				return L00404C88( &_v1640);
			}

0x004094c0
0x004094ce
0x004094d4
0x004094d7
0x004094d9
0x004094dd
0x004094de
0x004094e3
0x004094e6
0x004094f3
0x00409502
0x00409520
0x0040952c
0x00409532
0x0040953e
0x00409504
0x00409517
0x0040951c
0x0040951e
0x00409543
0x00409543
0x00409549
0x00000000
0x00000000
0x00000000
0x0040951e
0x0040956b
0x00409570
0x00409575
0x0040957c
0x00409589
0x00409593
0x00409597
0x0040959e
0x004095a8
0x004095a8
0x0040959e
0x004095b9
0x004095be
0x004095c2
0x004095cd
0x004095da
0x004095e5
0x004095eb
0x004095f8
0x004095fe
0x00409608
0x0040960e
0x00409615
0x0040961b
0x00409622
0x00409628
0x00409635
0x00409644
0x0040964c
0x00409655
0x00409658
0x0040965b
0x0040966b

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040966C), ref: 004094F3
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00409517
GetModuleFileNameW.KERNEL32(00400000,?,00000105), ref: 00409532
LoadStringW.USER32(00000000,0000FFE7,?,00000100), ref: 004095CD

Strings

|k@, xrefs: 004095B9

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID: |k@
API String ID: 3990497365-1384102874
Opcode ID: 6f085f8ec88251c6b4d6bed15921bf942687a9faf34eb56f100020bfa587058b
Instruction ID: 812a0db5b2e8149b5403e96b780088374b8dce2bc0e6689b4533de7bda3b7772
Opcode Fuzzy Hash: 6f085f8ec88251c6b4d6bed15921bf942687a9faf34eb56f100020bfa587058b
Instruction Fuzzy Hash: A04134719012189FDB20EF65CD81BCAB7F9AB84304F4144FAE508E7282D77A9E94CF58

Uniqueness

Uniqueness Score: -1.00%

Function 004094BE, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E004094BE(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v534;
				short _v1056;
				short _v1568;
				struct _MEMORY_BASIC_INFORMATION _v1596;
				char _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				char _v1616;
				intOrPtr _v1620;
				char _v1624;
				char* _v1628;
				char _v1632;
				char _v1636;
				char _v1640;
				struct HINSTANCE__* _t44;
				intOrPtr _t55;
				struct HINSTANCE__* _t57;
				signed int _t76;
				long _t79;
				void* _t82;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t95;
				intOrPtr _t98;
				intOrPtr _t100;
				intOrPtr* _t102;
				void* _t105;
				void* _t113;

				_t113 = __fp0;
				_v1640 = 0;
				_v8 = __ecx;
				_t82 = __edx;
				_t102 = __eax;
				_push(_t105);
				_push(0x40966c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffff99c;
				VirtualQuery(__edx,  &_v1596, 0x1c);
				if(_v1596.State != 0x1000) {
					L3:
					_t44 =  *0x415b48; // 0x400000
					GetModuleFileNameW(_t44,  &_v1056, 0x105);
					_v12 = E004094B4(_t82);
				} else {
					_t79 = GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105);
					_t108 = _t79;
					if(_t79 != 0) {
						_t85 = _t82 - _v1596.AllocationBase;
						__eflags = _t85;
						_v12 = _t85;
					} else {
						goto L3;
					}
				}
				E00408128( &_v534, 0x104, E0040A48C() + 2, _t108);
				_t83 = 0x409680;
				_t100 = 0x409680;
				_t95 =  *0x406d5c; // 0x406db4
				if(E0040392C(_t102, _t95) != 0) {
					_t83 = E00404D24( *((intOrPtr*)(_t102 + 4)));
					_t76 = E004080DC(_t83);
					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
						_t100 = 0x409684;
					}
				}
				_t55 =  *0x412c70; // 0x406b7c
				_t18 = _t55 + 4; // 0xffe7
				_t57 =  *0x415b48; // 0x400000
				LoadStringW(E00405B90(_t57),  *_t18,  &_v1568, 0x100);
				E00403814( *_t102,  &_v1640);
				_v1636 = _v1640;
				_v1632 = 0x11;
				_v1628 =  &_v534;
				_v1624 = 0xa;
				_v1620 = _v12;
				_v1616 = 5;
				_v1612 = _t83;
				_v1608 = 0xa;
				_v1604 = _t100;
				_v1600 = 0xa;
				_push( &_v1636);
				E00408290(_v8,  &_v1568, _a4, _t113);
				E004080DC(_v8);
				_t98 = 4;
				 *[fs:eax] = _t98;
				_push(E00409673);
				return L00404C88( &_v1640);
			}

0x004094be
0x004094ce
0x004094d4
0x004094d7
0x004094d9
0x004094dd
0x004094de
0x004094e3
0x004094e6
0x004094f3
0x00409502
0x00409520
0x0040952c
0x00409532
0x0040953e
0x00409504
0x00409517
0x0040951c
0x0040951e
0x00409543
0x00409543
0x00409549
0x00000000
0x00000000
0x00000000
0x0040951e
0x0040956b
0x00409570
0x00409575
0x0040957c
0x00409589
0x00409593
0x00409597
0x0040959e
0x004095a8
0x004095a8
0x0040959e
0x004095b9
0x004095be
0x004095c2
0x004095cd
0x004095da
0x004095e5
0x004095eb
0x004095f8
0x004095fe
0x00409608
0x0040960e
0x00409615
0x0040961b
0x00409622
0x00409628
0x00409635
0x00409644
0x0040964c
0x00409655
0x00409658
0x0040965b
0x0040966b

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040966C), ref: 004094F3
GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00409517
GetModuleFileNameW.KERNEL32(00400000,?,00000105), ref: 00409532
LoadStringW.USER32(00000000,0000FFE7,?,00000100), ref: 004095CD

Strings

|k@, xrefs: 004095B9

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileModuleName$LoadQueryStringVirtual
String ID: |k@
API String ID: 3990497365-1384102874
Opcode ID: 43087fe4bc38f8cd41f2fd5395c9c061ec226a594088f0491a4063f5bd6d0949
Instruction ID: 1ed4c405d868999d2a68b461cc40520038d24ac33ddd5ad5e87d9ce406dc7cf2
Opcode Fuzzy Hash: 43087fe4bc38f8cd41f2fd5395c9c061ec226a594088f0491a4063f5bd6d0949
Instruction Fuzzy Hash: 86414671A002189FDB20EF55CC41BCAB7F99B84304F4144FAE508E7282D7799E94CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403714, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49
registryCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00403714() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x41201c & 0x0000ffff;
				if(RegOpenKeyExW(0x80000002, L"SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t14 =  *0x41201c & 0xffc0 | _v12 & 0x3f;
					 *0x41201c = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00403785);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExW(_v8, L"FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x40378c);
					return RegCloseKey(_v8);
				}
			}

0x00403715
0x00403717
0x00403721
0x0040373d
0x0040379f
0x004037a2
0x004037ab
0x0040373f
0x00403741
0x00403742
0x00403747
0x0040374a
0x0040374d
0x00403769
0x00403770
0x00403773
0x00403776
0x00403784
0x00403784

APIs

RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403736
RegQueryValueExW.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403785,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403769
RegCloseKey.ADVAPI32(?,0040378C,00000000,?,00000004,00000000,00403785,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 0040377F

Strings

SOFTWARE\Borland\Delphi\RTL, xrefs: 0040372C
FPUMaskValue, xrefs: 00403760

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
API String ID: 3677997916-4173385793
Opcode ID: 6aeaf0bb9d8d3d66ce8c9309b5049384293a7d57b585f7f81df902abe7067c85
Instruction ID: 40a73df8a67999f4cbb9744d622e99770d6b6577c1e0934ef40092c26c129c87
Opcode Fuzzy Hash: 6aeaf0bb9d8d3d66ce8c9309b5049384293a7d57b585f7f81df902abe7067c85
Instruction Fuzzy Hash: B10152B5540318B9DB11DFA18D42BAABBACD708B01F208177BA00F75D0E6799A10D769

Uniqueness

Uniqueness Score: -1.00%

Function 00409140, Relevance: 7.6, APIs: 5, Instructions: 50
threadCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00409140(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x4091d7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E00408EB4(GetThreadLocale(), 0x4091f0, 0x100b,  &_v8);
				_t29 = E00407F10(0x4091f0, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoW(E0040908C, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x415c5c;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoW(E004090C8, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E004091DE);
				return L00404C88( &_v8);
			}

0x00409140
0x00409143
0x00409148
0x00409149
0x0040914e
0x00409151
0x00409167
0x00409179
0x00409183
0x00409193
0x00409198
0x0040919d
0x004091a2
0x004091a2
0x004091a8
0x004091ab
0x004091ab
0x004091bc
0x004091bc
0x004091c3
0x004091c6
0x004091c9
0x004091d6

APIs

GetThreadLocale.KERNEL32(?,00000000,004091D7,?,?,00000000), ref: 00409158

Part of subcall function 00408EB4: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00408ED2

GetThreadLocale.KERNEL32(00000000,00000004,00000000,004091D7,?,?,00000000), ref: 00409188
EnumCalendarInfoW.KERNEL32(Function_0000908C,00000000,00000000,00000004,00000000,004091D7,?,?,00000000), ref: 00409193
GetThreadLocale.KERNEL32(00000000,00000003,Function_0000908C,00000000,00000000,00000004,00000000,004091D7,?,?,00000000), ref: 004091B1
EnumCalendarInfoW.KERNEL32(Function_000090C8,00000000,00000000,00000003,Function_0000908C,00000000,00000000,00000004,00000000,004091D7,?,?,00000000), ref: 004091BC

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Locale$InfoThread$CalendarEnum
String ID:
API String ID: 4102113445-0
Opcode ID: 1287b01eaffe2f7a89d76bee5e253d8467206198faf148c79f9b7f744e170f41
Instruction ID: 083ce9a4cc77aebe24cd927d5b3fe7a8d4ed640c99c3cc4bc0f0e781bc0fc52a
Opcode Fuzzy Hash: 1287b01eaffe2f7a89d76bee5e253d8467206198faf148c79f9b7f744e170f41
Instruction Fuzzy Hash: EF01DF70304604AAF701AB65CC12B5A32ACDB85728F62053AF900BB6C7DA7C9E0082AC

Uniqueness

Uniqueness Score: -1.00%

Function 004091F4, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 177
threadCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E004091F4(signed int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				void* _t69;
				signed int _t72;
				signed int _t75;
				signed int _t78;
				signed int _t81;
				signed int _t97;
				intOrPtr _t112;
				void* _t113;
				signed int _t114;
				signed int _t122;
				signed int _t131;
				intOrPtr _t152;
				void* _t164;
				signed int _t166;
				intOrPtr _t170;
				void* _t171;

				_t171 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t164 = __edx;
				_v8 = __eax;
				L00404C80(_v8);
				_push(_t170);
				_push(0x409427);
				 *[fs:eax] = _t170;
				_t131 = 1;
				E00404C98(_t164, 0,  *[fs:eax]);
				E00408EB4(GetThreadLocale(), 0x409444, 0x1009,  &_v16);
				if(E00407F10(0x409444, 1, _t171) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t69 = E00404EF4(E00404830( &_v8));
						__eflags = _t131 - _t69;
						if(_t131 > _t69) {
							break;
						}
						_t166 = _v8;
						__eflags = _t166;
						if(_t166 != 0) {
							__eflags =  *((short*)(_t166 - 0xa)) - 2;
							if( *((short*)(_t166 - 0xa)) != 2) {
								_t166 = E00404820( &_v8);
							}
						}
						__eflags =  *((short*)(_t166 + _t131 * 2 - 2)) - 0xd800;
						if( *((short*)(_t166 + _t131 * 2 - 2)) < 0xd800) {
							L22:
							_t72 = E00408164(_v8 + _t131 * 2 - 2, 2, 0x409448);
							__eflags = _t72;
							if(_t72 != 0) {
								_t75 = E00408164(_v8 + _t131 * 2 - 2, 4, L"yyyy");
								__eflags = _t75;
								if(_t75 != 0) {
									_t78 = E00408164(_v8 + _t131 * 2 - 2, 2, L"yy");
									__eflags = _t78;
									if(_t78 != 0) {
										_t81 = ( *(_v8 + _t131 * 2 - 2) & 0x0000ffff) - 0x59;
										__eflags = _t81;
										if(_t81 == 0) {
											L30:
											E00404F98(_t164, 0x4094b0);
											L32:
											_t131 = _t131 + 1;
											__eflags = _t131;
											continue;
										}
										__eflags = _t81 != 0x20;
										if(_t81 != 0x20) {
											E00404E04();
											E00404F98(_t164, _v28);
											goto L32;
										}
										goto L30;
									}
									E00404F98(_t164, 0x40949c);
									_t131 = _t131 + 1;
									goto L32;
								}
								E00404F98(_t164, L"eeee");
								_t131 = _t131 + 3;
								goto L32;
							}
							E00404F98(_t164, 0x40945c);
							_t131 = _t131 + 1;
							goto L32;
						} else {
							__eflags =  *((short*)(_t166 + _t131 * 2 - 2)) - 0xdfff;
							if( *((short*)(_t166 + _t131 * 2 - 2)) > 0xdfff) {
								goto L22;
							}
							_t97 = E0040A3F8(_v8, _t131, _t131, _t166) >> 1;
							if(__eflags < 0) {
								asm("adc eax, 0x0");
							}
							_v12 = _t97;
							E0040525C(_v8, _t131, _t131, _t164, _t166,  &_v24);
							E00404F98(_t164, _v24);
							_t131 = _t131 + _v12;
							continue;
						}
					}
					L34:
					_pop(_t152);
					 *[fs:eax] = _t152;
					_push(E0040942E);
					L00404C90( &_v28, 4);
					return L00404C88( &_v8);
				}
				_t112 =  *0x415c34; // 0x9
				_t113 = _t112 - 4;
				if(_t113 == 0 || _t113 + 0xfffffff3 - 2 < 0) {
					_t114 = 1;
				} else {
					_t114 = 0;
				}
				if(_t114 == 0) {
					E00404C98(_t164, _v8);
				} else {
					while(_t131 <= E00404EF4(E00404830( &_v8))) {
						_t122 = ( *(_v8 + _t131 * 2 - 2) & 0x0000ffff) - 0x47;
						__eflags = _t122;
						if(_t122 != 0) {
							__eflags = _t122 != 0x20;
							if(_t122 != 0x20) {
								E00404E04();
								E00404F98(_t164, _v20);
							}
						}
						_t131 = _t131 + 1;
						__eflags = _t131;
					}
				}
			}

0x004091f4
0x004091f9
0x004091fa
0x004091fb
0x004091fc
0x004091fd
0x004091fe
0x004091ff
0x00409200
0x00409202
0x00409204
0x0040920a
0x00409211
0x00409212
0x0040921a
0x0040921d
0x00409226
0x0040923e
0x00409256
0x004093ef
0x004093f7
0x004093fc
0x004093fe
0x00000000
0x00000000
0x004092ca
0x004092cd
0x004092cf
0x004092d6
0x004092da
0x004092e7
0x004092e7
0x004092da
0x004092e9
0x004092f0
0x00409332
0x00409343
0x00409348
0x0040934a
0x0040936f
0x00409374
0x00409376
0x0040939a
0x0040939f
0x004093a1
0x004093ba
0x004093ba
0x004093be
0x004093c6
0x004093cd
0x004093ee
0x004093ee
0x004093ee
0x00000000
0x004093ee
0x004093c0
0x004093c4
0x004093df
0x004093e9
0x00000000
0x004093e9
0x00000000
0x004093c4
0x004093aa
0x004093af
0x00000000
0x004093af
0x0040937f
0x00409384
0x00000000
0x00409384
0x00409353
0x00409358
0x00000000
0x004092f2
0x004092f2
0x004092f9
0x00000000
0x00000000
0x00409305
0x00409307
0x00409309
0x00409309
0x0040930c
0x0040931b
0x00409325
0x0040932a
0x00000000
0x0040932a
0x004092f0
0x00409404
0x00409406
0x00409409
0x0040940c
0x00409419
0x00409426
0x00409426
0x0040925c
0x00409261
0x00409264
0x00409272
0x0040926e
0x0040926e
0x0040926e
0x00409276
0x004092c0
0x00409278
0x004092a5
0x00409284
0x00409284
0x00409288
0x0040928a
0x0040928e
0x00409295
0x0040929f
0x0040929f
0x0040928e
0x004092a4
0x004092a4
0x004092a4
0x004092b6

APIs

GetThreadLocale.KERNEL32(?,00000000,00409427,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040922F

Part of subcall function 00408EB4: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00408ED2

Strings

eeee, xrefs: 0040937A
yyyy, xrefs: 0040935E
ggg, xrefs: 0040934E

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Locale$InfoThread
String ID: eeee$ggg$yyyy
API String ID: 4232894706-1253427255
Opcode ID: 8c7d597c29a03ef98b73ffdf2240034f553e37ed67633844407f3f811d289582
Instruction ID: f2ce5095f23ab47d6d0538cc62e5ab7c2440563574ca3b0be4b951cff116fd36
Opcode Fuzzy Hash: 8c7d597c29a03ef98b73ffdf2240034f553e37ed67633844407f3f811d289582
Instruction Fuzzy Hash: 1A519375A041069BCB10FBA9C5825AFB3A5EF85308B20447BE941B73E7DB3C9E02965D

Uniqueness

Uniqueness Score: -1.00%

Function 00409D3C, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E00409D3C(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				intOrPtr _t52;
				intOrPtr _t60;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t110;
				void* _t113;

				_t108 = __edi;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t113);
				_push(0x409ef7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t113 + 0xfffffd8c;
				_t89 =  *((intOrPtr*)(_a4 - 4));
				if( *((intOrPtr*)(_t89 + 0x14)) != 0) {
					_t52 =  *0x412c04; // 0x406bac
					E004063E4(_t52,  &_v8);
				} else {
					_t86 =  *0x412c80; // 0x406ba4
					E004063E4(_t86,  &_v8);
				}
				_t110 =  *((intOrPtr*)(_t89 + 0x18));
				VirtualQuery( *(_t89 + 0xc),  &_v36, 0x1c);
				if(_v36.State != 0x1000 || GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105) == 0) {
					_v628 =  *(_t89 + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t110;
					_v608 = 5;
					_push( &_v628);
					_t60 =  *0x412c0c; // 0x406b4c
					E004063E4(_t60,  &_v632, 2);
					E00409860(_t89, _v632, 1, _t108, _t110);
				} else {
					_v592 =  *(_t89 + 0xc);
					_v588 = 5;
					E00404E50( &_v600, 0x105,  &_v558);
					E00408028(_v600,  &_v596);
					_v584 = _v596;
					_v580 = 0x11;
					_v576 = _v8;
					_v572 = 0x11;
					_v568 = _t110;
					_v564 = 5;
					_push( &_v592);
					_t82 =  *0x412c38; // 0x406c1c
					E004063E4(_t82,  &_v604, 3);
					E00409860(_t89, _v604, 1, _t108, _t110);
				}
				_pop(_t101);
				 *[fs:eax] = _t101;
				_push(E00409EFE);
				L00404C88( &_v632);
				L00404C90( &_v604, 3);
				return L00404C88( &_v8);
			}

0x00409d3c
0x00409d49
0x00409d4f
0x00409d55
0x00409d5b
0x00409d61
0x00409d66
0x00409d67
0x00409d6c
0x00409d6f
0x00409d75
0x00409d7c
0x00409d90
0x00409d95
0x00409d7e
0x00409d81
0x00409d86
0x00409d86
0x00409d9a
0x00409da7
0x00409db3
0x00409e6f
0x00409e75
0x00409e7f
0x00409e85
0x00409e8c
0x00409e92
0x00409e9f
0x00409ea8
0x00409ead
0x00409ebf
0x00409dd6
0x00409dd9
0x00409ddf
0x00409df7
0x00409e08
0x00409e13
0x00409e19
0x00409e23
0x00409e29
0x00409e30
0x00409e36
0x00409e43
0x00409e4c
0x00409e51
0x00409e63
0x00409e68
0x00409ec8
0x00409ecb
0x00409ece
0x00409ed9
0x00409ee9
0x00409ef6

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00409EF7), ref: 00409DA7
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,00409EF7), ref: 00409DC9

Part of subcall function 004063E4: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00406429

Strings

u@, xrefs: 00409E5E, 00409EBA
Lk@, xrefs: 00409EA8

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: Lk@$u@
API String ID: 902310565-2376058283
Opcode ID: 6259ec6f591da9e1ad7678461e817eadaff81f7ebf4198e2adecfced6dfa1836
Instruction ID: 1a931a7164946d0945ddcf4ea47e041f34baee353206f071f8388db194c629b8
Opcode Fuzzy Hash: 6259ec6f591da9e1ad7678461e817eadaff81f7ebf4198e2adecfced6dfa1836
Instruction Fuzzy Hash: 47412B309042589FDB60EF65CD89BCDB7F4AB48304F1145EAA908F7292E7789E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A186, Relevance: 6.0, APIs: 4, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A186() {
				LONG* _t9;
				void* _t10;
				void* _t11;

				_t10 = 0;
				_t11 = 0x20;
				_t9 = 0x415ca4;
				while( *_t9 != 0 || InterlockedCompareExchange(_t9, 1, 0) != 0) {
					_t9 =  &(_t9[2]);
					_t11 = _t11 - 1;
					if(_t11 != 0) {
						continue;
					} else {
						if(_t10 == 0) {
							_t10 = CreateEventW(0, 0, 0, 0);
						}
						ResetEvent(_t10);
					}
					L10:
					return _t10;
				}
				if(_t9[1] == 0) {
					_t9[1] = CreateEventW(0, 0, 0, 0);
				}
				_t3 =  &(_t9[1]); // 0x0
				_t10 =  *_t3;
				goto L10;
			}

0x0040a18b
0x0040a18d
0x0040a192
0x0040a197
0x0040a1c5
0x0040a1c8
0x0040a1c9
0x00000000
0x0040a1cb
0x0040a1cd
0x0040a1dc
0x0040a1dc
0x0040a1df
0x0040a1df
0x0040a1e4
0x0040a1e9
0x0040a1e9
0x0040a1ae
0x0040a1bd
0x0040a1bd
0x0040a1c0
0x0040a1c0
0x00000000

APIs

InterlockedCompareExchange.KERNEL32(00415CA4,00000001,00000000), ref: 0040A1A1
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00415CA4,00000001,00000000), ref: 0040A1B8
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040A1D7
ResetEvent.KERNEL32(00000000), ref: 0040A1DF

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Event$Create$CompareExchangeInterlockedReset
String ID:
API String ID: 2790937731-0
Opcode ID: 85bf60a57223efc1bd127b854e8e2fcc91d5941f498f3bc83f799df80e1b8357
Instruction ID: e519d750d6dcafecf1b76c6a1b6cc8191a637c52d9ce77022197b424e8f1bcef
Opcode Fuzzy Hash: 85bf60a57223efc1bd127b854e8e2fcc91d5941f498f3bc83f799df80e1b8357
Instruction Fuzzy Hash: 2EF05E31780300AAFB316A164C82B2765568BD0B65F254037FA08BE2C2E6BDAC20416E

Uniqueness

Uniqueness Score: -1.00%

Function 004027B8, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277
windowCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E004027B8(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* _t70;
				int _t76;
				intOrPtr _t79;
				intOrPtr _t90;
				CHAR* _t94;
				intOrPtr _t96;
				void* _t106;
				intOrPtr _t107;
				intOrPtr _t113;
				intOrPtr _t118;
				void* _t128;
				intOrPtr _t129;
				intOrPtr _t133;
				signed int _t143;
				int _t148;
				intOrPtr _t149;
				char* _t151;
				char* _t152;
				char* _t153;
				char* _t154;
				char* _t155;
				char* _t156;
				char* _t158;
				char* _t159;
				char* _t164;
				char* _t165;
				intOrPtr _t197;
				void* _t199;
				void* _t200;
				intOrPtr* _t203;
				void* _t205;
				void* _t206;
				signed int _t211;
				void* _t214;
				void* _t215;
				void* _t228;

				_push(__eax);
				_t70 = 0x27;
				goto L1;
				L12:
				while(_t197 != 0x413a24) {
					_t76 = E004021E4(_t197);
					_t148 = _t76;
					__eflags = _t148;
					if(_t148 == 0) {
						L11:
						_t197 =  *((intOrPtr*)(_t197 + 4));
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t211 =  *(_t148 - 4);
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							__eflags = _t211 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t211 & 0xfffffff0) - 4;
									_t143 = E004025A0(_t148);
									__eflags = _t143;
									if(_t143 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t214 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E004025F8(_t148, __eflags, _t214);
							}
						}
						_t76 = E004021C0(_t148);
						_t148 = _t76;
						__eflags = _t148;
					} while (_t148 != 0);
					goto L11;
				}
				_t149 =  *0x415acc; // 0x415ac8
				while(_t149 != 0x415ac8 && _v112652 < 0x1000) {
					_t76 = E004025A0(_t149 + 0x10);
					__eflags = _t76;
					if(_t76 == 0) {
						_v112645 = 0;
						_t22 = _t149 + 0xc; // 0x0
						_t76 = _v112652;
						 *((intOrPtr*)(_t214 + _t76 * 4 - 0x1f824)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t149 + 4; // 0x415ac8
					_t149 =  *_t29;
				}
				if(_v112645 != 0) {
					L50:
					return _t76;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t79 =  *0x412038; // 0x40126c
				_t151 = E0040237C(E00404914(_t79),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x41205e;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t199 = 0xff;
					_t203 = _v112680;
					while(_t151 <=  &_v131113) {
						if( *_t203 > 0) {
							if(_v112653 == 0) {
								_t133 =  *0x41203c; // 0x401298
								_t151 = E0040237C(E00404914(_t133), _t151);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t151 = 0x2c;
								_t156 = _t151 + 1;
								 *_t156 = 0x20;
								_t157 = _t156 + 1;
								__eflags = _t156 + 1;
							} else {
								 *_t151 = 0xd;
								 *((char*)(_t151 + 1)) = 0xa;
								_t164 = E00402260(_v112668 + 1, _t151 + 2);
								 *_t164 = 0x20;
								_t165 = _t164 + 1;
								 *_t165 = 0x2d;
								 *((char*)(_t165 + 1)) = 0x20;
								_t128 = E00402260(_v112672, _t165 + 2);
								_t129 =  *0x412044; // 0x401300
								_t157 = E0040237C(E00404914(_t129), _t128);
								_v112654 = 1;
							}
							_t106 = _t199 - 1;
							_t228 = _t106;
							if(_t228 < 0) {
								_t107 =  *0x412048; // 0x40130c
								_t158 = E0040237C(E00404914(_t107), _t157);
							} else {
								if(_t228 == 0) {
									_t113 =  *0x41204c; // 0x401314
									_t158 = E0040237C(E00404914(_t113), _t157);
								} else {
									if(_t106 == 1) {
										_t118 =  *0x412050; // 0x401320
										_t158 = E0040237C(E00404914(_t118), _t157);
									} else {
										_t158 = E00402394( *((intOrPtr*)(_t203 - 4)), _t157);
									}
								}
							}
							 *_t158 = 0x20;
							_t159 = _t158 + 1;
							 *_t159 = 0x78;
							 *((char*)(_t159 + 1)) = 0x20;
							_t151 = E00402260( *_t203, _t159 + 2);
						}
						_t199 = _t199 - 1;
						_t203 = _t203 - 8;
						if(_t199 != 0xffffffff) {
							continue;
						} else {
							goto L39;
						}
					}
					L39:
					_v112668 = _v112672;
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t57 =  &_v112660;
					 *_t57 = _v112660 - 1;
				} while ( *_t57 != 0);
				if(_v112652 <= 0) {
					L49:
					_t90 =  *0x412054; // 0x401330
					E0040237C(E00404914(_t90), _t151);
					_t94 =  *0x412058; // 0x401334
					_t76 = MessageBoxA(0,  &_v161832, _t94, 0x2010);
					goto L50;
				}
				if(_v112653 != 0) {
					 *_t151 = 0xd;
					_t153 = _t151 + 1;
					 *_t153 = 0xa;
					_t154 = _t153 + 1;
					 *_t154 = 0xd;
					_t155 = _t154 + 1;
					 *_t155 = 0xa;
					_t151 = _t155 + 1;
				}
				_t96 =  *0x412040; // 0x4012c0
				_t151 = E0040237C(E00404914(_t96), _t151);
				_t205 = _v112652 - 1;
				if(_t205 >= 0) {
					_t206 = _t205 + 1;
					_t200 = 0;
					_v112680 =  &_v129064;
					L45:
					L45:
					if(_t200 != 0) {
						 *_t151 = 0x2c;
						_t152 = _t151 + 1;
						 *_t152 = 0x20;
						_t151 = _t152 + 1;
					}
					_t151 = E00402260( *_v112680, _t151);
					if(_t151 >  &_v131113) {
						goto L49;
					}
					_t200 = _t200 + 1;
					_v112680 = _v112680 + 4;
					_t206 = _t206 - 1;
					if(_t206 != 0) {
						goto L45;
					}
				}
				L1:
				_t215 = _t215 + 0xfffff004;
				_push(_t70);
				_t70 = _t70 - 1;
				if(_t70 != 0) {
					goto L1;
				} else {
					E00403250( &_v112644, 0x1b800);
					E00403250( &_v129064, 0x4000);
					_t76 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t197 =  *0x413a28; // 0x24b0000
					goto L12;
				}
			}

0x004027bb
0x004027bc
0x004027bc
0x00000000
0x00402897
0x00402817
0x0040281c
0x0040281e
0x00402820
0x00402894
0x00402894
0x00000000
0x00000000
0x00000000
0x00000000
0x00402822
0x00402822
0x00402827
0x00402829
0x0040282f
0x00402831
0x00402837
0x00402844
0x0040284e
0x00402856
0x0040285e
0x00402863
0x00402865
0x00402867
0x0040287a
0x00402881
0x00402881
0x00402881
0x00402881
0x00402865
0x00402839
0x0040283c
0x00402841
0x00402837
0x00402889
0x0040288e
0x00402890
0x00402890
0x00000000
0x00402822
0x004028a3
0x004028e2
0x004028b0
0x004028b5
0x004028b7
0x004028b9
0x004028c0
0x004028cc
0x004028d2
0x004028d9
0x004028d9
0x004028d9
0x004028d9
0x004028df
0x004028df
0x004028df
0x004028fd
0x00402b92
0x00402b98
0x00402b98
0x00402903
0x0040290c
0x00402912
0x0040292e
0x00402930
0x0040293a
0x0040294a
0x00402950
0x0040295c
0x00402962
0x00402969
0x00402974
0x00402976
0x00402987
0x00402994
0x00402996
0x004029ae
0x004029b0
0x004029b0
0x004029be
0x00402a16
0x00402a19
0x00402a1a
0x00402a1d
0x00402a1d
0x004029c0
0x004029c0
0x004029c4
0x004029d6
0x004029d8
0x004029db
0x004029dc
0x004029e0
0x004029ec
0x004029f3
0x00402a0b
0x00402a0d
0x00402a0d
0x00402a20
0x00402a20
0x00402a23
0x00402a2c
0x00402a44
0x00402a25
0x00402a25
0x00402a48
0x00402a60
0x00402a27
0x00402a28
0x00402a64
0x00402a7c
0x00402a2a
0x00402a8a
0x00402a8a
0x00402a28
0x00402a25
0x00402a8c
0x00402a8f
0x00402a90
0x00402a94
0x00402aa1
0x00402aa1
0x00402aa3
0x00402aa4
0x00402aaa
0x00000000
0x00000000
0x00000000
0x00000000
0x00402aaa
0x00402ab0
0x00402ab6
0x00402abc
0x00402ac6
0x00402acd
0x00402acd
0x00402acd
0x00402ae0
0x00402b61
0x00402b61
0x00402b74
0x00402b7e
0x00402b8d
0x00000000
0x00402b8d
0x00402ae9
0x00402aeb
0x00402aee
0x00402aef
0x00402af2
0x00402af3
0x00402af6
0x00402af7
0x00402afa
0x00402afa
0x00402afb
0x00402b13
0x00402b1b
0x00402b1e
0x00402b20
0x00402b21
0x00402b29
0x00000000
0x00402b2f
0x00402b31
0x00402b33
0x00402b36
0x00402b37
0x00402b3a
0x00402b3a
0x00402b4a
0x00402b54
0x00000000
0x00000000
0x00402b56
0x00402b57
0x00402b5e
0x00402b5f
0x00000000
0x00000000
0x00402b5f
0x004027c1
0x004027c1
0x004027c7
0x004027c8
0x004027c9
0x00000000
0x004027cb
0x004027e4
0x004027f6
0x004027fb
0x004027fd
0x00402803
0x0040280a
0x00000000
0x0040280a

APIs

MessageBoxA.USER32 ref: 00402B8D

Strings

7, xrefs: 00402930
, xrefs: 00402AC6

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message
String ID: $7
API String ID: 2030045667-2388253531
Opcode ID: 4013aa1c4d508e0f21f628e91fd2f66dd9b67919b6327f81295100d5b103fb88
Instruction ID: 5e81d980581d028b30a088fdd03a9cb8372552a81488182f994bcd5140d075e0
Opcode Fuzzy Hash: 4013aa1c4d508e0f21f628e91fd2f66dd9b67919b6327f81295100d5b103fb88
Instruction Fuzzy Hash: A9B1C430B002548BCB21EB2DCE88B9977E4AB4D344F1481F6E548E73D2DBB89D85CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00408F68, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106
threadCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00408F68(void* __ebx, void* __edi, void* __esi) {
				int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t53;
				void* _t54;
				intOrPtr _t80;
				void* _t83;
				void* _t84;
				void* _t86;
				void* _t87;
				intOrPtr _t90;

				_t89 = _t90;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t90);
				_push(0x40907b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t90;
				_v8 = GetThreadLocale();
				_t53 = 1;
				_t86 = 0x415b98;
				_t83 = 0x415bc8;
				do {
					_t3 = _t53 + 0x44; // 0x45
					E00408F2C(_t3 - 1, _t53 - 1,  &_v16, 0xb, _t89);
					E00404C98(_t86, _v16);
					_t6 = _t53 + 0x38; // 0x39
					E00408F2C(_t6 - 1, _t53 - 1,  &_v20, 0xb, _t89);
					E00404C98(_t83, _v20);
					_t53 = _t53 + 1;
					_t83 = _t83 + 4;
					_t86 = _t86 + 4;
				} while (_t53 != 0xd);
				_t54 = 1;
				_t87 = 0x415bf8;
				_t84 = 0x415c14;
				do {
					_t8 = _t54 + 5; // 0x6
					asm("cdq");
					_v12 = _t8 % 7;
					E00408F2C(_v12 + 0x31, _t54 - 1,  &_v24, 6, _t89);
					E00404C98(_t87, _v24);
					E00408F2C(_v12 + 0x2a, _t54 - 1,  &_v28, 6, _t89);
					E00404C98(_t84, _v28);
					_t54 = _t54 + 1;
					_t84 = _t84 + 4;
					_t87 = _t87 + 4;
				} while (_t54 != 8);
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(E00409082);
				return L00404C90( &_v28, 4);
			}

0x00408f69
0x00408f6d
0x00408f6e
0x00408f6f
0x00408f70
0x00408f71
0x00408f72
0x00408f78
0x00408f79
0x00408f7e
0x00408f81
0x00408f89
0x00408f8c
0x00408f91
0x00408f96
0x00408f9b
0x00408faa
0x00408fae
0x00408fb9
0x00408fcd
0x00408fd1
0x00408fdc
0x00408fe1
0x00408fe2
0x00408fe5
0x00408fe8
0x00408fed
0x00408ff2
0x00408ff7
0x00408ffc
0x00408ffc
0x00409004
0x00409007
0x0040901f
0x0040902a
0x00409044
0x0040904f
0x00409054
0x00409055
0x00409058
0x0040905b
0x00409062
0x00409065
0x00409068
0x0040907a

APIs

GetThreadLocale.KERNEL32(00000000,0040907B,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00408F84

Strings

l@, xrefs: 00409011
$l@, xrefs: 00408FA2

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: LocaleThread
String ID: $l@$l@
API String ID: 635194068-4225844758
Opcode ID: 2e04514abfb8c49145987658e143d38efe1e1c455c6006f5a4294f9294b84c0e
Instruction ID: 74ee3e2f097acfc3ea8ee091fc7cdb976d8602175913d475df625015d87764a0
Opcode Fuzzy Hash: 2e04514abfb8c49145987658e143d38efe1e1c455c6006f5a4294f9294b84c0e
Instruction Fuzzy Hash: F6318771F045046BDB04EB99C881AAF77AAD788314F51843BFA05E7381DA39AD418769

Uniqueness

Uniqueness Score: -1.00%

Function 00409D3A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E00409D3A(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				short _v558;
				char _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char _v588;
				void* _v592;
				char _v596;
				char _v600;
				char _v604;
				char _v608;
				intOrPtr _v612;
				char _v616;
				char _v620;
				char _v624;
				void* _v628;
				char _v632;
				intOrPtr _t52;
				intOrPtr _t60;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t110;
				void* _t113;

				_t108 = __edi;
				_v632 = 0;
				_v596 = 0;
				_v604 = 0;
				_v600 = 0;
				_v8 = 0;
				_push(_t113);
				_push(0x409ef7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t113 + 0xfffffd8c;
				_t89 =  *((intOrPtr*)(_a4 - 4));
				if( *((intOrPtr*)(_t89 + 0x14)) != 0) {
					_t52 =  *0x412c04; // 0x406bac
					E004063E4(_t52,  &_v8);
				} else {
					_t86 =  *0x412c80; // 0x406ba4
					E004063E4(_t86,  &_v8);
				}
				_t110 =  *((intOrPtr*)(_t89 + 0x18));
				VirtualQuery( *(_t89 + 0xc),  &_v36, 0x1c);
				if(_v36.State != 0x1000 || GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105) == 0) {
					_v628 =  *(_t89 + 0xc);
					_v624 = 5;
					_v620 = _v8;
					_v616 = 0x11;
					_v612 = _t110;
					_v608 = 5;
					_push( &_v628);
					_t60 =  *0x412c0c; // 0x406b4c
					E004063E4(_t60,  &_v632, 2);
					E00409860(_t89, _v632, 1, _t108, _t110);
				} else {
					_v592 =  *(_t89 + 0xc);
					_v588 = 5;
					E00404E50( &_v600, 0x105,  &_v558);
					E00408028(_v600,  &_v596);
					_v584 = _v596;
					_v580 = 0x11;
					_v576 = _v8;
					_v572 = 0x11;
					_v568 = _t110;
					_v564 = 5;
					_push( &_v592);
					_t82 =  *0x412c38; // 0x406c1c
					E004063E4(_t82,  &_v604, 3);
					E00409860(_t89, _v604, 1, _t108, _t110);
				}
				_pop(_t101);
				 *[fs:eax] = _t101;
				_push(E00409EFE);
				L00404C88( &_v632);
				L00404C90( &_v604, 3);
				return L00404C88( &_v8);
			}

0x00409d3a
0x00409d49
0x00409d4f
0x00409d55
0x00409d5b
0x00409d61
0x00409d66
0x00409d67
0x00409d6c
0x00409d6f
0x00409d75
0x00409d7c
0x00409d90
0x00409d95
0x00409d7e
0x00409d81
0x00409d86
0x00409d86
0x00409d9a
0x00409da7
0x00409db3
0x00409e6f
0x00409e75
0x00409e7f
0x00409e85
0x00409e8c
0x00409e92
0x00409e9f
0x00409ea8
0x00409ead
0x00409ebf
0x00409dd6
0x00409dd9
0x00409ddf
0x00409df7
0x00409e08
0x00409e13
0x00409e19
0x00409e23
0x00409e29
0x00409e30
0x00409e36
0x00409e43
0x00409e4c
0x00409e51
0x00409e63
0x00409e68
0x00409ec8
0x00409ecb
0x00409ece
0x00409ed9
0x00409ee9
0x00409ef6

APIs

VirtualQuery.KERNEL32(?,?,0000001C,00000000,00409EF7), ref: 00409DA7
GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,00409EF7), ref: 00409DC9

Part of subcall function 004063E4: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00406429

Strings

u@, xrefs: 00409E5E

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileLoadModuleNameQueryStringVirtual
String ID: u@
API String ID: 902310565-3232061631
Opcode ID: 803c9cc7856af3ac950bd715bc8bc3bbbc638ef6bdeafcb244893eb738825441
Instruction ID: ca758b4f96bfb77009ae275c47d805f447a219e65d8d40a01463ddbbb4a05e8c
Opcode Fuzzy Hash: 803c9cc7856af3ac950bd715bc8bc3bbbc638ef6bdeafcb244893eb738825441
Instruction Fuzzy Hash: 0A313C709002589FDB60EF64CC85B8AB7F8EB48304F0144EAA508F7281E7789E84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040EE68, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27
windowCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040EE68(void* __ecx) {
				char _v8;
				intOrPtr _t17;
				intOrPtr _t20;

				_push(0);
				_push(_t20);
				 *[fs:eax] = _t20;
				E00404CEC( &_v8, L"The Setup program accepts optional command line parameters.\r\n\r\n/HELP, /?\r\nShows this information.\r\n/SP-\r\nDisables the This will install... Do you wish to continue? prompt at the beginning of Setup.\r\n/SILENT, /VERYSILENT\r\nInstructs Setup to be silent or very silent.\r\n/SUPPRESSMSGBOXES\r\nInstructs Setup to suppress message boxes.\r\n/LOG\r\nCauses Setup to create a log file in the user\'s TEMP directory.\r\n/LOG=\"filename\"\r\nSame as /LOG, except it allows you to specify a fixed path/filename to use for the log file.\r\n/NOCANCEL\r\nPrevents the user from cancelling during the installation process.\r\n/NORESTART\r\nPrevents Setup from restarting the system following a successful installation, or after a Preparing to Install failure that requests a restart.\r\n/RESTARTEXITCODE=exit code\r\nSpecifies a custom exit code that Setup is to return when the system needs to be restarted.\r\n/CLOSEAPPLICATIONS\r\nInstructs Setup to close applications using files that need to be updated.\r\n/NOCLOSEAPPLICATIONS\r\nPrevents Setup from closing applications using files that need to be updated.\r\n/RESTARTAPPLICATIONS\r\nInstructs Setup to restart applications.\r\n/NORESTARTAPPLICATIONS\r\nPrevents Setup from restarting applications.\r\n/LOADINF=\"filename\"\r\nInstructs Setup to load the settings from the specified file after having checked the command line.\r\n/SAVEINF=\"filename\"\r\nInstructs Setup to save installation settings to the specified file.\r\n/LANG=language\r\nSpecifies the internal name of the language to use.\r\n/DIR=\"x:\\dirname\"\r\nOverrides the default directory name.\r\n/GROUP=\"folder name\"\r\nOverrides the default folder name.\r\n/NOICONS\r\nInstructs Setup to initially check the Don\'t create a Start Menu folder check box.\r\n/TYPE=type name\r\nOverrides the default setup type.\r\n/COMPONENTS=\"comma separated list of component names\"\r\nOverrides the default component settings.\r\n/TASKS=\"comma separated list of task names\"\r\nSpecifies a list of tasks that should be initially selected.\r\n/MERGETASKS=\"comma separated list of task names\"\r\nLike the /TASKS parameter, except the specified tasks will be merged with the set of tasks that would have otherwise been selected by default.\r\n/PASSWORD=password\r\nSpecifies the password to use.\r\n\r\nFor more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline",  *[fs:eax]);
				MessageBoxW(0, E00404D24(_v8), L"Setup", 0x10);
				_t17 = 0x40eeb5;
				 *[fs:eax] = _t17;
				_push(E0040EEBC);
				return L00404C88( &_v8);
			}

0x0040ee6b
0x0040ee6f
0x0040ee78
0x0040ee83
0x0040ee9a
0x0040eea1
0x0040eea4
0x0040eea7
0x0040eeb4

APIs

MessageBoxW.USER32(00000000,00000000,Setup,00000010), ref: 0040EE9A

Strings

The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in, xrefs: 0040EE7E
Setup, xrefs: 0040EE8A

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message
String ID: Setup$The Setup program accepts optional command line parameters./HELP, /?Shows this information./SP-Disables the This will in
API String ID: 2030045667-2353098591
Opcode ID: 3f22f5bdfd00b5526a11fead451ef0713966d62effaaaaed0f75cf52d05feab8
Instruction ID: 0883e15896c4b772834ba87302cf9c47b33127b330fab632c4ce07624bd07afc
Opcode Fuzzy Hash: 3f22f5bdfd00b5526a11fead451ef0713966d62effaaaaed0f75cf52d05feab8
Instruction Fuzzy Hash: 02E0657424820CAAF301B652DD13F5AB69CD788B04F62487BF900B19C1D6B95E109468

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABF8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ABF8() {
				void* __ebx;
				struct HINSTANCE__* _t1;
				void* _t4;

				_t1 = GetModuleHandleW(L"kernel32.dll");
				_t3 = _t1;
				if(_t1 != 0) {
					_t1 = E00406728(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
					 *0x412810 = _t1;
				}
				if( *0x412810 == 0) {
					 *0x412810 = E00408068;
					return E00408068;
				}
				return _t1;
			}

0x0040abfe
0x0040ac03
0x0040ac07
0x0040ac0f
0x0040ac14
0x0040ac14
0x0040ac20
0x0040ac27
0x00000000
0x0040ac27
0x0040ac2d

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,004115E0,00000000,004115F3), ref: 0040ABFE

Part of subcall function 00406728: GetProcAddress.KERNEL32(?,0040BDAE), ref: 0040674C

Strings

kernel32.dll, xrefs: 0040ABF9
GetDiskFreeSpaceExW, xrefs: 0040AC09

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1646373207-1127948838
Opcode ID: fe33998cc9cc36d521a582d18847cefbb746d69cd43996148563fe781e2b6cb8
Instruction ID: caf3bee2458b42963bc9357fb50682e39eca259f80fc94b3950681cf825eb87a
Opcode Fuzzy Hash: fe33998cc9cc36d521a582d18847cefbb746d69cd43996148563fe781e2b6cb8
Instruction Fuzzy Hash: 77D05E713083014FE3007BB06E8160A25C8A301309B029A3BA401B62D2C7FD4835875E

Uniqueness

Uniqueness Score: -1.00%

Function 0040E5DC, Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E5DC(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E0040E168(_t9, _v8, _t19);
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}

0x0040e5dc
0x0040e5e3
0x0040e5e6
0x0040e5ea
0x0040e5ed
0x0040e63b
0x0040e63b
0x0040e63b
0x0040e5ef
0x0040e5f0
0x0040e5f2
0x0040e5f2
0x0040e5f5
0x0040e602
0x0040e605
0x0040e60b
0x0040e60b
0x0040e5f7
0x0040e5fb
0x0040e5fb
0x0040e615
0x0040e61c
0x00000000
0x00000000
0x0040e61e
0x0040e626
0x00000000
0x00000000
0x0040e628
0x0040e630
0x00000000
0x00000000
0x0040e632
0x0040e633
0x0040e634
0x00000000
0x00000000
0x00000000
0x0040e634
0x00000000

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,00411DC8,000000FA,00000032,00411E30), ref: 0040E5FB
Sleep.KERNEL32(?,?,?,?,0000000D,?,00411DC8,000000FA,00000032,00411E30), ref: 0040E60B
GetLastError.KERNEL32(?,?,?,0000000D,?,00411DC8,000000FA,00000032,00411E30), ref: 0040E61E
GetLastError.KERNEL32(?,?,?,0000000D,?,00411DC8,000000FA,00000032,00411E30), ref: 0040E628

Memory Dump Source

Source File: 00000014.00000002.648999307.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000014.00000002.648972562.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649139467.0000000000412000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649207265.0000000000417000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.649265748.000000000041C000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.649345498.0000000000424000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: aac2bbf36f8ddde83f6facb60647697f5e410134289920da196e8a7cad57603d
Instruction ID: 94192f546389ca7677f92084570e97d6a590b5d124bd5d39fde150768ecb5d8c
Opcode Fuzzy Hash: aac2bbf36f8ddde83f6facb60647697f5e410134289920da196e8a7cad57603d
Instruction Fuzzy Hash: 22F02B3260012467DB30E5BFEC8591F7258DAA13687104C3BF505F3381D43ADD6142A9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: video_editor_x64.tmp PID: 4276 Parent PID: 496 video_editor_x64.tmpCOMMON

Execution Graph

Execution Coverage:	11.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5%
Total number of Nodes:	2000
Total number of Limit Nodes:	109

Executed Functions

Function 00408370, Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 207
registrystringlibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E00408370(WCHAR* __eax) {
				WCHAR* _v8;
				void* _v12;
				short _v18;
				short _v22;
				short _v32;
				int _v36;
				short _v558;
				long _t48;
				signed int _t58;
				long _t67;
				long _t69;
				long _t71;
				WCHAR* _t82;
				struct HINSTANCE__* _t89;
				struct HINSTANCE__* _t96;
				short* _t108;
				WCHAR* _t109;
				intOrPtr _t113;
				signed int _t115;
				signed int _t116;
				signed int _t118;
				signed int _t119;
				signed int _t121;
				signed int _t122;
				struct HINSTANCE__* _t124;
				void* _t127;
				void* _t129;
				intOrPtr _t130;
				long _t137;

				_t127 = _t129;
				_t130 = _t129 + 0xfffffdd4;
				_v8 = __eax;
				GetModuleFileNameW(0,  &_v558, 0x105);
				_v32 = 0;
				_t48 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t48 == 0) {
					L4:
					_push(_t127);
					_push(0x4084a4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t130;
					_v36 = 0xa;
					E00408174( &_v558, 0x105);
					if(RegQueryValueExW(_v12,  &_v558, 0, 0,  &_v32,  &_v36) != 0) {
						_t137 = RegQueryValueExW(_v12, E00408698, 0, 0,  &_v32,  &_v36);
						if(_t137 != 0) {
							_v32 = 0;
						}
					}
					_t58 = _v36 >> 1;
					if(_t137 < 0) {
						asm("adc eax, 0x0");
					}
					 *((short*)(_t127 + _t58 * 2 - 0x1c)) = 0;
					_pop(_t113);
					 *[fs:eax] = _t113;
					_push(E004084AB);
					return RegCloseKey(_v12);
				} else {
					_t67 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t67 == 0) {
						goto L4;
					} else {
						_t69 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t69 == 0) {
							goto L4;
						} else {
							_t71 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
							if(_t71 != 0) {
								lstrcpynW( &_v558, _v8, 0x105);
								GetLocaleInfoW(GetThreadLocale(), 3,  &_v22, 5); // executed
								_t124 = 0;
								if(_v558 != 0 && (_v22 != 0 || _v32 != 0)) {
									_t108 = lstrlenW( &_v558) + _t80 +  &_v558;
									L16:
									if( *_t108 != 0x2e && _t108 !=  &_v558) {
										_t108 = _t108 - 2;
										goto L16;
									}
									_t82 =  &_v558;
									if(_t108 != _t82) {
										_t109 = _t108 + 2;
										if(_v32 != 0) {
											_t121 = _t109 - _t82;
											_t122 = _t121 >> 1;
											if(_t121 < 0) {
												asm("adc edx, 0x0");
											}
											lstrcpynW(_t109,  &_v32, 0x105 - _t122);
											_t124 = LoadLibraryExW( &_v558, 0, 2);
										}
										if(_t124 == 0 && _v22 != 0) {
											_t115 = _t109 -  &_v558;
											_t116 = _t115 >> 1;
											if(_t115 < 0) {
												asm("adc edx, 0x0");
											}
											lstrcpynW(_t109,  &_v22, 0x105 - _t116);
											_t89 = LoadLibraryExW( &_v558, 0, 2); // executed
											_t124 = _t89;
											if(_t124 == 0) {
												_v18 = 0;
												_t118 = _t109 -  &_v558;
												_t119 = _t118 >> 1;
												if(_t118 < 0) {
													asm("adc edx, 0x0");
												}
												lstrcpynW(_t109,  &_v22, 0x105 - _t119);
												_t96 = LoadLibraryExW( &_v558, 0, 2); // executed
												_t124 = _t96;
											}
										}
									}
								}
								return _t124;
							} else {
								goto L4;
							}
						}
					}
				}
			}

0x00408371
0x00408373
0x0040837b
0x0040838c
0x00408391
0x004083ac
0x004083b3
0x00408413
0x00408415
0x00408416
0x0040841b
0x0040841e
0x00408421
0x00408433
0x00408456
0x00408472
0x00408474
0x00408476
0x00408476
0x00408474
0x0040847f
0x00408481
0x00408483
0x00408483
0x00408486
0x0040848f
0x00408492
0x00408495
0x004084a3
0x004083b5
0x004083ca
0x004083d1
0x00000000
0x004083d3
0x004083e8
0x004083ef
0x00000000
0x004083f1
0x00408406
0x0040840d
0x004084bb
0x004084ce
0x004084d3
0x004084dd
0x0040850b
0x00408512
0x00408516
0x0040850f
0x00000000
0x0040850f
0x00408522
0x0040852a
0x00408530
0x00408538
0x0040853c
0x0040853e
0x00408540
0x00408542
0x00408542
0x00408552
0x00408567
0x00408567
0x0040856b
0x0040857c
0x0040857e
0x00408580
0x00408582
0x00408582
0x00408592
0x004085a2
0x004085a7
0x004085ab
0x004085ad
0x004085bb
0x004085bd
0x004085bf
0x004085c1
0x004085c1
0x004085d1
0x004085e1
0x004085e6
0x004085e6
0x004085ab
0x0040856b
0x0040852a
0x004085ef
0x00000000
0x00000000
0x00000000
0x0040840d
0x004083ef
0x004083d1

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000105,00400000,005027F0), ref: 0040838C
RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005027F0), ref: 004083AC
RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005027F0), ref: 004083CA
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 004083E8
RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00408406
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,004084A4,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 0040844F
RegQueryValueExW.ADVAPI32(?,00408698,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,004084A4,?,80000001), ref: 0040846D
RegCloseKey.ADVAPI32(?,004084AB,00000000,?,?,00000000,004084A4,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 0040849E
lstrcpynW.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000), ref: 004084BB
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 004084C8
GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 004084CE
lstrlenW.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004084FC
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00408552
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00408562
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00408592
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004085A2
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 004085D1

Strings

Software\Borland\Locales, xrefs: 004083DE
Software\CodeGear\Locales, xrefs: 004083A2, 004083C0
Software\Borland\Delphi\Locales, xrefs: 004083FC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Openlstrcpyn$LibraryLoadLocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales
API String ID: 3838733197-345420546
Opcode ID: dafdfd18fb6c40a2d41f9fc4910561df257b48953a1921b5bcc087da3586443a
Instruction ID: a500898f6dc47257e1585acfd824c909a598bb48bb2a219c79c4edbb62c36863
Opcode Fuzzy Hash: dafdfd18fb6c40a2d41f9fc4910561df257b48953a1921b5bcc087da3586443a
Instruction Fuzzy Hash: 3B615271A402197AEB20DAE5CD46FEF72BC9B08704F44407BBA40F65C1FABC9A448B5D

Uniqueness

Uniqueness Score: -1.00%

Function 0047FFEC, Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 178
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 43%

			E0047FFEC(long __eax) {
				signed char _v5;
				void* _v12;
				char _v16;
				void* _v20;
				long _v24;
				void* _v28;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t36;
				void* _t85;
				signed int _t96;
				intOrPtr _t101;
				intOrPtr _t102;
				void* _t103;
				void* _t106;
				void* _t107;
				void* _t109;
				void* _t111;
				intOrPtr _t112;

				_t109 = _t111;
				_t112 = _t111 + 0xffffffe8;
				_push(_t103);
				_t36 =  *0x505038; // 0x502914
				if( *_t36 == 2) {
					_v5 = 0;
					if(AllocateAndInitializeSid(0x503dd4, 2, 0x20, __eax, 0, 0, 0, 0, 0, 0,  &_v12) == 0) {
						goto L26;
					} else {
						_push(_t109);
						_push(0x4801d0);
						_push( *[fs:eax]);
						 *[fs:eax] = _t112;
						_t95 = 0;
						if((GetVersion() & 0x000000ff) >= 5) {
							_t95 = E00409620(0, _t103, GetModuleHandleW(L"advapi32.dll"), L"CheckTokenMembership");
						}
						if(_t95 == 0) {
							_v28 = 0;
							if(OpenThreadToken(GetCurrentThread(), 8, 0xffffffff,  &_v20) != 0) {
								L13:
								_push(_t109);
								_push(0x4801b2);
								_push( *[fs:eax]);
								 *[fs:eax] = _t112;
								_v24 = 0;
								if(GetTokenInformation(_v20, 2, 0, 0,  &_v24) != 0 || GetLastError() == 0x7a) {
									_v28 = E00403018(_v24);
									if(GetTokenInformation(_v20, 2, _v28, _v24,  &_v24) != 0) {
										_t106 =  *_v28 - 1;
										if(_t106 >= 0) {
											_t107 = _t106 + 1;
											_t96 = 0;
											while(EqualSid(_v12,  *(_v28 + 4 + _t96 * 8)) == 0 || ( *(_v28 + 8 + _t96 * 8) & 0x00000014) != 4) {
												_t96 = _t96 + 1;
												_t107 = _t107 - 1;
												if(_t107 != 0) {
													continue;
												}
												goto L24;
											}
											_v5 = 1;
										}
										L24:
										_pop(_t101);
										 *[fs:eax] = _t101;
										_push(E004801B9);
										E00403034(_v28);
										return CloseHandle(_v20);
									} else {
										E00404B68();
										E00404B68();
										goto L26;
									}
								} else {
									E00404B68();
									E00404B68();
									goto L26;
								}
							} else {
								if(GetLastError() == 0x3f0) {
									if(OpenProcessToken(GetCurrentProcess(), 8,  &_v20) != 0) {
										goto L13;
									} else {
										E00404B68();
										goto L26;
									}
								} else {
									E00404B68();
									goto L26;
								}
							}
						} else {
							_t85 =  *_t95(0, _v12,  &_v16); // executed
							if(_t85 != 0) {
								asm("sbb eax, eax");
								_v5 = _t85 + 1;
							}
							_pop(_t102);
							 *[fs:eax] = _t102;
							_push(E004801D7);
							return FreeSid(_v12);
						}
					}
				} else {
					_v5 = 1;
					L26:
					return _v5 & 0x000000ff;
				}
			}

0x0047ffed
0x0047ffef
0x0047fff3
0x0047fff6
0x0047fffe
0x00480009
0x0048002e
0x00000000
0x00480034
0x00480036
0x00480037
0x0048003c
0x0048003f
0x00480042
0x00480052
0x00480069
0x00480069
0x0048006d
0x00480094
0x004800ac
0x004800e3
0x004800e5
0x004800e6
0x004800eb
0x004800ee
0x004800f3
0x0048010b
0x0048012e
0x0048014a
0x0048015d
0x00480160
0x00480162
0x00480163
0x00480165
0x0048018f
0x00480190
0x00480191
0x00000000
0x00000000
0x00000000
0x00480191
0x00480189
0x00480189
0x00480193
0x00480195
0x00480198
0x0048019b
0x004801a3
0x004801b1
0x0048014c
0x0048014c
0x00480151
0x00000000
0x00480151
0x00480117
0x00480117
0x0048011c
0x00000000
0x0048011c
0x004800ae
0x004800b8
0x004800d7
0x00000000
0x004800d9
0x004800d9
0x00000000
0x004800d9
0x004800ba
0x004800ba
0x00000000
0x004800ba
0x004800b8
0x0048006f
0x00480079
0x0048007d
0x00480087
0x0048008a
0x0048008a
0x004801bb
0x004801be
0x004801c1
0x004801cf
0x004801cf
0x0048006d
0x00480000
0x00480000
0x004801d7
0x004801e0
0x004801e0

APIs

AllocateAndInitializeSid.ADVAPI32(00503DD4,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00480027
GetVersion.KERNEL32(00000000,004801D0,?,00503DD4,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00480044
GetModuleHandleW.KERNEL32(advapi32.dll,CheckTokenMembership,00000000,004801D0,?,00503DD4,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0048005E
CheckTokenMembership.KERNELBASE(00000000,00000000,?,00000000,004801D0,?,00503DD4,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00480079
FreeSid.ADVAPI32(00000000,004801D7,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 004801CA

Strings

CheckTokenMembership, xrefs: 00480054
advapi32.dll, xrefs: 00480059

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AllocateCheckFreeHandleInitializeMembershipModuleTokenVersion
String ID: CheckTokenMembership$advapi32.dll
API String ID: 2691416632-1888249752
Opcode ID: 184b2f3b108fc21e836035392c7f2c6a81167f3c29875d198c30ed0b3d5a9bfc
Instruction ID: 470ffb4e3a3b4e5bbcdb8d5971faf8775aa8bc9487a6afa9a0b77fb0be6964cb
Opcode Fuzzy Hash: 184b2f3b108fc21e836035392c7f2c6a81167f3c29875d198c30ed0b3d5a9bfc
Instruction Fuzzy Hash: 83518371A14305AEDB51FAE58C46BBF77A8AB44314F50087BBA00F22C2D67D9D088769

Uniqueness

Uniqueness Score: -1.00%

Function 004084AB, Relevance: 15.1, APIs: 10, Instructions: 108
stringlibrarythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 90%

			E004084AB() {
				void* _t32;
				struct HINSTANCE__* _t39;
				struct HINSTANCE__* _t46;
				short* _t57;
				WCHAR* _t58;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t64;
				signed int _t66;
				signed int _t67;
				struct HINSTANCE__* _t68;
				void* _t70;

				lstrcpynW(_t70 - 0x22a,  *(_t70 - 4), 0x105);
				GetLocaleInfoW(GetThreadLocale(), 3, _t70 - 0x12, 5); // executed
				_t68 = 0;
				if( *(_t70 - 0x22a) == 0 ||  *(_t70 - 0x12) == 0 &&  *(_t70 - 0x1c) == 0) {
					L20:
					return _t68;
				} else {
					_t57 = lstrlenW(_t70 - 0x22a) + _t30 + _t70 - 0x22a;
					L5:
					if( *_t57 != 0x2e && _t57 != _t70 - 0x22a) {
						_t57 = _t57 - 2;
						goto L5;
					}
					_t32 = _t70 - 0x22a;
					if(_t57 != _t32) {
						_t58 = _t57 + 2;
						if( *(_t70 - 0x1c) != 0) {
							_t66 = _t58 - _t32;
							_t67 = _t66 >> 1;
							if(_t66 < 0) {
								asm("adc edx, 0x0");
							}
							lstrcpynW(_t58, _t70 - 0x1c, 0x105 - _t67);
							_t68 = LoadLibraryExW(_t70 - 0x22a, 0, 2);
						}
						if(_t68 == 0 &&  *(_t70 - 0x12) != 0) {
							_t60 = _t58 - _t70 - 0x22a;
							_t61 = _t60 >> 1;
							if(_t60 < 0) {
								asm("adc edx, 0x0");
							}
							lstrcpynW(_t58, _t70 - 0x12, 0x105 - _t61);
							_t39 = LoadLibraryExW(_t70 - 0x22a, 0, 2); // executed
							_t68 = _t39;
							if(_t68 == 0) {
								 *((short*)(_t70 - 0xe)) = 0;
								_t63 = _t58 - _t70 - 0x22a;
								_t64 = _t63 >> 1;
								if(_t63 < 0) {
									asm("adc edx, 0x0");
								}
								lstrcpynW(_t58, _t70 - 0x12, 0x105 - _t64);
								_t46 = LoadLibraryExW(_t70 - 0x22a, 0, 2); // executed
								_t68 = _t46;
							}
						}
					}
					goto L20;
				}
			}

0x004084bb
0x004084ce
0x004084d3
0x004084dd
0x004085e8
0x004085ef
0x004084f5
0x0040850b
0x00408512
0x00408516
0x0040850f
0x00000000
0x0040850f
0x00408522
0x0040852a
0x00408530
0x00408538
0x0040853c
0x0040853e
0x00408540
0x00408542
0x00408542
0x00408552
0x00408567
0x00408567
0x0040856b
0x0040857c
0x0040857e
0x00408580
0x00408582
0x00408582
0x00408592
0x004085a2
0x004085a7
0x004085ab
0x004085ad
0x004085bb
0x004085bd
0x004085bf
0x004085c1
0x004085c1
0x004085d1
0x004085e1
0x004085e6
0x004085e6
0x004085ab
0x0040856b
0x00000000
0x0040852a

APIs

lstrcpynW.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000), ref: 004084BB
GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 004084C8
GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 004084CE
lstrlenW.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004084FC
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00408552
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00408562
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00408592
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004085A2
lstrcpynW.KERNEL32(-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 004085D1
LoadLibraryExW.KERNEL32(?,00000000,00000002,-00000002,?,00000105,?,00000000,00000002,-00000002,?,00000105,?,00000000,00000003,?), ref: 004085E1

Strings

Software\Borland\Locales, xrefs: 004083DE
Software\CodeGear\Locales, xrefs: 004083A2, 004083C0
Software\Borland\Delphi\Locales, xrefs: 004083FC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales
API String ID: 1599918012-345420546
Opcode ID: 4178ec917de22c9fa02476d0238962d15125bf17bcff0688646d60131478852f
Instruction ID: 2bdfecea2a4ebc7d9a87a4a5d20900cc82af348492f95972f04b7fe5743583f5
Opcode Fuzzy Hash: 4178ec917de22c9fa02476d0238962d15125bf17bcff0688646d60131478852f
Instruction Fuzzy Hash: 9B319671E0011976EB21DAE4DD49BEF62BC9B08304F44417BE540F76C1FABC9E448B59

Uniqueness

Uniqueness Score: -1.00%

Function 004736F8, Relevance: 12.4, APIs: 8, Instructions: 381
windowCOMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E004736F8(intOrPtr __eax, struct HWND__** __edx, void* __fp0) {
				intOrPtr _v8;
				int _v12;
				intOrPtr _v16;
				struct HDC__* _v20;
				char _v21;
				struct HWND__* _v28;
				void* __ebp;
				struct HWND__* _t111;
				intOrPtr _t123;
				struct HWND__* _t124;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t149;
				intOrPtr _t151;
				intOrPtr _t152;
				int _t155;
				intOrPtr _t158;
				intOrPtr _t161;
				intOrPtr _t162;
				intOrPtr _t163;
				struct HWND__* _t165;
				struct HWND__* _t168;
				intOrPtr _t174;
				intOrPtr _t204;
				intOrPtr _t232;
				struct HWND__* _t235;
				struct HWND__** _t237;
				void* _t240;
				struct HWND__* _t259;
				struct HWND__* _t261;
				struct HWND__* _t264;
				struct HWND__* _t265;
				void* _t279;
				void* _t280;
				intOrPtr _t286;
				void* _t288;
				intOrPtr _t294;
				intOrPtr _t298;
				struct HWND__* _t304;
				struct HWND__* _t307;
				intOrPtr _t310;
				struct HWND__* _t311;
				struct HWND__* _t314;
				struct HWND__* _t315;
				struct HWND__* _t316;
				struct HWND__* _t321;
				struct HWND__* _t322;
				struct HWND__* _t323;
				struct HWND__* _t324;
				void* _t326;
				void* _t328;
				intOrPtr _t329;
				void* _t331;
				void* _t336;

				_t326 = _t328;
				_t329 = _t328 + 0xffffffe8;
				_t237 = __edx;
				_v8 = __eax;
				_t111 =  *__edx;
				_t259 = _t111;
				_t331 = _t259 - 0x112;
				if(_t331 > 0) {
					_t261 = _t259 + 0xfffffce2 - 2;
					__eflags = _t261;
					if(_t261 < 0) {
						E00478B00(_v8, _t240, __fp0);
					} else {
						_t264 = _t261 - 0xacfa;
						__eflags = _t264;
						if(_t264 == 0) {
							__eflags =  *(_v8 + 0x90);
							if(__eflags != 0) {
								E004042A8(_v8, __eflags);
							}
						} else {
							_t265 = _t264 - 1;
							__eflags = _t265;
							if(_t265 == 0) {
								__eflags =  *(_v8 + 0x90);
								if(__eflags != 0) {
									E004042A8(_v8, __eflags);
								}
							} else {
								__eflags = _t265 == 0x2c;
								if(_t265 == 0x2c) {
									_t321 = __edx[1];
									_t314 = 0;
									while(1) {
										__eflags = _t321;
										if(_t321 == 0) {
											break;
										}
										__eflags = _t314;
										if(_t314 == 0) {
											_t314 = L00457870(_t321, _t240);
											_t321 = GetParent(_t321);
											continue;
										}
										break;
									}
									__eflags = _t314;
									if(_t314 != 0) {
										_t322 = E004710A8(_t314);
										_t123 = _v8;
										__eflags = _t314 -  *((intOrPtr*)(_t123 + 0x278));
										if(_t314 !=  *((intOrPtr*)(_t123 + 0x278))) {
											L37:
											__eflags = _t322;
											if(_t322 != 0) {
												__eflags = _t322 - _v8;
												if(_t322 == _v8) {
													L40:
													_t124 =  *(_t322 + 0x278);
													__eflags = _t124;
													if(_t124 != 0) {
														__eflags = _t314 - _t124;
														if(_t314 != _t124) {
															__eflags = 0;
															E0045C458(_t124, 0, 8, 0);
														}
													}
													 *((intOrPtr*)(_t322->i + 0xfc))();
												} else {
													_t128 =  *0x50b180; // 0x25c26a0
													__eflags = _t322 -  *((intOrPtr*)(_t128 + 0x60));
													if(_t322 !=  *((intOrPtr*)(_t128 + 0x60))) {
														goto L40;
													}
												}
											}
										} else {
											_t129 =  *0x50b180; // 0x25c26a0
											__eflags = _t314 -  *((intOrPtr*)(_t129 + 0x5c));
											if(_t314 !=  *((intOrPtr*)(_t129 + 0x5c))) {
												goto L37;
											}
										}
									}
								} else {
									goto L66;
								}
							}
						}
					}
					goto L68;
				} else {
					if(_t331 == 0) {
						__eflags = (__edx[1] & 0x0000fff0) - 0xf120;
						if((__edx[1] & 0x0000fff0) == 0xf120) {
							L15:
							_t149 =  *0x50b17c; // 0x25b4140
							__eflags =  *((intOrPtr*)(_t149 + 0x40)) - _v8;
							if( *((intOrPtr*)(_t149 + 0x40)) != _v8) {
								goto L68;
							} else {
								_t151 =  *0x50b17c; // 0x25b4140
								__eflags =  *((char*)(_t151 + 0xcf));
								if( *((char*)(_t151 + 0xcf)) == 0) {
									goto L68;
								} else {
									_t152 =  *0x50b17c; // 0x25b4140
									_t155 = IsIconic(L00463A10( *((intOrPtr*)(_t152 + 0x40))));
									__eflags = _t155 - 1;
									asm("sbb eax, eax");
									_v21 = _t155 + 1;
									_t111 = E00460848(_v8, _t237);
									__eflags = _v21;
									if(_v21 != 0) {
										_t158 =  *0x50b17c; // 0x25b4140
										_t111 = L0047DFA0(_t158, _t240);
									}
								}
							}
						} else {
							__eflags = (__edx[1] & 0x0000fff0) - 0xf030;
							if((__edx[1] & 0x0000fff0) != 0xf030) {
								goto L68;
							} else {
								_t161 =  *0x50b17c; // 0x25b4140
								__eflags =  *((char*)(_t161 + 0x30));
								if( *((char*)(_t161 + 0x30)) == 0) {
									goto L68;
								} else {
									goto L15;
								}
							}
						}
						goto L69;
					} else {
						_t279 = _t259 + 0xfffffffa - 3;
						if(_t279 < 0) {
							__eflags =  *0x503c9c;
							if( *0x503c9c != 0) {
								__eflags =  *__edx - 7;
								if( *__edx != 7) {
									goto L68;
								} else {
									_t162 = _v8;
									__eflags =  *(_t162 + 0x1c) & 0x00000010;
									if(( *(_t162 + 0x1c) & 0x00000010) != 0) {
										goto L68;
									} else {
										_t323 = 0;
										_t163 = _v8;
										__eflags =  *((char*)(_t163 + 0x287)) - 2;
										if( *((char*)(_t163 + 0x287)) != 2) {
											_t165 =  *(_v8 + 0x278);
											__eflags = _t165;
											if(_t165 != 0) {
												__eflags = _t165 - _v8;
												if(_t165 != _v8) {
													_t323 = L00463A10(_t165);
												}
											}
										} else {
											_t168 = E0047465C(_v8);
											__eflags = _t168;
											if(_t168 != 0) {
												_t323 = L00463A10(E0047465C(_v8));
											}
										}
										__eflags = _t323;
										if(_t323 == 0) {
											goto L68;
										} else {
											_t111 = SetFocus(_t323);
										}
									}
								}
							}
							goto L69;
						} else {
							_t280 = _t279 - 0x22;
							if(_t280 == 0) {
								_v28 = __edx[2];
								__eflags = _v28->i - 1;
								if(_v28->i != 1) {
									goto L68;
								} else {
									_t174 = _v8;
									__eflags =  *(_t174 + 0x2a0);
									if( *(_t174 + 0x2a0) == 0) {
										goto L68;
									} else {
										_t315 = E00452548( *((intOrPtr*)(_v8 + 0x2a0)), 0,  *((intOrPtr*)(_v28 + 8)));
										__eflags = _t315;
										if(_t315 == 0) {
											goto L68;
										} else {
											_v16 = L00431848(0, 1);
											_push(_t326);
											_push(0x473ac7);
											_push( *[fs:eax]);
											 *[fs:eax] = _t329;
											_v12 = SaveDC( *(_v28 + 0x18));
											_push(_t326);
											_push(0x473aaa);
											_push( *[fs:eax]);
											 *[fs:eax] = _t329;
											E004325DC(_v16,  *(_v28 + 0x18));
											E00432470(_v16);
											L00453DE8(_t315, _v28 + 0x1c, _v16,  *(_v28 + 0x10) & 0x0000ffff);
											_pop(_t286);
											 *[fs:eax] = _t286;
											_push(0x473ab1);
											__eflags = 0;
											E004325DC(_v16, 0);
											return RestoreDC( *(_v28 + 0x18), _v12);
										}
									}
								}
							} else {
								_t288 = _t280 - 1;
								if(_t288 == 0) {
									_t324 = __edx[2];
									__eflags = _t324->i - 1;
									if(_t324->i != 1) {
										goto L68;
									} else {
										_t204 = _v8;
										__eflags =  *(_t204 + 0x2a0);
										if( *(_t204 + 0x2a0) == 0) {
											goto L68;
										} else {
											_t316 = E00452548( *((intOrPtr*)(_v8 + 0x2a0)), 0,  *((intOrPtr*)(_t324 + 8)));
											__eflags = _t316;
											if(_t316 == 0) {
												goto L68;
											} else {
												_v20 = GetWindowDC(L00463A10(_v8));
												 *[fs:eax] = _t329;
												_v16 = L00431848(0, 1);
												 *[fs:eax] = _t329;
												_v12 = SaveDC(_v20);
												 *[fs:eax] = _t329;
												E004325DC(_v16, _v20);
												E00432470(_v16);
												 *((intOrPtr*)(_t316->i + 0x38))(_t324 + 0x10,  *[fs:eax], 0x473bb1, _t326,  *[fs:eax], 0x473bce, _t326,  *[fs:eax], 0x473bf5, _t326);
												_pop(_t294);
												 *[fs:eax] = _t294;
												_push(0x473bb8);
												__eflags = 0;
												E004325DC(_v16, 0);
												return RestoreDC(_v20, _v12);
											}
										}
									}
								} else {
									if(_t288 == 0x1a) {
										_t232 = _v8;
										__eflags = ( *0x473c9c & 0x0000ffff) - ( *(_t232 + 0x1c) & 0x0000ffff &  *0x473c98);
										if(( *0x473c9c & 0x0000ffff) == ( *(_t232 + 0x1c) & 0x0000ffff &  *0x473c98)) {
											_t235 = __edx[2];
											_t298 = _v8;
											__eflags = ( *(_t298 + 0x288) & 0x000000ff) - 0xffffffffffffffff;
											if(( *(_t298 + 0x288) & 0x000000ff) - 0xffffffffffffffff < 0) {
												_t310 = _v8;
												__eflags =  *((char*)(_t310 + 0x283)) - 2;
												if( *((char*)(_t310 + 0x283)) != 2) {
													_t311 = _t235;
													_t44 = _t311 + 0x18;
													 *_t44 =  *(_t311 + 0x18) | 0x00000002;
													__eflags =  *_t44;
												}
											}
											_t304 = ( *(_v8 + 0x288) & 0x000000ff) - 1;
											__eflags = _t304;
											if(_t304 == 0) {
												L54:
												_t307 = ( *(_v8 + 0x281) & 0x000000ff) - 2;
												__eflags = _t307;
												if(_t307 == 0) {
													L56:
													 *(_t235 + 0x18) =  *(_t235 + 0x18) | 0x00000001;
												} else {
													__eflags = _t307 == 3;
													if(_t307 == 3) {
														goto L56;
													}
												}
											} else {
												__eflags = _t304 == 2;
												if(_t304 == 2) {
													goto L54;
												}
											}
										}
									} else {
										L66:
										_t336 = _t111 -  *0x50b188; // 0xc075
										if(_t336 == 0) {
											E0045C458(_v8, 0, 0xb025, 0);
											E0045C458(_v8, 0, 0xb024, 0);
											E0045C458(_v8, 0, 0xb035, 0);
											E0045C458(_v8, 0, 0xb009, 0);
											E0045C458(_v8, 0, 0xb008, 0);
											E0045C458(_v8, 0, 0xb03d, 0);
											E0045C458(_v8, 0, 0xb050, 0);
										}
									}
									L68:
									_t111 = E00460848(_v8, _t237); // executed
									L69:
									return _t111;
								}
							}
						}
					}
				}
			}

0x004736f9
0x004736fb
0x00473701
0x00473703
0x00473706
0x00473708
0x0047370a
0x00473710
0x00473744
0x00473744
0x00473747
0x00473c01
0x0047374d
0x0047374d
0x0047374d
0x00473753
0x00473933
0x0047393a
0x00473947
0x00473947
0x00473759
0x00473759
0x00473759
0x0047375a
0x00473912
0x00473919
0x00473926
0x00473926
0x00473760
0x00473760
0x00473763
0x0047387b
0x0047387e
0x00473893
0x00473893
0x00473895
0x00000000
0x00000000
0x00473897
0x00473899
0x00473889
0x00473891
0x00000000
0x00473891
0x00000000
0x00473899
0x0047389b
0x0047389d
0x004738ac
0x004738ae
0x004738b1
0x004738b7
0x004738c7
0x004738c7
0x004738c9
0x004738cf
0x004738d2
0x004738e2
0x004738e2
0x004738e8
0x004738ea
0x004738ec
0x004738ee
0x004738f2
0x004738f9
0x004738f9
0x004738ee
0x00473904
0x004738d4
0x004738d4
0x004738d9
0x004738dc
0x00000000
0x00000000
0x004738dc
0x004738d2
0x004738b9
0x004738b9
0x004738be
0x004738c1
0x00000000
0x00000000
0x004738c1
0x004738b7
0x00473769
0x00000000
0x00473769
0x00473763
0x0047375a
0x00473753
0x00000000
0x00473712
0x00473712
0x00473776
0x0047377b
0x0047379f
0x0047379f
0x004737a7
0x004737aa
0x00000000
0x004737b0
0x004737b0
0x004737b5
0x004737bc
0x00000000
0x004737c2
0x004737c2
0x004737d0
0x004737d5
0x004737d8
0x004737db
0x004737e3
0x004737e8
0x004737ec
0x004737f2
0x004737f7
0x004737f7
0x004737ec
0x004737bc
0x0047377d
0x00473785
0x0047378a
0x00000000
0x00473790
0x00473790
0x00473795
0x00473799
0x00000000
0x00000000
0x00000000
0x00000000
0x00473799
0x0047378a
0x00000000
0x00473714
0x00473717
0x0047371a
0x00473801
0x00473808
0x0047380e
0x00473811
0x00000000
0x00473817
0x00473817
0x0047381a
0x0047381e
0x00000000
0x00473824
0x00473824
0x00473826
0x00473829
0x00473830
0x00473852
0x00473858
0x0047385a
0x0047385c
0x0047385f
0x00473866
0x00473866
0x0047385f
0x00473832
0x00473835
0x0047383a
0x0047383c
0x0047384b
0x0047384b
0x0047383c
0x00473868
0x0047386a
0x00000000
0x00473870
0x00473871
0x00473871
0x0047386a
0x0047381e
0x00473811
0x00000000
0x00473720
0x00473720
0x00473723
0x004739d0
0x004739d6
0x004739d9
0x00000000
0x004739df
0x004739df
0x004739e2
0x004739e9
0x00000000
0x004739ef
0x00473a05
0x00473a07
0x00473a09
0x00000000
0x00473a0f
0x00473a1b
0x00473a20
0x00473a21
0x00473a26
0x00473a29
0x00473a38
0x00473a3d
0x00473a3e
0x00473a43
0x00473a46
0x00473a52
0x00473a65
0x00473a7d
0x00473a84
0x00473a87
0x00473a8a
0x00473a8f
0x00473a94
0x00473aa9
0x00473aa9
0x00473a09
0x004739e9
0x00473729
0x00473729
0x0047372a
0x00473ace
0x00473ad1
0x00473ad4
0x00000000
0x00473ada
0x00473ada
0x00473add
0x00473ae4
0x00000000
0x00473aea
0x00473afd
0x00473aff
0x00473b01
0x00000000
0x00473b07
0x00473b15
0x00473b23
0x00473b32
0x00473b40
0x00473b4c
0x00473b5a
0x00473b63
0x00473b76
0x00473b89
0x00473b8e
0x00473b91
0x00473b94
0x00473b99
0x00473b9e
0x00473bb0
0x00473bb0
0x00473b01
0x00473ae4
0x00473730
0x00473733
0x00473951
0x00473966
0x00473969
0x0047396f
0x00473972
0x0047397d
0x00473980
0x00473982
0x00473985
0x0047398c
0x0047398e
0x00473990
0x00473990
0x00473990
0x00473990
0x0047398c
0x0047399e
0x0047399e
0x004739a1
0x004739ac
0x004739b6
0x004739b6
0x004739b9
0x004739c4
0x004739c4
0x004739bb
0x004739bb
0x004739be
0x00000000
0x00000000
0x004739be
0x004739a3
0x004739a3
0x004739a6
0x00000000
0x00000000
0x004739a6
0x004739a1
0x00473739
0x00473c08
0x00473c08
0x00473c0e
0x00473c1c
0x00473c2d
0x00473c3e
0x00473c4f
0x00473c60
0x00473c71
0x00473c82
0x00473c82
0x00473c0e
0x00473c87
0x00473c8c
0x00473c91
0x00473c97
0x00473c97
0x0047372a
0x00473723
0x0047371a
0x00473712

APIs

IsIconic.USER32(00000000), ref: 004737D0
SetFocus.USER32(00000000), ref: 00473871
SaveDC.GDI32(?), ref: 00473A33
RestoreDC.GDI32(?,?), ref: 00473AA4
GetWindowDC.USER32(00000000), ref: 00473B10
SaveDC.GDI32(?), ref: 00473B47
RestoreDC.GDI32(?,?), ref: 00473BAB

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: RestoreSave$FocusIconicWindow
String ID:
API String ID: 1400084646-0
Opcode ID: 9802a62c35b454d1a20b4831adc35584bce121d19a987b877a80d978b65b5a1a
Instruction ID: 99e17f549cdb5917a778106b727c30c82aaf18a9347542855764466411fd1eb0
Opcode Fuzzy Hash: 9802a62c35b454d1a20b4831adc35584bce121d19a987b877a80d978b65b5a1a
Instruction Fuzzy Hash: 93E1B271A00144DFDB11EF69C486AEEB3F1AB45305F1580AAF408AB752DB38DF44EB58

Uniqueness

Uniqueness Score: -1.00%

Function 00470AAC, Relevance: 12.1, APIs: 8, Instructions: 71
windowCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E00470AAC(struct HWND__* __eax, signed char __ecx, void* __edx) {
				signed int _v14;
				signed int _v15;
				int _t11;
				int _t13;
				int _t15;
				void* _t23;
				signed int _t27;
				struct HWND__* _t30;
				signed char* _t31;

				_push(__ecx);
				 *_t31 = __ecx;
				_t23 = __edx;
				_t30 = __eax;
				_t11 = GetWindowLongW(__eax, 0xffffffec);
				_t27 = _t11;
				if(_t23 == 0 || (_t27 & 0x00040000) != 0) {
					if(_t23 != 0) {
						goto L14;
					}
					_t11 = _t27 & 0x00040000;
					if(_t11 != 0x40000) {
						goto L14;
					}
					goto L4;
				} else {
					L4:
					_t13 = IsIconic(_t30);
					asm("sbb eax, eax");
					_v14 = _t13 + 1;
					_t15 = IsWindowVisible(_t30);
					asm("sbb eax, eax");
					_v15 = _t15 + 1;
					if((_v15 & 0x000000ff | _v14) != 0) {
						ShowWindow(_t30, 0); // executed
					}
					if(_t23 == 0) {
						SetWindowLongW(_t30, 0xffffffec, _t27 & 0xfffbffff);
					} else {
						SetWindowLongW(_t30, 0xffffffec, _t27 | 0x00040000);
					}
					_t11 =  *_t31 & 0x000000ff & _v15;
					if(_t11 != 0 || _v14 != 0) {
						if(_v14 == 0) {
							_t11 = ShowWindow(_t30, 5); // executed
						} else {
							_t11 = ShowWindow(_t30, 6);
						}
					}
					L14:
					return _t11;
				}
			}

0x00470aaf
0x00470ab0
0x00470ab3
0x00470ab5
0x00470aba
0x00470abf
0x00470ac3
0x00470acf
0x00000000
0x00000000
0x00470ad7
0x00470ae1
0x00000000
0x00000000
0x00000000
0x00470ae7
0x00470ae7
0x00470ae8
0x00470af0
0x00470af3
0x00470af8
0x00470b00
0x00470b03
0x00470b10
0x00470b15
0x00470b15
0x00470b1c
0x00470b39
0x00470b1e
0x00470b28
0x00470b28
0x00470b42
0x00470b46
0x00470b54
0x00470b63
0x00470b56
0x00470b59
0x00470b59
0x00470b54
0x00470b68
0x00470b6c
0x00470b6c

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00470ABA
IsIconic.USER32(?), ref: 00470AE8
IsWindowVisible.USER32(?), ref: 00470AF8
ShowWindow.USER32(?,00000000,?,?,?,000000EC,00000000,?,?,?,0047C5E9,?,?), ref: 00470B15
SetWindowLongW.USER32 ref: 00470B28
SetWindowLongW.USER32 ref: 00470B39
ShowWindow.USER32(?,00000006,?,000000EC,00000000,?,?,?,000000EC,00000000,?,?,?,0047C5E9,?,?), ref: 00470B59
ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,?,?,000000EC,00000000,?,?,?,0047C5E9,?,?), ref: 00470B63

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$LongShow$IconicVisible
String ID:
API String ID: 3484284227-0
Opcode ID: e5bb252052c3827ce0eb22ee7d105633cbd16a1b31010b5b68aa5c162d411533
Instruction ID: 0663f641c79fd0f2b1ef215e53694840f19cf8e665cc319dda5b02ef108d7702
Opcode Fuzzy Hash: e5bb252052c3827ce0eb22ee7d105633cbd16a1b31010b5b68aa5c162d411533
Instruction Fuzzy Hash: CB11860154F790B4D62266664C02FEF5A944FD3319F18862BF5D8A12C3C23D9A45C16F

Uniqueness

Uniqueness Score: -1.00%

Function 004A1A3C, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E004A1A3C(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v33;
				char _v40;
				char _v44;
				intOrPtr _t69;
				char _t79;
				struct HINSTANCE__* _t109;
				intOrPtr* _t129;
				struct HINSTANCE__* _t130;
				void* _t135;
				intOrPtr _t160;
				intOrPtr _t173;
				struct HINSTANCE__* _t175;
				intOrPtr _t177;
				intOrPtr _t178;

				_t177 = _t178;
				_t135 = 5;
				do {
					_push(0);
					_push(0);
					_t135 = _t135 - 1;
				} while (_t135 != 0);
				_v28 = __edx;
				_v24 = __eax;
				_push(_t177);
				_push(0x4a1c86);
				 *[fs:eax] = _t178;
				L0040532C( &_v8,  *((intOrPtr*)(_v28 + 0x18)),  *[fs:eax]);
				L00405B30( &_v8, 4, 1);
				L00405ACC(_v8, L00405BEC(0x4a1ca4, _v8) - 1, 1,  &_v12);
				_t69 = _v12;
				if(_t69 != 0) {
					_t69 =  *((intOrPtr*)(_t69 - 4));
				}
				L00405B30( &_v8, _t69 + 1, 1);
				_t173 = E00482A28(_v12);
				L00405ACC(_v8, L00405BEC(0x4a1ca4, _v8) - 1, 1,  &_v16);
				_t79 = _v16;
				if(_t79 != 0) {
					_t79 =  *((intOrPtr*)(_t79 - 4));
				}
				L00405B30( &_v8, _t79 + 1, 1);
				asm("sbb eax, eax");
				_v33 = _v8 + 1;
				_v32 = 0x7fffffff;
				_t175 = 0;
				do {
					_t129 = L00493F10(_v24,  &_v32, 0x4a1a20);
					if(_t129 != 0) {
						goto L19;
					}
					if(_v12 != 0) {
						L00405ACC(_v12, 6, 1,  &_v40);
						L00405A34(_v40, _t129, "<utf8>");
						if(__eflags != 0) {
							E0040665C( &_v20, _v12);
						} else {
							L00405ACC(_v12, 0x7fffffff, 7,  &_v44);
							E00408BDC(_v44, _t129,  &_v20, _t175);
						}
						__eflags = _v33;
						if(_v33 == 0) {
							_t109 = LoadLibraryW(E004064D4(_v20)); // executed
							_t175 = _t109;
						} else {
							_t175 = LoadLibraryExW(E004064D4(_v20), 0, 8);
						}
						__eflags = _t175;
						if(_t175 != 0) {
							_t129 = L0040766C();
							 *_t129 = _t173;
							_t43 = _t129 + 4; // 0x4
							L004052D0(_t43, _v12);
							 *(_t129 + 8) = _t175;
							L00493E7C(_v24, _t129, 0x4a1a20);
							goto L19;
						} else {
							 *((intOrPtr*)(_v28 + 0xc)) = 1;
							L26:
							_pop(_t160);
							 *[fs:eax] = _t160;
							_push(0x4a1c8d);
							L004052A0( &_v44, 2);
							L00406438( &_v20);
							return L004052A0( &_v16, 3);
						}
					}
					 *((intOrPtr*)(_v28 + 0xc)) = 1;
					goto L26;
					L19:
					__eflags = _t173 -  *_t129;
					if(_t173 ==  *_t129) {
						L00405A34( *((intOrPtr*)(_t129 + 4)), _t129, _v12);
						if(__eflags == 0) {
							_t175 =  *(_t129 + 8);
						}
					}
					__eflags = _t175;
				} while (_t175 == 0);
				_t130 = GetProcAddress(_t175, L00405A4C(_v16));
				 *(_v28 + 8) = _t130;
				__eflags = _t130;
				if(_t130 == 0) {
					 *((intOrPtr*)(_v28 + 0xc)) = 1;
				}
				goto L26;
			}

0x004a1a3d
0x004a1a3f
0x004a1a44
0x004a1a44
0x004a1a46
0x004a1a48
0x004a1a48
0x004a1a4e
0x004a1a51
0x004a1a56
0x004a1a57
0x004a1a5f
0x004a1a6b
0x004a1a7d
0x004a1a9e
0x004a1aa3
0x004a1aa8
0x004a1aad
0x004a1aad
0x004a1aba
0x004a1ac7
0x004a1ae5
0x004a1aea
0x004a1aef
0x004a1af4
0x004a1af4
0x004a1b01
0x004a1b0d
0x004a1b10
0x004a1b13
0x004a1b1a
0x004a1b1c
0x004a1b2c
0x004a1b30
0x00000000
0x00000000
0x004a1b3a
0x004a1b5e
0x004a1b6b
0x004a1b70
0x004a1b9b
0x004a1b72
0x004a1b83
0x004a1b8e
0x004a1b8e
0x004a1ba0
0x004a1ba4
0x004a1bc5
0x004a1bca
0x004a1ba6
0x004a1bb8
0x004a1bb8
0x004a1bcc
0x004a1bce
0x004a1bee
0x004a1bf0
0x004a1bf2
0x004a1bf8
0x004a1bfd
0x004a1c0a
0x00000000
0x004a1bd0
0x004a1bd3
0x004a1c56
0x004a1c58
0x004a1c5b
0x004a1c5e
0x004a1c6b
0x004a1c73
0x004a1c85
0x004a1c85
0x004a1bce
0x004a1b3f
0x00000000
0x004a1c0f
0x004a1c0f
0x004a1c11
0x004a1c19
0x004a1c1e
0x004a1c20
0x004a1c20
0x004a1c1e
0x004a1c23
0x004a1c23
0x004a1c3a
0x004a1c3f
0x004a1c42
0x004a1c44
0x004a1c49
0x004a1c50
0x00000000

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000008,?,?,?,00000000,004A1C86,?,?,?,?,00000000,00000000), ref: 004A1BB3
LoadLibraryW.KERNEL32(00000000,?,?,?,00000000,004A1C86,?,?,?,?,00000000,00000000), ref: 004A1BC5
GetProcAddress.KERNEL32(00000000,00000000), ref: 004A1C35

Strings

<utf8>, xrefs: 004A1B66

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LibraryLoad$AddressProc
String ID: <utf8>
API String ID: 1469910268-2377197763
Opcode ID: 019a9a8c7a3edb55c4e1821748db14bdedc563d7920535a033bf1784adf138a5
Instruction ID: 6d6b1b89222b3d5005054f689de362d71fe02d1583d406a5c703ad6b3b819fe0
Opcode Fuzzy Hash: 019a9a8c7a3edb55c4e1821748db14bdedc563d7920535a033bf1784adf138a5
Instruction Fuzzy Hash: C4616B70A001099FDB00EBA5C485B9FB7F5EF59318F54817AE404AB3A6DA78AE418B58

Uniqueness

Uniqueness Score: -1.00%

Function 0045C584, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 203
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0045C584(intOrPtr* __eax, signed int* __edx) {
				intOrPtr _v12;
				short _v14;
				char _v16;
				signed int _v20;
				signed int _v24;
				char _v25;
				char _v281;
				signed int _t62;
				signed int _t63;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				signed int _t87;
				signed int _t88;
				void* _t93;
				signed int* _t99;
				signed int* _t100;
				signed int _t109;
				intOrPtr* _t121;

				_t99 = __edx;
				_t121 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0) {
					L4:
					_t62 =  *_t99;
					if(_t62 < 0x100 || _t62 > 0x109) {
						_t63 =  *_t99;
						__eflags = _t63 - 0x200;
						if(_t63 < 0x200) {
							L41:
							__eflags = _t63 - 0xb00b;
							if(_t63 == 0xb00b) {
								E0045AC7C(_t121, _t99[1], _t63, _t99[2]);
							}
							goto L43;
						}
						__eflags = _t63 - 0x20a;
						if(_t63 > 0x20a) {
							goto L41;
						}
						__eflags =  *(_t121 + 0x50) & 0x00000080;
						if(( *(_t121 + 0x50) & 0x00000080) != 0) {
							L16:
							_t69 =  *_t99 + 0xfffffe00;
							__eflags = _t69 - 7;
							if(__eflags > 0) {
								L37:
								_t70 =  *0x50b0d8;
								__eflags =  *((char*)(_t70 + 0x20));
								if( *((char*)(_t70 + 0x20)) == 0) {
									goto L43;
								}
								_t71 =  *0x50b0d8; // 0x2603580
								__eflags =  *(_t71 + 0x1c);
								if( *(_t71 + 0x1c) == 0) {
									goto L43;
								}
								_t109 =  *0x50b0d8; // 0x2603580
								__eflags =  *_t99 -  *((intOrPtr*)(_t109 + 0x1c));
								if( *_t99 !=  *((intOrPtr*)(_t109 + 0x1c))) {
									goto L43;
								}
								GetKeyboardState( &_v281);
								_v20 =  *_t99;
								_v16 = E00470FA8( &_v281);
								_v14 = _t99[1] & 0x0000ffff;
								_v12 = L00409190(_t99[2] & 0x0000ffff, _t100, _t99[2] >> 0x10);
								return E004042A8(_t121, __eflags);
							}
							switch( *((intOrPtr*)(_t69 * 4 +  &M0045C65D))) {
								case 0:
									_t84 =  *0x504e38; // 0x50b17c
									L0047D3DC( *_t84, _t99, _t121, _t123, __eflags);
									goto L43;
								case 1:
									__eflags =  *((char*)(__esi + 0x5d)) - 1;
									if(__eflags != 0) {
										 *(__esi + 0x54) =  *(__esi + 0x54) | 0x00000001;
										goto L43;
									}
									__eax = __esi;
									return E004042A8(__esi, __eflags);
								case 2:
									 *(__esi + 0x54) =  *(__esi + 0x54) & 0x0000fffe;
									goto L43;
								case 3:
									goto L37;
								case 4:
									__eflags =  *(__esi + 0x52) & 0x00000008;
									if(( *(__esi + 0x52) & 0x00000008) == 0) {
										goto L43;
									}
									__eax =  *0x45c860 & 0x0000ffff;
									__ax = __ax &  *(__esi + 0x54);
									__edx =  *0x45c864 & 0x0000ffff;
									__eflags = __dx - __ax;
									if(__dx != __ax) {
										goto L43;
									}
									__eax =  *0x50b0d8; // 0x2603580
									__eax = E00468FE0(__eax);
									__eflags = __al;
									if(__al == 0) {
										__eax =  *0x50b0d8; // 0x2603580
										__eax = E00468F60(__eax);
										_v25 = 0;
										__eax =  *0x50b0d8; // 0x2603580
										__edi =  *(__eax + 0x28);
										__eflags = __edi;
										if(__edi != 0) {
											__eax = __esi;
											__edx =  *0x4561d8; // 0x456230
											__eax = E00404238(__esi, __edx);
											__eflags = __al;
											if(__al == 0) {
												__eflags =  *(__esi + 0x30);
												if( *(__esi + 0x30) == 0) {
													__edx = 0;
													__eax = __esi;
													_v24 = E004710A8(__esi);
													__eflags = _v24;
													if(_v24 != 0) {
														__eax = _v24;
														__edx = L00463A10(_v24);
														__eax =  *0x50b0d8; // 0x2603580
														__eax =  *(__eax + 0x28);
														__ecx = __esi;
														__edi =  *__eax;
														__eax =  *((intOrPtr*)( *__eax + 0xe4))();
														_v25 = __al;
													}
												} else {
													__eax =  *(__esi + 0x30);
													__edx = L00463A10( *(__esi + 0x30));
													__eax = __edi;
													__ecx = __esi;
													__eax =  *((intOrPtr*)(__edi + 0xe4))();
													_v25 = __al;
												}
											} else {
												__eax = __esi;
												__edx = L00463A10(__esi);
												__eax = __edi;
												__ecx = __esi;
												__eax =  *((intOrPtr*)(__edi + 0xe4))();
												_v25 = __al;
											}
										}
										__eflags = _v25;
										if(_v25 == 0) {
											__eax =  *0x50b0d8; // 0x2603580
											__eflags =  *(__eax + 0x28);
											if( *(__eax + 0x28) != 0) {
												__edx = 0;
												__eax =  *0x50b0d8; // 0x2603580
												__eax = E004690AC(__eax, 0);
											}
										} else {
											 *((intOrPtr*)(__ebx + 0xc)) = 1;
											__eax =  *0x504e38; // 0x50b17c
											__eax = L0047D524(__eax, __ecx);
										}
									}
									goto L43;
							}
						}
						_t87 = _t63 - 0x203;
						__eflags = _t87;
						if(_t87 == 0) {
							L15:
							 *_t99 =  *_t99 - 2;
							__eflags =  *_t99;
							goto L16;
						}
						_t88 = _t87 - 3;
						__eflags = _t88;
						if(_t88 == 0) {
							goto L15;
						}
						__eflags = _t88 != 3;
						if(_t88 != 3) {
							goto L16;
						}
						goto L15;
					} else {
						_v24 = E004710A8(_t121);
						if(_v24 == 0) {
							L43:
							return  *((intOrPtr*)( *_t121 - 0x14))();
						}
						_t93 =  *((intOrPtr*)( *_v24 + 0x104))();
						if(_t93 != 0) {
							L44:
							return _t93;
						} else {
							goto L43;
						}
					}
				}
				_v24 = E004710A8(__eax);
				if(_v24 != 0 &&  *((intOrPtr*)(_v24 + 0x2a8)) != 0) {
					_t100 = _t99;
					_t93 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x2a8)))) + 0x24))();
					if(_t93 != 0) {
						goto L44;
					}
				}
			}

0x0045c590
0x0045c592
0x0045c598
0x0045c5d2
0x0045c5d2
0x0045c5d9
0x0045c614
0x0045c616
0x0045c61b
0x0045c839
0x0045c839
0x0045c83e
0x0045c84b
0x0045c84b
0x00000000
0x0045c83e
0x0045c621
0x0045c626
0x00000000
0x00000000
0x0045c62c
0x0045c630
0x0045c646
0x0045c648
0x0045c64d
0x0045c650
0x0045c7c8
0x0045c7c8
0x0045c7cd
0x0045c7d1
0x00000000
0x00000000
0x0045c7d3
0x0045c7d8
0x0045c7dc
0x00000000
0x00000000
0x0045c7e0
0x0045c7e6
0x0045c7e9
0x00000000
0x00000000
0x0045c7f2
0x0045c7f9
0x0045c807
0x0045c80e
0x0045c826
0x00000000
0x0045c832
0x0045c656
0x00000000
0x0045c67f
0x0045c688
0x00000000
0x00000000
0x0045c79e
0x0045c7a2
0x0045c7b4
0x00000000
0x0045c7b4
0x0045c7a4
0x00000000
0x00000000
0x0045c7be
0x00000000
0x00000000
0x00000000
0x00000000
0x0045c692
0x0045c696
0x00000000
0x00000000
0x0045c69c
0x0045c6a3
0x0045c6a7
0x0045c6ae
0x0045c6b1
0x00000000
0x00000000
0x0045c6b7
0x0045c6bc
0x0045c6c1
0x0045c6c3
0x0045c6c9
0x0045c6ce
0x0045c6d3
0x0045c6d7
0x0045c6dc
0x0045c6df
0x0045c6e1
0x0045c6e3
0x0045c6e5
0x0045c6eb
0x0045c6f0
0x0045c6f2
0x0045c70e
0x0045c712
0x0045c72f
0x0045c731
0x0045c738
0x0045c73b
0x0045c73f
0x0045c741
0x0045c749
0x0045c74b
0x0045c750
0x0045c753
0x0045c755
0x0045c757
0x0045c75d
0x0045c75d
0x0045c714
0x0045c714
0x0045c71c
0x0045c71e
0x0045c720
0x0045c724
0x0045c72a
0x0045c72a
0x0045c6f4
0x0045c6f4
0x0045c6fb
0x0045c6fd
0x0045c6ff
0x0045c703
0x0045c709
0x0045c709
0x0045c6f2
0x0045c760
0x0045c764
0x0045c77e
0x0045c783
0x0045c787
0x0045c78d
0x0045c78f
0x0045c794
0x0045c794
0x0045c766
0x0045c766
0x0045c76d
0x0045c774
0x0045c774
0x0045c764
0x00000000
0x00000000
0x0045c656
0x0045c632
0x0045c632
0x0045c637
0x0045c643
0x0045c643
0x0045c643
0x00000000
0x0045c643
0x0045c639
0x0045c639
0x0045c63c
0x00000000
0x00000000
0x0045c63e
0x0045c641
0x00000000
0x00000000
0x00000000
0x0045c5e2
0x0045c5eb
0x0045c5f2
0x0045c850
0x00000000
0x0045c856
0x0045c601
0x0045c609
0x0045c85f
0x0045c85f
0x0045c60f
0x00000000
0x0045c60f
0x0045c609
0x0045c5d9
0x0045c5a3
0x0045c5aa
0x0045c5b8
0x0045c5c7
0x0045c5cc
0x00000000
0x00000000
0x0045c5cc

Strings

0bE, xrefs: 0045C6E5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID: 0bE
API String ID: 0-2320990392
Opcode ID: 63d263fffbbd25b6d1895130179b8056985af304b6c16d13ea4698ee5f53c0aa
Instruction ID: c4681dd61e4fb1f14eeb39d814ec3ec5ab6ecb4a9d3bf7d1bb4788cbae046c2f
Opcode Fuzzy Hash: 63d263fffbbd25b6d1895130179b8056985af304b6c16d13ea4698ee5f53c0aa
Instruction Fuzzy Hash: B481A2346007559FC710EB29C4C87AB77E1AF49706F14416BE845973A2C7B8DD8DCB8A

Uniqueness

Uniqueness Score: -1.00%

Function 004CC238, Relevance: 3.1, APIs: 2, Instructions: 52
comCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E004CC238(void* __ebx) {
				void* _v8;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr* _t22;
				intOrPtr* _t25;
				intOrPtr _t34;
				intOrPtr _t38;

				_push(0);
				_push(_t38);
				_push(0x4cc2ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t38;
				if( *0x50bd00 != 0) {
					L6:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(E004CC2D5);
					return E0040880C( &_v8);
				}
				if(GetVersion() >= 0x601) {
					_push(E0040880C( &_v8));
					_t20 =  *0x505060; // 0x504404
					_push(_t20);
					_push(1);
					_push(0);
					_t21 =  *0x504b34; // 0x5043f4
					_push(_t21); // executed
					L004150D4(); // executed
					if(_t21 == 0) {
						_t22 = _v8;
						_push(_t22);
						if( *((intOrPtr*)( *_t22 + 0xc))() == 0) {
							_t25 = _v8;
							 *((intOrPtr*)( *_t25 + 4))(_t25);
							E00408824(0x50bd04, _v8);
						}
					}
				}
				 *0x50bd00 = 1;
				goto L6;
			}

0x004cc23b
0x004cc240
0x004cc241
0x004cc246
0x004cc249
0x004cc253
0x004cc2ae
0x004cc2ba
0x004cc2bd
0x004cc2c0
0x004cc2cd
0x004cc2cd
0x004cc260
0x004cc26a
0x004cc26b
0x004cc270
0x004cc271
0x004cc273
0x004cc275
0x004cc27a
0x004cc27b
0x004cc282
0x004cc284
0x004cc287
0x004cc28f
0x004cc291
0x004cc297
0x004cc2a2
0x004cc2a2
0x004cc28f
0x004cc282
0x004cc2a7
0x00000000

APIs

GetVersion.KERNEL32(00000000,004CC2CE,?,90040302,00000000,?,004CC2E4,00000002,004CC527), ref: 004CC255
CoCreateInstance.OLE32(005043F4,00000000,00000001,00504404,00000000,00000000,004CC2CE,?,90040302,00000000,?,004CC2E4,00000002,004CC527), ref: 004CC27B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateInstanceVersion
String ID:
API String ID: 1462612201-0
Opcode ID: 5a8272a58d779a9ff3e59e3225e9fe670217fcd39215f7047cd38be8f1673ff7
Instruction ID: 0cbb7ac2259295afb7b051eb659837b379e3d7c8e3a609428212a0dba58409b6
Opcode Fuzzy Hash: 5a8272a58d779a9ff3e59e3225e9fe670217fcd39215f7047cd38be8f1673ff7
Instruction Fuzzy Hash: 29112276600208AFEB50EBA5CD85F5EB7E8EB04704F9140BAF504D72A1CB789D04DB28

Uniqueness

Uniqueness Score: -1.00%

Function 004AD294, Relevance: 3.0, APIs: 2, Instructions: 45
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E004AD294(void* __eax, struct _WIN32_FIND_DATAW* __ecx, void* __edx, void* __eflags) {
				void* _v8;
				char _v16;
				long _v20;
				void* _t13;
				intOrPtr _t27;
				void* _t35;
				void* _t37;
				intOrPtr _t38;

				_t35 = _t37;
				_t38 = _t37 + 0xfffffff0;
				if(E004ACF58(__eax,  &_v16) != 0) {
					_push(_t35);
					_push(0x4ad2f7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t38;
					_t13 = FindFirstFileW(E004064D4(__edx), __ecx); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x4ad2fe);
					return E004ACF94( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}

0x004ad295
0x004ad297
0x004ad2af
0x004ad2bc
0x004ad2bd
0x004ad2c2
0x004ad2c5
0x004ad2d1
0x004ad2d6
0x004ad2de
0x004ad2e3
0x004ad2e6
0x004ad2e9
0x004ad2f6
0x004ad2b1
0x004ad2b1
0x004ad310
0x004ad310

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,004AD2F7,?,00000000,?), ref: 004AD2D1
GetLastError.KERNEL32(00000000,?,00000000,004AD2F7,?,00000000,?), ref: 004AD2D9

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFileFindFirstLast
String ID:
API String ID: 873889042-0
Opcode ID: c3989025904623eb7fb7b3387c10b1aa8a3ac9527e43e2b9db8540afddc07d10
Instruction ID: 78257613f464c8d49f4cf456e1dc99373cdef011849c960ad9d6e2ab1376e905
Opcode Fuzzy Hash: c3989025904623eb7fb7b3387c10b1aa8a3ac9527e43e2b9db8540afddc07d10
Instruction Fuzzy Hash: A6F0F932E042086FCB11DB6A9C4149EB7A8DB5A324B5146BBF814E36C1DA798D118198

Uniqueness

Uniqueness Score: -1.00%

Function 00480E38, Relevance: 3.0, APIs: 2, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00480E38(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				void* _t17;
				void* _t18;
				intOrPtr _t19;

				_t18 = __eax;
				InitializeSecurityDescriptor( &_v36, 1);
				SetSecurityDescriptorDacl( &_v36, 0xffffffff, 0, 0);
				_v16 = 0xc;
				_v12 = _t19;
				_v8 = 0;
				_t17 = E00409458( &_v16, 0, E004064D4(_t18)); // executed
				return _t17;
			}

0x00480e3c
0x00480e45
0x00480e55
0x00480e5a
0x00480e64
0x00480e6a
0x00480e7d
0x00480e86

APIs

InitializeSecurityDescriptor.ADVAPI32(00000001,00000001), ref: 00480E45
SetSecurityDescriptorDacl.ADVAPI32(00000000,000000FF,00000000,00000000,00000001,00000001), ref: 00480E55

Part of subcall function 00409458: CreateMutexW.KERNEL32(?,00000001,00000000,?,004FE333,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668,?,?,00000000,?), ref: 0040946E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DescriptorSecurity$CreateDaclInitializeMutex
String ID:
API String ID: 3525989157-0
Opcode ID: ac443057a34a1e1204e1bfa66c1bf4c72fe0752d00f50cfc522b1fcf76fc45ae
Instruction ID: bfdd17de1d08f15f1eb1e8bd115aa5957c8100b125f9989b3268e9b648247d5b
Opcode Fuzzy Hash: ac443057a34a1e1204e1bfa66c1bf4c72fe0752d00f50cfc522b1fcf76fc45ae
Instruction Fuzzy Hash: 18E0E5B1A443006FD700DFB58C42F5A76DC9B84714F11493EB564E62C2E679D90987AA

Uniqueness

Uniqueness Score: -1.00%

Function 00469138, Relevance: 29.8, APIs: 4, Strings: 13, Instructions: 95
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E00469138() {
				int _v8;
				void* __ebx;
				void* __ebp;
				intOrPtr _t4;
				int _t5;
				int _t9;
				intOrPtr _t11;
				intOrPtr _t13;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t44;

				_t42 = _t44;
				_push(_t33);
				_t4 =  *0x505054; // 0x508c54
				if( *((char*)(_t4 + 0xc)) == 0) {
					return _t4;
				} else {
					_t5 = SetErrorMode(0x8000); // executed
					_v8 = _t5;
					_push(_t42);
					_push(0x46929e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t44;
					if( *0x50b138 == 0) {
						_t33 = GetModuleHandleW(L"USER32");
						 *0x50b138 = E00409620(_t31, _t40, _t31, L"WINNLSEnableIME");
					}
					if( *0x503be4 == 0) {
						 *0x503be4 = LoadLibraryW(L"imm32.dll");
						if( *0x503be4 != 0) {
							_t11 =  *0x503be4; // 0x74a30000
							 *0x50b13c = E00409620(_t33, _t40, _t11, L"ImmGetContext");
							_t13 =  *0x503be4; // 0x74a30000
							 *0x50b140 = E00409620(_t33, _t40, _t13, L"ImmReleaseContext");
							_t15 =  *0x503be4; // 0x74a30000
							 *0x50b144 = E00409620(_t33, _t40, _t15, L"ImmGetConversionStatus");
							_t17 =  *0x503be4; // 0x74a30000
							 *0x50b148 = E00409620(_t33, _t40, _t17, L"ImmSetConversionStatus");
							_t19 =  *0x503be4; // 0x74a30000
							 *0x50b14c = E00409620(_t33, _t40, _t19, L"ImmSetOpenStatus");
							_t21 =  *0x503be4; // 0x74a30000
							 *0x50b150 = E00409620(_t33, _t40, _t21, L"ImmSetCompositionWindow");
							_t23 =  *0x503be4; // 0x74a30000
							 *0x50b154 = E00409620(_t33, _t40, _t23, L"ImmSetCompositionFontW");
							_t25 =  *0x503be4; // 0x74a30000
							 *0x50b158 = E00409620(_t33, _t40, _t25, L"ImmGetCompositionStringW");
							_t27 =  *0x503be4; // 0x74a30000
							 *0x50b15c = E00409620(_t33, _t40, _t27, L"ImmIsIME");
							_t29 =  *0x503be4; // 0x74a30000
							 *0x50b160 = E00409620(_t33, _t40, _t29, L"ImmNotifyIME");
						}
					}
					_pop(_t39);
					 *[fs:eax] = _t39;
					_push(0x4692a5);
					_t9 = SetErrorMode(_v8); // executed
					return _t9;
				}
			}

0x00469139
0x0046913c
0x0046913d
0x00469146
0x004692a8
0x0046914c
0x00469151
0x00469156
0x0046915b
0x0046915c
0x00469161
0x00469164
0x0046916e
0x0046917a
0x00469187
0x00469187
0x00469193
0x004691a3
0x004691af
0x004691ba
0x004691c5
0x004691cf
0x004691da
0x004691e4
0x004691ef
0x004691f9
0x00469204
0x0046920e
0x00469219
0x00469223
0x0046922e
0x00469238
0x00469243
0x0046924d
0x00469258
0x00469262
0x0046926d
0x00469277
0x00469282
0x00469282
0x004691af
0x00469289
0x0046928c
0x0046928f
0x00469298
0x0046929d
0x0046929d

APIs

SetErrorMode.KERNEL32(00008000), ref: 00469151
GetModuleHandleW.KERNEL32(USER32,00000000,0046929E,?,00008000), ref: 00469175

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

LoadLibraryW.KERNEL32(imm32.dll,00000000,0046929E,?,00008000), ref: 0046919E
SetErrorMode.KERNEL32(?,004692A5,00008000), ref: 00469298

Strings

ImmGetCompositionStringW, xrefs: 00469248
ImmSetCompositionFontW, xrefs: 00469233
ImmGetContext, xrefs: 004691B5
USER32, xrefs: 00469170
ImmSetOpenStatus, xrefs: 00469209
ImmSetConversionStatus, xrefs: 004691F4
ImmSetCompositionWindow, xrefs: 0046921E
WINNLSEnableIME, xrefs: 0046917C
imm32.dll, xrefs: 00469199
ImmIsIME, xrefs: 0046925D
ImmGetConversionStatus, xrefs: 004691DF
ImmNotifyIME, xrefs: 00469272
ImmReleaseContext, xrefs: 004691CA

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorMode$AddressHandleLibraryLoadModuleProc
String ID: ImmGetCompositionStringW$ImmGetContext$ImmGetConversionStatus$ImmIsIME$ImmNotifyIME$ImmReleaseContext$ImmSetCompositionFontW$ImmSetCompositionWindow$ImmSetConversionStatus$ImmSetOpenStatus$USER32$WINNLSEnableIME$imm32.dll
API String ID: 380357001-1271369619
Opcode ID: 681fa90fda33eb597f5a49be089bb9e143f1bad19961ca01f9c1e750b713a4a0
Instruction ID: a20cdc48d3bf8192737b9d12f2fa3ae1b41f6e2d35867b52f5b2177e1cc57648
Opcode Fuzzy Hash: 681fa90fda33eb597f5a49be089bb9e143f1bad19961ca01f9c1e750b713a4a0
Instruction Fuzzy Hash: 6A314671A44740AEEB05DF66ED96A6E77ACE314708F10082BF400972A2E7BD4D48DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004776A8, Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 474
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E004776A8(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _t163;
				intOrPtr _t167;
				intOrPtr _t169;
				intOrPtr _t170;
				intOrPtr _t171;
				intOrPtr _t175;
				intOrPtr _t180;
				intOrPtr _t182;
				intOrPtr _t183;
				void* _t185;
				struct HWND__* _t186;
				signed int _t196;
				long _t245;
				intOrPtr _t251;
				int _t256;
				intOrPtr _t257;
				intOrPtr _t270;
				intOrPtr _t274;
				signed int _t280;
				signed int _t288;
				signed int _t295;
				void* _t297;
				void* _t299;
				intOrPtr _t310;
				intOrPtr _t314;
				intOrPtr _t318;
				intOrPtr _t319;
				void* _t327;
				void* _t329;
				intOrPtr _t336;
				signed int _t346;
				signed int _t347;
				void* _t349;
				signed int _t353;
				intOrPtr _t357;
				struct HWND__* _t362;
				signed int _t365;
				signed int _t366;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t376;
				signed int _t378;
				signed int _t379;
				void* _t381;
				intOrPtr _t395;
				signed int _t412;
				signed int _t413;
				intOrPtr _t414;
				signed int _t424;
				signed int _t425;
				signed int _t427;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed int _t436;
				signed int _t437;
				void* _t439;
				void* _t440;
				intOrPtr _t441;

				_t439 = _t440;
				_t441 = _t440 + 0xffffffe8;
				_v28 = 0;
				_v8 = __eax;
				_push(_t439);
				_push(0x477d0a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t441;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0 && ( *(_v8 + 0x374) & 0x00000004) != 0) {
					_t357 =  *0x505030; // 0x42e3ec
					E00408D5C(_t357,  &_v28);
					L00411930(_v28, 1);
					E00404A74();
				}
				_t163 =  *0x50b17c; // 0x25b4140
				L0047D2C8(_t163);
				 *(_v8 + 0x374) =  *(_v8 + 0x374) | 0x00000004;
				_push(_t439);
				_push(0x477ced);
				_push( *[fs:edx]);
				 *[fs:edx] = _t441;
				if(( *(_v8 + 0x1c) & 0x00000010) != 0) {
					_t167 = _v8;
					__eflags =  *(_t167 + 0x1c) & 0x00000010;
					if(( *(_t167 + 0x1c) & 0x00000010) != 0) {
						_t170 = _v8;
						__eflags =  *(_t170 + 0x30);
						if( *(_t170 + 0x30) != 0) {
							_t171 = _v8;
							__eflags =  *((char*)(_t171 + 0x1e2));
							if( *((char*)(_t171 + 0x1e2)) != 0) {
								ShowWindow(L00463A10(_v8), 1);
							}
						}
					}
					L88:
					_pop(_t395);
					 *[fs:eax] = _t395;
					_push(0x477cf4);
					_t169 = _v8;
					 *(_t169 + 0x374) =  *(_t169 + 0x374) & 0x000000fb;
					return _t169;
				}
				_t175 = _v8;
				_t445 =  *((char*)(_t175 + 0x1e2));
				if( *((char*)(_t175 + 0x1e2)) == 0) {
					_push(_t439);
					_push(0x477bbf);
					_push( *[fs:eax]);
					 *[fs:eax] = _t441;
					E004042A8(_v8, __eflags);
					 *[fs:eax] = 0;
					_t180 =  *0x50b180; // 0x25c26a0
					__eflags =  *((intOrPtr*)(_t180 + 0x64)) - _v8;
					if( *((intOrPtr*)(_t180 + 0x64)) == _v8) {
						__eflags = 0;
						E004763FC(_v8, 0);
					}
					_t182 = _v8;
					__eflags =  *((char*)(_t182 + 0x287)) - 1;
					if( *((char*)(_t182 + 0x287)) != 1) {
						_t183 = _v8;
						__eflags =  *(_t183 + 0x374) & 0x00000008;
						if(( *(_t183 + 0x374) & 0x00000008) == 0) {
							_t362 = 0;
							_t185 = L00463A10(_v8);
							_t186 = GetActiveWindow();
							__eflags = _t185 - _t186;
							if(_t185 == _t186) {
								_t196 = E00470A2C(L00463A10(_v8));
								__eflags = _t196;
								if(_t196 == 0) {
									_t362 = E00470D5C(L00463A10(_v8));
								}
							}
							__eflags = _t362;
							if(_t362 == 0) {
								ShowWindow(L00463A10(_v8), 0);
							} else {
								SetWindowPos(L00463A10(_v8), 0, 0, 0, 0, 0, 0x97);
								SetActiveWindow(_t362);
							}
						} else {
							SetWindowPos(L00463A10(_v8), 0, 0, 0, 0, 0, 0x97);
						}
					} else {
						 *((intOrPtr*)( *_v8 + 0xb0))();
					}
					goto L88;
				}
				_push(_t439);
				_push(0x477760);
				_push( *[fs:eax]);
				 *[fs:eax] = _t441;
				E004042A8(_v8, _t445);
				 *[fs:eax] = 0;
				if( *(_v8 + 0x288) == 4 ||  *(_v8 + 0x288) == 6 &&  *((char*)(_v8 + 0x287)) == 1) {
					if( *((char*)(_v8 + 0x287)) != 1) {
						E0047A6FC( &_v24);
						_t365 = _v16 - _v24 -  *(_v8 + 0x48);
						__eflags = _t365;
						_t366 = _t365 >> 1;
						if(_t365 < 0) {
							asm("adc ebx, 0x0");
						}
						_t424 = _v12 - _v20 -  *(_v8 + 0x4c);
						__eflags = _t424;
						_t425 = _t424 >> 1;
						if(_t424 < 0) {
							asm("adc esi, 0x0");
						}
					} else {
						_t270 =  *0x50b17c; // 0x25b4140
						_t369 = E0045A9D8( *((intOrPtr*)(_t270 + 0x40))) -  *(_v8 + 0x48);
						_t366 = _t369 >> 1;
						if(_t369 < 0) {
							asm("adc ebx, 0x0");
						}
						_t274 =  *0x50b17c; // 0x25b4140
						_t427 = E0045AA1C( *((intOrPtr*)(_t274 + 0x40))) -  *(_v8 + 0x4c);
						_t425 = _t427 >> 1;
						if(_t427 < 0) {
							asm("adc esi, 0x0");
						}
					}
					if(_t366 < L00479680()) {
						_t366 = L00479680();
					}
					if(_t425 < L00479674()) {
						_t425 = L00479674();
					}
					 *((intOrPtr*)( *_v8 + 0x88))( *(_v8 + 0x4c),  *(_v8 + 0x48));
					if( *((char*)(_v8 + 0x57)) != 0) {
						E00474F48(_v8);
					}
					goto L65;
				} else {
					_t280 =  *(_v8 + 0x288) & 0x000000ff;
					__eflags = _t280 + 0xfa - 2;
					if(_t280 + 0xfa - 2 >= 0) {
						__eflags = _t280 - 5;
						if(_t280 == 5) {
							__eflags =  *((char*)(_v8 + 0x287)) - 1;
							if(__eflags != 0) {
								_t371 = L00479698() >> 1;
								if(__eflags < 0) {
									asm("adc ebx, 0x0");
								}
								_t372 = _t371 + L00479680();
								__eflags = _t372;
								_t288 =  *(_v8 + 0x48) >> 1;
								if(_t372 < 0) {
									asm("adc eax, 0x0");
								}
								_t373 = _t372 - _t288;
								__eflags = _t373;
								_t429 = L0047968C() >> 1;
								if(_t373 < 0) {
									asm("adc esi, 0x0");
								}
								_t430 = _t429 + L00479674();
								__eflags = _t430;
								_t295 =  *(_v8 + 0x4c) >> 1;
								if(_t430 < 0) {
									asm("adc eax, 0x0");
								}
								_t431 = _t430 - _t295;
								__eflags = _t431;
							} else {
								_t310 =  *0x50b17c; // 0x25b4140
								_t376 = E0045A9D8( *((intOrPtr*)(_t310 + 0x40))) -  *(_v8 + 0x48);
								__eflags = _t376;
								_t373 = _t376 >> 1;
								if(_t376 < 0) {
									asm("adc ebx, 0x0");
								}
								_t314 =  *0x50b17c; // 0x25b4140
								_t433 = E0045AA1C( *((intOrPtr*)(_t314 + 0x40))) -  *(_v8 + 0x4c);
								__eflags = _t433;
								_t431 = _t433 >> 1;
								if(_t433 < 0) {
									asm("adc esi, 0x0");
								}
							}
							_t297 = L00479680();
							__eflags = _t373 - _t297;
							if(_t373 < _t297) {
								_t373 = L00479680();
							}
							_t299 = L00479674();
							__eflags = _t431 - _t299;
							if(_t431 < _t299) {
								_t431 = L00479674();
							}
							 *((intOrPtr*)( *_v8 + 0x88))( *(_v8 + 0x4c),  *(_v8 + 0x48));
						}
						L65:
						 *(_v8 + 0x288) = 0;
						if( *((char*)(_v8 + 0x287)) != 1) {
							ShowWindow(L00463A10(_v8),  *(0x503d1c + ( *(_v8 + 0x283) & 0x000000ff) * 4)); // executed
						} else {
							if( *(_v8 + 0x283) != 2) {
								ShowWindow(L00463A10(_v8),  *(0x503d1c + ( *(_v8 + 0x283) & 0x000000ff) * 4));
								_t245 =  *(_v8 + 0x48) |  *(_v8 + 0x4c) << 0x00000010;
								__eflags = _t245;
								CallWindowProcW(0x409bc4, L00463A10(_v8), 5, 0, _t245);
								L0045B370(_v8);
							} else {
								_t256 = L00463A10(_v8);
								_t257 =  *0x50b17c; // 0x25b4140
								SendMessageW( *( *((intOrPtr*)(_t257 + 0x40)) + 0x36c), 0x223, _t256, 0);
								ShowWindow(L00463A10(_v8), 3);
							}
							_t251 =  *0x50b17c; // 0x25b4140
							SendMessageW( *( *((intOrPtr*)(_t251 + 0x40)) + 0x36c), 0x234, 0, 0);
						}
						goto L88;
					}
					_t318 =  *0x50b17c; // 0x25b4140
					_t434 =  *(_t318 + 0x40);
					_t319 = _v8;
					__eflags =  *((char*)(_t319 + 0x288)) - 7;
					if( *((char*)(_t319 + 0x288)) == 7) {
						_t414 =  *0x46f2d0; // 0x46f328
						_t353 = E00404238( *(_v8 + 4), _t414);
						__eflags = _t353;
						if(_t353 != 0) {
							_t434 =  *(_v8 + 4);
						}
					}
					__eflags = _t434;
					if(_t434 == 0) {
						L35:
						_t378 = L00479668() -  *(_v8 + 0x48);
						__eflags = _t378;
						_t379 = _t378 >> 1;
						if(_t378 < 0) {
							asm("adc ebx, 0x0");
						}
						_t436 = L0047965C() -  *(_v8 + 0x4c);
						__eflags = _t436;
						_t437 = _t436 >> 1;
						if(_t436 < 0) {
							asm("adc esi, 0x0");
						}
						goto L39;
					} else {
						__eflags = _t434 - _v8;
						if(_t434 == _v8) {
							goto L35;
						}
						_t381 = E004730DC(_t434);
						_t346 =  *((intOrPtr*)(_t434 + 0x48)) -  *(_v8 + 0x48);
						__eflags = _t346;
						_t347 = _t346 >> 1;
						if(_t346 < 0) {
							asm("adc eax, 0x0");
						}
						_t379 = _t381 + _t347;
						_t349 = E004730FC(_t434);
						_t412 =  *((intOrPtr*)(_t434 + 0x4c)) -  *(_v8 + 0x4c);
						__eflags = _t412;
						_t413 = _t412 >> 1;
						if(_t412 < 0) {
							asm("adc edx, 0x0");
						}
						_t437 = _t349 + _t413;
						L39:
						_t327 = L00479680();
						__eflags = _t379 - _t327;
						if(_t379 < _t327) {
							_t379 = L00479680();
						}
						_t329 = L00479674();
						__eflags = _t437 - _t329;
						if(_t437 < _t329) {
							_t437 = L00479674();
						}
						 *((intOrPtr*)( *_v8 + 0x88))( *(_v8 + 0x4c),  *(_v8 + 0x48));
						_t336 = _v8;
						__eflags =  *((char*)(_t336 + 0x57));
						if( *((char*)(_t336 + 0x57)) != 0) {
							E00474F48(_v8);
						}
						goto L65;
					}
				}
			}

0x004776a9
0x004776ab
0x004776b3
0x004776b6
0x004776bb
0x004776bc
0x004776c1
0x004776c4
0x004776ce
0x004776df
0x004776e4
0x004776f3
0x004776f8
0x004776f8
0x004776fd
0x00477702
0x0047770a
0x00477713
0x00477714
0x00477719
0x0047771c
0x00477726
0x00477ca7
0x00477caa
0x00477cae
0x00477cb0
0x00477cb3
0x00477cb7
0x00477cb9
0x00477cbc
0x00477cc3
0x00477cd0
0x00477cd0
0x00477cc3
0x00477cb7
0x00477cd5
0x00477cd7
0x00477cda
0x00477cdd
0x00477ce2
0x00477ce5
0x00477cec
0x00477cec
0x0047772c
0x0047772f
0x00477736
0x00477b9d
0x00477b9e
0x00477ba3
0x00477ba6
0x00477bb0
0x00477bba
0x00477bd6
0x00477bde
0x00477be1
0x00477be3
0x00477be8
0x00477be8
0x00477bed
0x00477bf0
0x00477bf7
0x00477c09
0x00477c0c
0x00477c13
0x00477c37
0x00477c3c
0x00477c43
0x00477c48
0x00477c4a
0x00477c54
0x00477c59
0x00477c5b
0x00477c6a
0x00477c6a
0x00477c5b
0x00477c6c
0x00477c6e
0x00477ca0
0x00477c70
0x00477c88
0x00477c8e
0x00477c8e
0x00477c15
0x00477c2d
0x00477c2d
0x00477bf9
0x00477bfe
0x00477bfe
0x00000000
0x00477bf7
0x0047773e
0x0047773f
0x00477744
0x00477747
0x00477751
0x0047775b
0x00477781
0x004777ad
0x004777f1
0x004777ff
0x004777ff
0x00477802
0x00477804
0x00477806
0x00477806
0x00477812
0x00477812
0x00477815
0x00477817
0x00477819
0x00477819
0x004777af
0x004777af
0x004777c1
0x004777c4
0x004777c6
0x004777c8
0x004777c8
0x004777cb
0x004777dd
0x004777e0
0x004777e2
0x004777e4
0x004777e4
0x004777e2
0x00477828
0x00477834
0x00477834
0x00477842
0x0047784e
0x0047784e
0x00477867
0x00477874
0x0047787d
0x0047787d
0x00000000
0x00477887
0x0047788a
0x00477896
0x00477899
0x004779ac
0x004779ae
0x004779b7
0x004779be
0x00477a06
0x00477a08
0x00477a0a
0x00477a0a
0x00477a17
0x00477a17
0x00477a1f
0x00477a21
0x00477a23
0x00477a23
0x00477a26
0x00477a26
0x00477a34
0x00477a36
0x00477a38
0x00477a38
0x00477a45
0x00477a45
0x00477a4d
0x00477a4f
0x00477a51
0x00477a51
0x00477a54
0x00477a54
0x004779c0
0x004779c0
0x004779d2
0x004779d2
0x004779d5
0x004779d7
0x004779d9
0x004779d9
0x004779dc
0x004779ee
0x004779ee
0x004779f1
0x004779f3
0x004779f5
0x004779f5
0x004779f3
0x00477a5b
0x00477a60
0x00477a62
0x00477a6e
0x00477a6e
0x00477a75
0x00477a7a
0x00477a7c
0x00477a88
0x00477a88
0x00477aa1
0x00477aa1
0x00477aa7
0x00477aaa
0x00477abb
0x00477b91
0x00477ac1
0x00477acb
0x00477b1e
0x00477b32
0x00477b32
0x00477b47
0x00477b4f
0x00477acd
0x00477ad2
0x00477add
0x00477aec
0x00477afc
0x00477afc
0x00477b5d
0x00477b6c
0x00477b6c
0x00000000
0x00477abb
0x0047789f
0x004778a4
0x004778a7
0x004778aa
0x004778b1
0x004778b9
0x004778bf
0x004778c4
0x004778c6
0x004778cb
0x004778cb
0x004778c6
0x004778ce
0x004778d0
0x0047790f
0x0047791e
0x0047791e
0x00477921
0x00477923
0x00477925
0x00477925
0x00477937
0x00477937
0x0047793a
0x0047793c
0x0047793e
0x0047793e
0x00000000
0x004778d2
0x004778d2
0x004778d5
0x00000000
0x00000000
0x004778de
0x004778e6
0x004778e6
0x004778e9
0x004778eb
0x004778ed
0x004778ed
0x004778f0
0x004778f4
0x004778ff
0x004778ff
0x00477902
0x00477904
0x00477906
0x00477906
0x0047790b
0x00477941
0x00477946
0x0047794b
0x0047794d
0x00477959
0x00477959
0x00477960
0x00477965
0x00477967
0x00477973
0x00477973
0x0047798c
0x00477992
0x00477995
0x00477999
0x004779a2
0x004779a2
0x00000000
0x00477999
0x004778d0

Strings

B, xrefs: 004776DF

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LoadString
String ID: B
API String ID: 2948472770-3806887055
Opcode ID: 4e045328244cc594188afde55e2d71f9dd0f4bf585b70e5c901d8f2cc8476ee7
Instruction ID: b81540708de43d09cf1f9f40778678433dda0340ca0a11ccf17e291287917346
Opcode Fuzzy Hash: 4e045328244cc594188afde55e2d71f9dd0f4bf585b70e5c901d8f2cc8476ee7
Instruction Fuzzy Hash: 30127F71A14244EFDB01EBA8C985FDD77F4BB08304F5585A6E908EB362D739AE04DB48

Uniqueness

Uniqueness Score: -1.00%

Function 004DE288, Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 193
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 55%

			E004DE288(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				intOrPtr* _t45;
				intOrPtr _t56;
				intOrPtr _t64;
				unsigned int _t68;
				void* _t71;
				char _t73;
				intOrPtr _t78;
				intOrPtr _t83;
				intOrPtr _t96;
				intOrPtr _t102;
				void* _t112;
				void* _t113;
				intOrPtr _t139;
				intOrPtr _t144;
				intOrPtr _t146;
				intOrPtr _t153;
				intOrPtr _t161;
				intOrPtr _t162;

				_t112 = __ebx;
				_t161 = _t162;
				_t113 = 6;
				do {
					_push(0);
					_push(0);
					_t113 = _t113 - 1;
					_t163 = _t113;
				} while (_t113 != 0);
				_push(_t113);
				 *[fs:eax] = _t162;
				L0047F714( &_v12);
				E00406448(0x50bdcc, _v12,  *[fs:eax]);
				L0047F740( &_v16);
				E00406448(0x50bdd0, _v16, 0x4de566);
				L0047F76C( &_v20, _t113, __esi, _t161, _t163);
				E00406448(0x50bdd4, _v20, _t161);
				_t45 =  *0x505038; // 0x502914
				_t164 =  *_t45 - 2;
				if( *_t45 != 2) {
					__eflags = 0;
					E00406448(0x50bdd8, 0);
				} else {
					E0047F040(L"SystemDrive", _t113,  &_v24, _t164);
					E00406448(0x50bdd8, _v24);
				}
				if( *0x50bdd8 == 0) {
					_t102 =  *0x50bdcc; // 0x25e102c
					E0047E794(_t102, _t113,  &_v28);
					E00406448(0x50bdd8, _v28);
					_t166 =  *0x50bdd8;
					if( *0x50bdd8 == 0) {
						E00406448(0x50bdd8, 0x4de5a4);
					}
				}
				E004DE118(1, L"ProgramFilesDir", _t166); // executed
				E00406448(0x50bddc, _v32);
				_t167 =  *0x50bddc;
				if( *0x50bddc == 0) {
					_t153 =  *0x50bdd8; // 0x25d1bdc
					E00406914(0x50bddc, L"\\Program Files", _t153);
				}
				E004DE118(1, L"CommonFilesDir", _t167); // executed
				E00406448(0x50bde0, _v36);
				if( *0x50bde0 == 0) {
					_t96 =  *0x50bddc; // 0x26137bc
					E0047E290(_t96,  &_v40);
					E00406914(0x50bde0, L"Common Files", _v40);
				}
				_t169 =  *0x50c05a;
				if( *0x50c05a != 0) {
					E004DE118(2, L"ProgramFilesDir", _t169); // executed
					E00406448(0x50bde4, _v44);
					_t170 =  *0x50bde4;
					if( *0x50bde4 == 0) {
						L004ADAE0(L"Failed to get path of 64-bit Program Files directory", _t112);
					}
					E004DE118(2, L"CommonFilesDir", _t170); // executed
					E00406448(0x50bde8, _v48);
					if( *0x50bde8 == 0) {
						L004ADAE0(L"Failed to get path of 64-bit Common Files directory", _t112);
					}
				}
				if( *0x50c124 == 0) {
					L23:
					__eflags =  *0x50c059;
					if( *0x50c059 == 0) {
						_t56 =  *0x50bdcc; // 0x25e102c
						E0047E290(_t56,  &_v56);
						E00406914(0x50bdf4, L"COMMAND.COM", _v56); // executed
					} else {
						_t64 =  *0x50bdd0; // 0x2605f8c
						E0047E290(_t64,  &_v52);
						E00406914(0x50bdf4, L"cmd.exe", _v52);
					}
					E004DE1CC(); // executed
					__eflags = 0;
					_pop(_t139);
					 *[fs:eax] = _t139;
					_push(E004DE56D);
					return L00406440( &_v56, 0xc);
				} else {
					_t68 =  *0x50c06c; // 0xa0042ee
					if(_t68 >> 0x10 < 0x600) {
						goto L23;
					} else {
						_t71 =  *0x50c124(0x5045a0, 0x8000, 0,  &_v8); // executed
						if(_t71 != 0) {
							_t73 =  *0x50c124(0x5045b0, 0x8000, 0,  &_v8); // executed
							__eflags = _t73;
							if(_t73 != 0) {
								goto L23;
							} else {
								_push(_t161);
								_push(0x4de4f6);
								_push( *[fs:eax]);
								 *[fs:eax] = _t162;
								L00407690();
								__eflags = 0;
								_pop(_t144);
								 *[fs:eax] = _t144;
								_push(E004DE4FD);
								_t78 = _v8;
								_push(_t78);
								L004150F4();
								return _t78;
							}
						} else {
							_push(_t161);
							_push(0x4de4a3);
							_push( *[fs:eax]);
							 *[fs:eax] = _t162;
							L00407690();
							_pop(_t146);
							 *[fs:eax] = _t146;
							_push(E004DE4AA);
							_t83 = _v8;
							_push(_t83);
							L004150F4();
							return _t83;
						}
					}
				}
			}

0x004de288
0x004de289
0x004de28b
0x004de290
0x004de290
0x004de292
0x004de294
0x004de294
0x004de294
0x004de297
0x004de2a3
0x004de2a9
0x004de2b6
0x004de2be
0x004de2cb
0x004de2d3
0x004de2e0
0x004de2e5
0x004de2ea
0x004de2ed
0x004de310
0x004de312
0x004de2ef
0x004de2f7
0x004de304
0x004de304
0x004de31e
0x004de323
0x004de328
0x004de335
0x004de33a
0x004de341
0x004de34d
0x004de34d
0x004de341
0x004de35c
0x004de369
0x004de36e
0x004de375
0x004de381
0x004de387
0x004de387
0x004de396
0x004de3a3
0x004de3af
0x004de3b4
0x004de3b9
0x004de3cb
0x004de3cb
0x004de3d0
0x004de3d7
0x004de3e3
0x004de3f0
0x004de3f5
0x004de3fc
0x004de403
0x004de403
0x004de412
0x004de41f
0x004de42b
0x004de432
0x004de432
0x004de42b
0x004de43e
0x004de4fd
0x004de4fd
0x004de504
0x004de52a
0x004de52f
0x004de541
0x004de506
0x004de509
0x004de50e
0x004de520
0x004de520
0x004de546
0x004de54b
0x004de54d
0x004de550
0x004de553
0x004de565
0x004de444
0x004de444
0x004de451
0x00000000
0x004de457
0x004de467
0x004de46f
0x004de4ba
0x004de4c0
0x004de4c2
0x00000000
0x004de4c4
0x004de4c6
0x004de4c7
0x004de4cc
0x004de4cf
0x004de4da
0x004de4df
0x004de4e1
0x004de4e4
0x004de4e7
0x004de4ec
0x004de4ef
0x004de4f0
0x004de4f5
0x004de4f5
0x004de471
0x004de473
0x004de474
0x004de479
0x004de47c
0x004de487
0x004de48e
0x004de491
0x004de494
0x004de499
0x004de49c
0x004de49d
0x004de4a2
0x004de4a2
0x004de46f
0x004de451

APIs

SHGetKnownFolderPath.SHELL32(005045A0,00008000,00000000,?,00000000,004DE566,?,00000005,00000000,00000000,?,004FCCF4,00000006,?,00000000,004FD285), ref: 004DE467
CoTaskMemFree.OLE32(?,004DE4AA,?,00000005,00000000,00000000,?,004FCCF4,00000006,?,00000000,004FD285,?,00000000,004FD344), ref: 004DE49D
SHGetKnownFolderPath.SHELL32(005045B0,00008000,00000000,?,?,00000005,00000000,00000000,?,004FCCF4,00000006,?,00000000,004FD285,?,00000000), ref: 004DE4BA
CoTaskMemFree.OLE32(?,004DE4FD,?,00000005,00000000,00000000,?,004FCCF4,00000006,?,00000000,004FD285,?,00000000,004FD344), ref: 004DE4F0

Strings

cmd.exe, xrefs: 004DE51B
COMMAND.COM, xrefs: 004DE53C
Common Files, xrefs: 004DE3C6
SystemDrive, xrefs: 004DE2F2
CommonFilesDir, xrefs: 004DE38F, 004DE40B
Failed to get path of 64-bit Common Files directory, xrefs: 004DE42D
ProgramFilesDir, xrefs: 004DE355, 004DE3DC
\Program Files, xrefs: 004DE37C
Failed to get path of 64-bit Program Files directory, xrefs: 004DE3FE

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FolderFreeKnownPathTask
String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
API String ID: 969438705-544719455
Opcode ID: d49f1c2fb619bb62809ca1bff4e30279b716bbd861104faecc848d21feb32ee1
Instruction ID: b8caeeca8f96ab44b67d8ef63914c586ba38b2995f5742af6ff0583ae043f2bf
Opcode Fuzzy Hash: d49f1c2fb619bb62809ca1bff4e30279b716bbd861104faecc848d21feb32ee1
Instruction Fuzzy Hash: E771A6756002059FEB10FB96D8A2B9EB7A5EB88708F608477F4016B381D73C9D05DB6D

Uniqueness

Uniqueness Score: -1.00%

Function 0047B4AC, Relevance: 19.9, APIs: 13, Instructions: 429
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 91%

			E0047B4AC(struct HWND__* __eax, void* __ecx, struct HWND__* __edx) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v40;
				void* _v44;
				struct HWND__* _v56;
				char _v60;
				struct HWND__* _v72;
				void* _v76;
				void* __ebx;
				struct HWND__* __esi;
				void* __ebp;
				signed int _t168;
				struct HWND__* _t169;
				struct HWND__* _t170;
				struct HWND__* _t183;
				struct HWND__* _t192;
				struct HWND__* _t195;
				struct HWND__* _t196;
				struct HWND__* _t198;
				struct HWND__* _t204;
				struct HWND__* _t206;
				struct HWND__* _t209;
				struct HWND__* _t212;
				struct HWND__* _t213;
				struct HWND__* _t223;
				struct HWND__* _t227;
				struct HWND__* _t232;
				struct HWND__* _t234;
				intOrPtr _t235;
				intOrPtr _t237;
				struct HWND__* _t240;
				void* _t243;
				struct HWND__* _t249;
				struct HWND__* _t253;
				struct HWND__* _t261;
				intOrPtr _t273;
				intOrPtr _t275;
				struct HWND__* _t278;
				intOrPtr _t279;
				int* _t287;
				struct HWND__* _t293;
				struct HWND__* _t299;
				struct HWND__* _t301;
				struct HWND__* _t304;
				intOrPtr* _t307;
				void* _t321;
				signed int _t323;
				struct HWND__* _t326;
				struct HWND__* _t330;
				struct HWND__* _t331;
				struct HWND__* _t332;
				void* _t333;
				intOrPtr _t355;
				struct HWND__* _t359;
				struct HWND__* _t367;
				intOrPtr _t379;
				void* _t383;
				struct HWND__* _t387;
				void* _t390;
				void* _t391;
				intOrPtr _t392;

				_t333 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_push(_t391);
				_push(0x47bbce);
				_push( *[fs:edx]);
				 *[fs:edx] = _t392;
				 *(_v12 + 0xc) = 0;
				_t321 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xac)) + 8)) - 1;
				if(_t321 < 0) {
					L5:
					L0047B320(_v8, _t333, _v12);
					_t323 =  *_v12;
					_t168 = _t323;
					__eflags = _t168 - 0x53;
					if(__eflags > 0) {
						__eflags = _t168 - 0xb017;
						if(__eflags > 0) {
							__eflags = _t168 - 0xb020;
							if(__eflags > 0) {
								_t169 = _t168 - 0xb031;
								__eflags = _t169;
								if(_t169 == 0) {
									_t170 = _v12;
									__eflags =  *((intOrPtr*)(_t170 + 4)) - 1;
									if( *((intOrPtr*)(_t170 + 4)) != 1) {
										 *(_v8 + 0xb4) =  *(_v12 + 8);
									} else {
										 *(_v12 + 0xc) =  *(_v8 + 0xb4);
									}
									L111:
									_pop(_t355);
									 *[fs:eax] = _t355;
									return 0;
								}
								__eflags = _t169 + 0xfffffff2 - 2;
								if(_t169 + 0xfffffff2 - 2 < 0) {
									 *(_v12 + 0xc) = L0047DDA4(_v8,  *(_v12 + 8), _t323) & 0x0000007f;
								} else {
									L110:
									E0047B41C(_t391); // executed
								}
								goto L111;
							}
							if(__eflags == 0) {
								_t183 = _v12;
								__eflags =  *(_t183 + 4);
								if( *(_t183 + 4) != 0) {
									E0047C444(_v8, _t333,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								} else {
									E0047C3E4(_v8,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								}
								goto L111;
							}
							_t192 = _t168 - 0xb01a;
							__eflags = _t192;
							if(_t192 == 0) {
								_t195 = E00470A2C( *(_v8 + 0x170));
								__eflags = _t195;
								if(_t195 == 0) {
									_t196 = GetFocus();
									_t359 = _v8;
									__eflags = _t196 -  *((intOrPtr*)(_t359 + 0x170));
									if(_t196 ==  *((intOrPtr*)(_t359 + 0x170))) {
										_t198 = E00470D5C(0);
										__eflags = _t198;
										if(_t198 != 0) {
											SetFocus(_t198);
										}
									}
								}
								goto L111;
							}
							__eflags = _t192 == 5;
							if(_t192 == 5) {
								L96:
								E0047CB00(_v8,  *(_v12 + 8),  *(_v12 + 4) & 0x0000ffff);
								goto L111;
							} else {
								goto L110;
							}
						}
						if(__eflags == 0) {
							_t204 =  *(_v8 + 0x40);
							__eflags = _t204;
							if(_t204 != 0) {
								_t324 = _t204;
								_t206 = L00463A10(_t204);
								__eflags = _t206;
								if(_t206 != 0) {
									_t209 = IsWindowEnabled(L00463A10(_t324));
									__eflags = _t209;
									if(_t209 != 0) {
										_t212 = IsWindowVisible(L00463A10(_t324));
										__eflags = _t212;
										if(_t212 != 0) {
											 *0x503c9c = 0;
											_t213 = GetFocus();
											SetFocus(L00463A10(_t324));
											E0045C458(_t324,  *(_v12 + 4), 0x112,  *(_v12 + 8));
											SetFocus(_t213);
											 *0x503c9c = 1;
											 *(_v12 + 0xc) = 1;
										}
									}
								}
							}
							goto L111;
						}
						__eflags = _t168 - 0xb000;
						if(__eflags > 0) {
							_t223 = _t168 - 0xb001;
							__eflags = _t223;
							if(_t223 == 0) {
								 *(_v8 + 0xd0) = GetLastActivePopup( *(_v8 + 0x170));
								_t227 = _v8;
								__eflags =  *((short*)(_t227 + 0x13a));
								if( *((short*)(_t227 + 0x13a)) != 0) {
									 *((intOrPtr*)(_v8 + 0x138))();
								}
								goto L111;
							}
							__eflags = _t223 == 0x15;
							if(_t223 == 0x15) {
								_t232 = E0047C148(_v8, _t333, _v12);
								__eflags = _t232;
								if(_t232 != 0) {
									 *(_v12 + 0xc) = 1;
								}
								goto L111;
							} else {
								goto L110;
							}
						}
						if(__eflags == 0) {
							_t234 = _v8;
							__eflags =  *((short*)(_t234 + 0x142));
							if( *((short*)(_t234 + 0x142)) != 0) {
								 *((intOrPtr*)(_v8 + 0x140))();
							}
							_t235 =  *0x50b17c; // 0x25b4140
							_t326 =  *(_t235 + 0x40);
							__eflags = _t326;
							if(_t326 != 0) {
								_t237 =  *0x50b17c; // 0x25b4140
								__eflags =  *((char*)(_t237 + 0xcf));
								if( *((char*)(_t237 + 0xcf)) != 0) {
									_t240 = IsWindowEnabled(L00463A10(_t326));
									__eflags = _t240;
									if(_t240 == 0) {
										_t243 = L00463A10( *(_v8 + 0x40));
										_t367 = _v8;
										__eflags = _t243 -  *((intOrPtr*)(_t367 + 0xd0));
										if(_t243 !=  *((intOrPtr*)(_t367 + 0xd0))) {
											SetFocus( *(_v8 + 0xd0));
										}
									}
								}
							}
							 *(_v8 + 0xd0) = 0;
							goto L111;
						}
						_t249 = _t168 - 0x112;
						__eflags = _t249;
						if(_t249 == 0) {
							_t253 = ( *(_v12 + 4) & 0x0000fff0) - 0xf020;
							__eflags = _t253;
							if(_t253 == 0) {
								L0047BC08(_v8, _t333);
							} else {
								__eflags = _t253 == 0x100;
								if(_t253 == 0x100) {
									L0047BD0C(_v8, _t333);
								} else {
									E0047B41C(_t391);
								}
							}
							goto L111;
						}
						_t261 = _t249 + 0xffffffe0 - 7;
						__eflags = _t261;
						if(_t261 < 0) {
							 *(_v12 + 0xc) = SendMessageW( *(_v12 + 8), _t323 + 0xbc00,  *(_v12 + 4),  *(_v12 + 8));
							goto L111;
						}
						__eflags = _t261 == 0x1e1;
						if(_t261 == 0x1e1) {
							E0046B03C(E0046AED4());
							_v28 = 0xb051;
							_v24 = 0;
							_v20 = 0;
							_v16 = 0;
							_t273 =  *0x50b180; // 0x25c26a0
							_t330 = L004796E8(_t273) - 1;
							__eflags = _t330;
							if(_t330 < 0) {
								goto L111;
							}
							_t331 =  &(_t330->i);
							_t387 = 0;
							__eflags = 0;
							do {
								_t275 =  *0x50b180; // 0x25c26a0
								L0045F6FC(L004796D4(_t275, _t387), _t333,  &_v28, __eflags);
								_t387 =  &(_t387->i);
								_t331 = _t331 - 1;
								__eflags = _t331;
							} while (__eflags != 0);
							goto L111;
						} else {
							goto L110;
						}
					}
					if(__eflags == 0) {
						goto L96;
					}
					__eflags = _t168 - 0x11;
					if(__eflags > 0) {
						__eflags = _t168 - 0x1c;
						if(__eflags > 0) {
							_t278 = _t168 - 0x1d;
							__eflags = _t278;
							if(_t278 == 0) {
								_t279 =  *0x50b180; // 0x25c26a0
								E0047A440(_t279);
								E0047B41C(_t391);
								goto L111;
							}
							__eflags = _t278 == 0x1a;
							if(_t278 == 0x1a) {
								 *(_v12 + 0xc) = L0047BBEC(_v8);
								goto L111;
							} else {
								goto L110;
							}
						}
						if(__eflags == 0) {
							E0047B41C(_t391);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							__eflags = _v40 - 1;
							asm("sbb eax, eax");
							_t287 =  &(_v12->i);
							 *(_v8 + 0xa1) = _t287;
							__eflags = _t287;
							if(_t287 == 0) {
								E0047AFC4();
								PostMessageW( *(_v8 + 0x170), 0xb001, 0, 0); // executed
							} else {
								_t293 = _v8;
								__eflags =  *((char*)(_t293 + 0xcf));
								if( *((char*)(_t293 + 0xcf)) != 0) {
									_t299 = _v8;
									__eflags =  *((char*)(_t299 + 0x30));
									if( *((char*)(_t299 + 0x30)) != 0) {
										 *((char*)(_v8 + 0x30)) = 0;
									}
								}
								E0047B024(_v8);
								PostMessageW( *(_v8 + 0x170), 0xb000, 0, 0); // executed
							}
							goto L111;
						}
						_t301 = _t168 - 0x14;
						__eflags = _t301;
						if(_t301 == 0) {
							 *_v12 = 0x27;
							E0047B41C(_t391);
							goto L111;
						}
						_t304 = _t301 - 2;
						__eflags = _t304;
						if(_t304 == 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							__eflags = _v72;
							if(_v72 != 0) {
								E00405084();
							}
							goto L111;
						}
						__eflags = _t304 == 4;
						if(_t304 == 4) {
							_t307 =  *0x504fd0; // 0x50b0d8
							E004690D4( *_t307, _t333,  *(_v12 + 4));
							L0047B3A0(_v8, _t323, _v12, _t383);
							E0047B41C(_t391);
							goto L111;
						} else {
							goto L110;
						}
					}
					if(__eflags == 0) {
						 *(_v12 + 0xc) = 1;
						goto L111;
					}
					__eflags = _t168 - 0x10;
					if(_t168 > 0x10) {
						goto L110;
					}
					switch( *((intOrPtr*)(_t168 * 4 +  &M0047B550))) {
						case 0:
							0 = E0042A364(0, __ebx, __edi, __esi);
							goto L111;
						case 1:
							goto L110;
						case 2:
							__eax = _v12;
							__eflags =  *((intOrPtr*)(__eax + 4)) - 1;
							if( *((intOrPtr*)(__eax + 4)) == 1) {
								__eax = _v8;
								 *((char*)(_v8 + 0x30)) = 1;
							}
							goto L111;
						case 3:
							_push(0);
							_push(0);
							_push(0xb01a);
							_v8 =  *(_v8 + 0x170);
							_push( *(_v8 + 0x170));
							L00409F54();
							__eax = E0047B41C(__ebp);
							goto L111;
						case 4:
							__eax = _v12;
							__esi = _v12;
							__edi =  &_v60;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							__eflags = _v56;
							if(_v56 == 0) {
								__eax = E0047B41C(__ebp);
								__eax = _v8;
								__eflags =  *(__eax + 0xb0);
								if( *(__eax + 0xb0) == 0) {
									__eflags =  *0x503cb0;
									if( *0x503cb0 == 0) {
										__eax = _v8;
										__eax =  *(_v8 + 0x170);
										__eax = E00470BFC( *(_v8 + 0x170), __ebx,  &_v60, __esi);
										__edx = _v8;
										 *(_v8 + 0xb0) = __eax;
									}
								}
								_v8 = L0047AFCC();
								goto L111;
							}
							__eflags =  *0x503cb0;
							if( *0x503cb0 == 0) {
								_v8 = E0047B024(_v8);
								__eax = _v8;
								__eax =  *(_v8 + 0xb0);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = _v8;
									__edx = 0;
									__eflags = 0;
									 *(_v8 + 0xb0) = 0;
								}
							}
							__eax = E0047B41C(__ebp);
							goto L111;
						case 5:
							__eax = _v8;
							__eax =  *(_v8 + 0x170);
							__eax = E00470A2C( *(_v8 + 0x170));
							__eflags = __eax;
							if(__eax == 0) {
								__eax = E0047B41C(__ebp);
							} else {
								__eax = L0047B45C(__ebp);
							}
							goto L111;
						case 6:
							__eax = _v8;
							__eax =  *(_v8 + 0x40);
							__eflags = __eax;
							if(__eax != 0) {
								__eax = L00477E0C(__eax, __ecx);
							}
							goto L111;
					}
				} else {
					_t332 = _t321 + 1;
					_t390 = 0;
					do {
						if( *((intOrPtr*)(L00423514( *((intOrPtr*)(_v8 + 0xac)), _t390)))() != 0) {
							_pop(_t379);
							 *[fs:eax] = _t379;
							return 0;
						}
						_t390 = _t390 + 1;
						_t332 = _t332 - 1;
						__eflags = _t332;
					} while (_t332 != 0);
					goto L5;
				}
			}

0x0047b4ac
0x0047b4b5
0x0047b4b8
0x0047b4bd
0x0047b4be
0x0047b4c3
0x0047b4c6
0x0047b4ce
0x0047b4dd
0x0047b4e0
0x0047b514
0x0047b51a
0x0047b522
0x0047b524
0x0047b526
0x0047b529
0x0047b5d6
0x0047b5db
0x0047b62c
0x0047b631
0x0047b652
0x0047b652
0x0047b657
0x0047bafc
0x0047baff
0x0047bb03
0x0047bb22
0x0047bb05
0x0047bb11
0x0047bb11
0x0047bbc4
0x0047bbc6
0x0047bbc9
0x00000000
0x0047bbc9
0x0047b660
0x0047b663
0x0047b8e3
0x0047b669
0x0047bbbd
0x0047bbbe
0x0047bbc3
0x00000000
0x0047b663
0x0047b633
0x0047bac3
0x0047bac6
0x0047baca
0x0047baf2
0x0047bacc
0x0047bada
0x0047bada
0x00000000
0x0047baca
0x0047b639
0x0047b639
0x0047b63e
0x0047ba6e
0x0047ba73
0x0047ba75
0x0047ba7b
0x0047ba80
0x0047ba83
0x0047ba89
0x0047ba91
0x0047ba96
0x0047ba98
0x0047ba9f
0x0047ba9f
0x0047ba98
0x0047ba89
0x00000000
0x0047ba75
0x0047b644
0x0047b647
0x0047baa9
0x0047bab9
0x00000000
0x0047b64d
0x00000000
0x0047b64d
0x0047b647
0x0047b5dd
0x0047b910
0x0047b913
0x0047b915
0x0047b91b
0x0047b91f
0x0047b924
0x0047b926
0x0047b934
0x0047b939
0x0047b93b
0x0047b949
0x0047b94e
0x0047b950
0x0047b956
0x0047b95d
0x0047b96c
0x0047b985
0x0047b98b
0x0047b990
0x0047b99a
0x0047b99a
0x0047b950
0x0047b93b
0x0047b926
0x00000000
0x0047b915
0x0047b5e3
0x0047b5e8
0x0047b613
0x0047b613
0x0047b618
0x0047ba37
0x0047ba3d
0x0047ba40
0x0047ba48
0x0047ba5a
0x0047ba5a
0x00000000
0x0047ba48
0x0047b61e
0x0047b621
0x0047b8f1
0x0047b8f6
0x0047b8f8
0x0047b901
0x0047b901
0x00000000
0x0047b627
0x00000000
0x0047b627
0x0047b621
0x0047b5ea
0x0047b9a6
0x0047b9a9
0x0047b9b1
0x0047b9bf
0x0047b9bf
0x0047b9c5
0x0047b9ca
0x0047b9cd
0x0047b9cf
0x0047b9d1
0x0047b9d6
0x0047b9dd
0x0047b9e7
0x0047b9ec
0x0047b9ee
0x0047b9f6
0x0047b9fb
0x0047b9fe
0x0047ba04
0x0047ba10
0x0047ba10
0x0047ba04
0x0047b9ee
0x0047b9dd
0x0047ba1a
0x00000000
0x0047ba1a
0x0047b5f0
0x0047b5f0
0x0047b5f5
0x0047b679
0x0047b679
0x0047b67e
0x0047b68c
0x0047b680
0x0047b680
0x0047b685
0x0047b699
0x0047b687
0x0047b6a4
0x0047b6a9
0x0047b685
0x00000000
0x0047b67e
0x0047b5fa
0x0047b5fa
0x0047b5fd
0x0047b893
0x00000000
0x0047b893
0x0047b603
0x0047b608
0x0047bb6b
0x0047bb70
0x0047bb79
0x0047bb7e
0x0047bb83
0x0047bb86
0x0047bb92
0x0047bb93
0x0047bb95
0x00000000
0x00000000
0x0047bb97
0x0047bb98
0x0047bb98
0x0047bb9a
0x0047bb9c
0x0047bba9
0x0047bbae
0x0047bbaf
0x0047bbaf
0x0047bbaf
0x00000000
0x0047b60e
0x00000000
0x0047b60e
0x0047b608
0x0047b52f
0x00000000
0x00000000
0x0047b535
0x0047b538
0x0047b594
0x0047b597
0x0047b5bf
0x0047b5bf
0x0047b5c2
0x0047bb53
0x0047bb58
0x0047bb5e
0x00000000
0x0047bb63
0x0047b5c8
0x0047b5cb
0x0047b72a
0x00000000
0x0047b5d1
0x00000000
0x0047b5d1
0x0047b5cb
0x0047b599
0x0047b757
0x0047b765
0x0047b766
0x0047b767
0x0047b768
0x0047b769
0x0047b76d
0x0047b76f
0x0047b773
0x0047b779
0x0047b77b
0x0047b7c1
0x0047b7d9
0x0047b77d
0x0047b77d
0x0047b780
0x0047b787
0x0047b789
0x0047b78c
0x0047b790
0x0047b795
0x0047b795
0x0047b790
0x0047b79c
0x0047b7b4
0x0047b7b4
0x00000000
0x0047b77b
0x0047b59f
0x0047b59f
0x0047b5a2
0x0047b70d
0x0047b714
0x00000000
0x0047b719
0x0047b5a8
0x0047b5a8
0x0047b5ab
0x0047b8a3
0x0047b8a4
0x0047b8a5
0x0047b8a6
0x0047b8a7
0x0047b8ab
0x0047b8b1
0x0047b8b1
0x00000000
0x0047b8ab
0x0047b5b1
0x0047b5b4
0x0047bb33
0x0047bb3a
0x0047bb45
0x0047bb4b
0x00000000
0x0047b5ba
0x00000000
0x0047b5ba
0x0047b5b4
0x0047b53a
0x0047b8be
0x00000000
0x0047b8be
0x0047b540
0x0047b543
0x00000000
0x00000000
0x0047b549
0x00000000
0x0047bbb6
0x00000000
0x00000000
0x00000000
0x00000000
0x0047b6af
0x0047b6b2
0x0047b6b6
0x0047b6bc
0x0047b6bf
0x0047b6bf
0x00000000
0x00000000
0x0047b732
0x0047b734
0x0047b736
0x0047b73e
0x0047b744
0x0047b745
0x0047b74b
0x00000000
0x00000000
0x0047b7e3
0x0047b7e6
0x0047b7e8
0x0047b7eb
0x0047b7ec
0x0047b7ed
0x0047b7ee
0x0047b7ef
0x0047b7f3
0x0047b830
0x0047b836
0x0047b839
0x0047b840
0x0047b842
0x0047b849
0x0047b84b
0x0047b84e
0x0047b854
0x0047b859
0x0047b85c
0x0047b85c
0x0047b849
0x0047b865
0x00000000
0x0047b865
0x0047b7f5
0x0047b7fc
0x0047b801
0x0047b806
0x0047b809
0x0047b80f
0x0047b811
0x0047b818
0x0047b81b
0x0047b81b
0x0047b81d
0x0047b81d
0x0047b811
0x0047b824
0x00000000
0x00000000
0x0047b6e0
0x0047b6e3
0x0047b6e9
0x0047b6ee
0x0047b6f0
0x0047b6ff
0x0047b6f2
0x0047b6f3
0x0047b6f8
0x00000000
0x00000000
0x0047b6c8
0x0047b6cb
0x0047b6ce
0x0047b6d0
0x0047b6d6
0x0047b6d6
0x00000000
0x00000000
0x0047b4e2
0x0047b4e2
0x0047b4e3
0x0047b4e5
0x0047b501
0x0047b505
0x0047b508
0x00000000
0x0047b508
0x0047b510
0x0047b511
0x0047b511
0x0047b511
0x00000000
0x0047b4e5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1a52d74fdc5a11b89f907c96d923392d0a8d0d41c57d28591cc64318d72a422
Instruction ID: 742d3f5ed802d9271d9bffeb4ef0ec10d082987a2623d0121d7fd6f12202aa94
Opcode Fuzzy Hash: d1a52d74fdc5a11b89f907c96d923392d0a8d0d41c57d28591cc64318d72a422
Instruction Fuzzy Hash: 01F14D30600208DFDB11DF69C585BDEB7B1EF08314F14C5A6E809AB766C738AE45DB99

Uniqueness

Uniqueness Score: -1.00%

Function 0047ABF0, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 131
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 35%

			E0047ABF0(void* __eax, void* __ebx, void* __ecx) {
				struct _WNDCLASSW _v44;
				char _v48;
				char* _t21;
				WCHAR* _t25;
				struct HINSTANCE__* _t26;
				intOrPtr* _t28;
				signed int _t31;
				intOrPtr* _t32;
				signed int _t35;
				struct HINSTANCE__* _t36;
				struct HWND__* _t40;
				char* _t44;
				char* _t49;
				long _t52;
				long _t56;
				struct HINSTANCE__* _t59;
				intOrPtr _t61;
				void* _t66;
				struct HMENU__* _t67;
				intOrPtr _t74;
				WCHAR* _t75;
				void* _t80;
				short _t85;

				_v48 = 0;
				_t66 = __eax;
				_push(_t80);
				_push(0x47ada1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t80 + 0xffffffd4;
				if( *((char*)(__eax + 0xa8)) != 0) {
					L13:
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x47ada8);
					return L00406438( &_v48);
				}
				_t21 =  *0x504ed0; // 0x506054
				if( *_t21 != 0) {
					goto L13;
				}
				 *(_t66 + 0x174) = E00470ED8(E0047B4AC, __eax);
				 *0x503da8 = L00409BCC;
				_t25 =  *0x503dc8; // 0x47a80c
				_t26 =  *0x508b50; // 0x400000
				if(GetClassInfoW(_t26, _t25,  &_v44) == 0) {
					_t59 =  *0x508b50; // 0x400000
					 *0x503db4 = _t59;
					_t85 = RegisterClassW(0x503da4);
					if(_t85 == 0) {
						_t61 =  *0x504a90; // 0x42e3c4
						E00408D5C(_t61,  &_v48);
						L00411930(_v48, 1);
						E00404A74();
					}
				}
				_t28 =  *0x504bc8; // 0x50aeb0
				_t31 =  *((intOrPtr*)( *_t28))(0, 0x84ca0000) >> 1;
				if(_t85 < 0) {
					asm("adc eax, 0x0");
				}
				_t32 =  *0x504bc8; // 0x50aeb0
				_t35 =  *((intOrPtr*)( *_t32))(1, _t31) >> 1;
				if(_t85 < 0) {
					asm("adc eax, 0x0");
				}
				_push(_t35);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t36 =  *0x508b50; // 0x400000
				_push(_t36);
				_push(0);
				_t7 = _t66 + 0x88; // 0x470a0c
				E004064D4( *_t7);
				_t75 =  *0x503dc8; // 0x47a80c
				_t40 = E0040A124(0x80, _t75); // executed
				 *(_t66 + 0x170) = _t40;
				 *((char*)(_t66 + 0xa8)) = 1;
				_t10 = _t66 + 0x174; // 0x56022444
				_t11 = _t66 + 0x170; // 0x8840c01b
				SetWindowLongW( *_t11, 0xfffffffc,  *_t10);
				_t44 =  *0x504ca0; // 0x50b0e4
				if( *_t44 != 0) {
					_t52 = L0047BBEC(_t66);
					_t12 = _t66 + 0x170; // 0x8840c01b
					SendMessageW( *_t12, 0x80, 1, _t52); // executed
					_t56 = L0047BBEC(_t66);
					_t13 = _t66 + 0x170; // 0x8840c01b
					SetClassLongW( *_t13, 0xfffffff2, _t56); // executed
				}
				_t14 = _t66 + 0x170; // 0x8840c01b
				_t67 = GetSystemMenu( *_t14, "true");
				DeleteMenu(_t67, 0xf030, 0);
				DeleteMenu(_t67, 0xf000, 0);
				_t49 =  *0x504ca0; // 0x50b0e4
				if( *_t49 != 0) {
					DeleteMenu(_t67, 0xf010, 0);
				}
				goto L13;
			}

0x0047abf9
0x0047abfc
0x0047ac00
0x0047ac01
0x0047ac06
0x0047ac09
0x0047ac13
0x0047ad8b
0x0047ad8d
0x0047ad90
0x0047ad93
0x0047ada0
0x0047ada0
0x0047ac19
0x0047ac21
0x00000000
0x00000000
0x0047ac32
0x0047ac3d
0x0047ac46
0x0047ac4c
0x0047ac59
0x0047ac5b
0x0047ac60
0x0047ac6f
0x0047ac72
0x0047ac77
0x0047ac7c
0x0047ac8b
0x0047ac90
0x0047ac90
0x0047ac72
0x0047ac9c
0x0047aca5
0x0047aca7
0x0047aca9
0x0047aca9
0x0047acaf
0x0047acb8
0x0047acba
0x0047acbc
0x0047acbc
0x0047acbf
0x0047acc0
0x0047acc2
0x0047acc4
0x0047acc6
0x0047acc8
0x0047accd
0x0047acce
0x0047acd0
0x0047acd6
0x0047acdd
0x0047ace8
0x0047aced
0x0047acf3
0x0047acfa
0x0047ad03
0x0047ad0a
0x0047ad0f
0x0047ad17
0x0047ad1b
0x0047ad28
0x0047ad2f
0x0047ad36
0x0047ad3e
0x0047ad45
0x0047ad45
0x0047ad4c
0x0047ad58
0x0047ad62
0x0047ad6f
0x0047ad74
0x0047ad7c
0x0047ad86
0x0047ad86
0x00000000

APIs

GetClassInfoW.USER32 ref: 0047AC52
RegisterClassW.USER32 ref: 0047AC6A

Part of subcall function 00408D5C: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00408DA1

SetWindowLongW.USER32 ref: 0047AD0A
SendMessageW.USER32(8840C01B,00000080,00000001,00000000), ref: 0047AD2F
SetClassLongW.USER32(8840C01B,000000F2,00000000), ref: 0047AD45
GetSystemMenu.USER32(8840C01B,00000000,8840C01B,000000FC,56022444,00000000,00400000,00000000,00000000,00000000,00000000,00000000), ref: 0047AD53
DeleteMenu.USER32(00000000,0000F030,00000000,8840C01B,00000000,8840C01B,000000FC,56022444,00000000,00400000,00000000,00000000,00000000,00000000,00000000), ref: 0047AD62
DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,8840C01B,00000000,8840C01B,000000FC,56022444,00000000,00400000,00000000,00000000,00000000), ref: 0047AD6F
DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,8840C01B,00000000,8840C01B,000000FC,56022444,00000000,00400000), ref: 0047AD86

Strings

T`P, xrefs: 0047AC19
8B, xrefs: 0047AC86

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Menu$ClassDelete$Long$InfoLoadMessageRegisterSendStringSystemWindow
String ID: 8B$T`P
API String ID: 2334458219-3527321834
Opcode ID: 56a1d5afc7dc3222354fb52da9ba347f09e856a8e438ff6c301da5625b82f527
Instruction ID: 8541d3cd1cdf845da61a4b1f88b0931a71af77d491e3ba0bb05bdbbd616d903d
Opcode Fuzzy Hash: 56a1d5afc7dc3222354fb52da9ba347f09e856a8e438ff6c301da5625b82f527
Instruction Fuzzy Hash: 964153716042006FEB11EB79DC81FAE37A9BB44304F544575F908EF2E2DA79AC148729

Uniqueness

Uniqueness Score: -1.00%

Function 00469620, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 108
registrythreadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 88%

			E00469620(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				intOrPtr _t25;
				char _t29;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t56;
				intOrPtr* _t81;
				intOrPtr* _t83;
				intOrPtr _t87;
				void* _t91;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t91);
				 *[fs:eax] = _t91 + 0xffffffe0;
				_v16 = GetCurrentProcessId();
				_v12 = 0;
				E0040E258(L"Delphi%.8X", 0,  &_v16,  &_v8);
				E00406448(0x50b0f0, _v8,  *[fs:eax]);
				_t25 =  *0x50b0f0; // 0x25e690c
				 *0x50b0ec = GlobalAddAtomW(E004064D4(_t25));
				_t29 =  *0x508b50; // 0x400000
				_v36 = _t29;
				_v32 = 0;
				_v28 = GetCurrentThreadId();
				_v24 = 0;
				E0040E258(L"ControlOfs%.8X%.8X", 1,  &_v36,  &_v20);
				E00406448(0x50b0f4, _v20, 0x4697ab);
				_t35 =  *0x50b0f4; // 0x25edaa4
				 *0x50b0ee = GlobalAddAtomW(E004064D4(_t35));
				_t38 =  *0x50b0f4; // 0x25edaa4
				 *0x50b0f8 = RegisterWindowMessageW(E004064D4(_t38));
				 *0x50b130 = L00423814(1); // executed
				E00469138(); // executed
				 *0x50b0d8 = E00468ED0(1, 1);
				_t47 = E004793CC(1);
				_t81 =  *0x50501c; // 0x50b180
				 *_t81 = _t47;
				_t49 = E0047A828(0, 1);
				_t83 =  *0x504e38; // 0x50b17c
				 *_t83 = _t49;
				_t50 =  *0x504e38; // 0x50b17c
				E0047CE20( *_t50, 1);
				 *0x50b134 = L00459E5C(1);
				_t65 = GetModuleHandleW(L"USER32");
				_t56 =  *0x454388; // 0x45438c
				E00422EFC(_t56, 0x457be0, 0x457bf0);
				if(_t55 != 0) {
					 *0x503ab4 = E00409620(_t65, __esi, _t65, L"AnimateWindow");
				}
				_pop(_t87);
				 *[fs:eax] = _t87;
				_push(0x4697b2);
				L00406438( &_v20);
				return L00406438( &_v8);
			}

0x00469626
0x00469629
0x0046962c
0x00469631
0x0046963a
0x00469646
0x00469649
0x00469657
0x00469664
0x00469669
0x00469679
0x00469683
0x00469688
0x0046968b
0x00469694
0x00469697
0x004696a8
0x004696b5
0x004696ba
0x004696ca
0x004696d0
0x004696e0
0x004696f1
0x004696f6
0x00469707
0x00469715
0x0046971a
0x00469720
0x0046972b
0x00469730
0x00469736
0x00469738
0x00469741
0x00469754
0x00469763
0x0046976f
0x00469774
0x0046977b
0x00469788
0x00469788
0x0046978f
0x00469792
0x00469795
0x0046979d
0x004697aa

APIs

GetCurrentProcessId.KERNEL32(?,00000000,004697AB), ref: 00469641
GlobalAddAtomW.KERNEL32 ref: 00469674
GetCurrentThreadId.KERNEL32 ref: 0046968F
GlobalAddAtomW.KERNEL32 ref: 004696C5
RegisterWindowMessageW.USER32(00000000,00000000,?,00000000,?,00000000,004697AB), ref: 004696DB

Part of subcall function 00423814: InitializeCriticalSection.KERNEL32(00420E94,?,?,004696F1,00000000,00000000,?,00000000,?,00000000,004697AB), ref: 00423833

Part of subcall function 00469138: SetErrorMode.KERNEL32(00008000), ref: 00469151
Part of subcall function 00469138: GetModuleHandleW.KERNEL32(USER32,00000000,0046929E,?,00008000), ref: 00469175
Part of subcall function 00469138: LoadLibraryW.KERNEL32(imm32.dll,00000000,0046929E,?,00008000), ref: 0046919E
Part of subcall function 00469138: SetErrorMode.KERNEL32(?,004692A5,00008000), ref: 00469298

Part of subcall function 004793CC: GetKeyboardLayout.USER32 ref: 00479411
Part of subcall function 004793CC: GetDC.USER32(00000000), ref: 00479466
Part of subcall function 004793CC: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00479470
Part of subcall function 004793CC: ReleaseDC.USER32 ref: 0047947B

Part of subcall function 0047A828: OleInitialize.OLE32(00000000), ref: 0047A859
Part of subcall function 0047A828: LoadIconW.USER32(00400000,MAINICON), ref: 0047A944
Part of subcall function 0047A828: GetModuleFileNameW.KERNEL32(00400000,?,00000100,?,?,?,00469730,00000000,00000000,?,00000000,?,00000000,004697AB), ref: 0047A988

GetModuleHandleW.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004697AB), ref: 0046975E

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Strings

ControlOfs%.8X%.8X, xrefs: 004696A3
USER32, xrefs: 00469759
4YE, xrefs: 0046974A
Delphi%.8X, xrefs: 00469652
AnimateWindow, xrefs: 0046977D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Module$AtomCurrentErrorGlobalHandleInitializeLoadMode$AddressCapsCriticalDeviceFileIconKeyboardLayoutLibraryMessageNameProcProcessRegisterReleaseSectionThreadWindow
String ID: 4YE$AnimateWindow$ControlOfs%.8X%.8X$Delphi%.8X$USER32
API String ID: 2902964639-2600279602
Opcode ID: 7968c25497fd82bd1cd5d9b5be7d164db108b0ff4fd483f6d56e33063d0860d8
Instruction ID: dbbcc6664016fbe0662ba1cc9e706fe81c7e7fe52a1c5dd0642bc4d89a2b8b3e
Opcode Fuzzy Hash: 7968c25497fd82bd1cd5d9b5be7d164db108b0ff4fd483f6d56e33063d0860d8
Instruction Fuzzy Hash: B6418170A002059FD700FF6ADC92A9E77E8EB19308B51843BF415E73A2E7799D089B5D

Uniqueness

Uniqueness Score: -1.00%

Function 004AEE2C, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 238
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E004AEE2C(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _v8;
				signed int _v9;
				void* _v16;
				char _v20;
				int _v24;
				char _v28;
				int _v32;
				int _v36;
				short* _v40;
				char _v44;
				char _v48;
				char* _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				intOrPtr _v72;
				char* _v76;
				char _v80;
				char _v84;
				void* _t83;
				void* _t84;
				long _t93;
				signed int _t94;
				void* _t98;
				void* _t129;
				void* _t134;
				long _t139;
				long _t145;
				long _t170;
				long _t172;
				intOrPtr _t188;
				intOrPtr _t190;
				void* _t204;
				void* _t206;
				void* _t207;
				intOrPtr _t208;

				_t206 = _t207;
				_t208 = _t207 + 0xffffffb0;
				_push(__edi);
				_v44 = 0;
				_v48 = 0;
				_v64 = 0;
				_v80 = 0;
				_v84 = 0;
				_v60 = 0;
				_v8 = 0;
				_v9 = __ecx;
				_t204 = __edx;
				_push(_t206);
				_push(0x4af0e1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t208;
				_t84 = E0047FCE8(_t83, L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs", 0x80000002,  &_v20,  &_v16, 0, 3, 0, 0, 0); // executed
				_t169 = _t84;
				if(_t84 != 0) {
					L004ADD40(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs",  &_v60);
					_v56 = _v60;
					_v52 = L"Software\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs";
					L004ABB0C(0x44, 1,  &_v56,  &_v48);
					_push(_v48);
					_push(L"\r\n\r\n");
					_v76 = L"RegCreateKeyEx";
					E0040CF50( &_v80);
					_v72 = _v80;
					E0048087C(_t169,  &_v84);
					_v68 = _v84;
					L004ABB0C(0x3b, 2,  &_v76,  &_v64);
					_push(_v64);
					E004069F8( &_v44, 3, __edi);
					L00411930(_v44, 1);
					E00404A74();
				}
				_v40 = E004064D4(_t204);
				_v28 = 0;
				_v36 = 4;
				_push(_t206);
				_push(0x4af007);
				_push( *[fs:eax]);
				 *[fs:eax] = _t208;
				_t93 = RegQueryValueExW(_v16, _v40, 0,  &_v32, 0,  &_v24); // executed
				if(_t93 == 0) {
					_t129 = _v32 - 1;
					if(_t129 == 0) {
						__eflags = E0047FC48();
						if(__eflags != 0) {
							_v28 = L0040D1AC(_v8, __eflags);
							_v36 = 1;
						}
					} else {
						_t134 = _t129 - 2;
						if(_t134 == 0) {
							__eflags = _v24 - 1;
							if(_v24 >= 1) {
								__eflags = _v24 - 4;
								if(_v24 <= 4) {
									_t139 = RegQueryValueExW(_v16, _v40, 0, 0,  &_v28,  &_v24);
									__eflags = _t139;
									if(_t139 != 0) {
										L0041191C();
									}
									_v36 = 3;
								}
							}
						} else {
							if(_t134 == 1) {
								_v24 = 4;
								_t145 = RegQueryValueExW(_v16, _v40, 0, 0,  &_v28,  &_v24);
								__eflags = _t145;
								if(_t145 != 0) {
									L0041191C();
								}
							}
						}
					}
				}
				_t94 = 0;
				_pop(_t188);
				 *[fs:eax] = _t188;
				if(_v28 < 0) {
					_t94 = 0;
					_v28 = 0;
				}
				if(((_t94 & 0xffffff00 | _v28 == 0x00000000) & _v9) != 0) {
					_v28 = _v28 + 1;
				}
				_v28 = _v28 + 1;
				_t98 = _v36 - 1;
				if(_t98 == 0) {
					_push(0);
					E0040D15C( &_v8, _v28);
					_t170 = _v8;
					__eflags = _t170;
					if(_t170 != 0) {
						_t172 = _t170 - 4;
						__eflags = _t172;
						_t170 =  *_t172;
					}
					RegSetValueExW(_v16, _v40, 0, _v36, E004064D4(_v8), _t170 + 1 + _t170 + 1);
				} else {
					if(_t98 + 0xfffffffe - 2 < 0) {
						RegSetValueExW(_v16, _v40, 0, _v36,  &_v28, 4); // executed
					}
				}
				RegCloseKey(_v16);
				_pop(_t190);
				 *[fs:eax] = _t190;
				_push(0x4af0e8);
				L00406440( &_v84, 2);
				L00406440( &_v64, 2);
				L00406440( &_v48, 2);
				return L00406438( &_v8);
			}

0x004aee2d
0x004aee2f
0x004aee34
0x004aee37
0x004aee3a
0x004aee3d
0x004aee40
0x004aee43
0x004aee46
0x004aee49
0x004aee4c
0x004aee4f
0x004aee53
0x004aee54
0x004aee59
0x004aee5c
0x004aee7b
0x004aee80
0x004aee84
0x004aee96
0x004aee9e
0x004aeea6
0x004aeeb3
0x004aeeb8
0x004aeebb
0x004aeec9
0x004aeed1
0x004aeed9
0x004aeee1
0x004aeee9
0x004aeef6
0x004aeefb
0x004aef06
0x004aef15
0x004aef1a
0x004aef1a
0x004aef26
0x004aef2b
0x004aef2e
0x004aef37
0x004aef38
0x004aef3d
0x004aef40
0x004aef57
0x004aef5e
0x004aef67
0x004aef68
0x004aef85
0x004aef87
0x004aef91
0x004aef94
0x004aef94
0x004aef6a
0x004aef6a
0x004aef6d
0x004aef9d
0x004aefa1
0x004aefa3
0x004aefa7
0x004aefbd
0x004aefc2
0x004aefc4
0x004aefc6
0x004aefc6
0x004aefcb
0x004aefcb
0x004aefa7
0x004aef6f
0x004aef70
0x004aefd4
0x004aefef
0x004aeff4
0x004aeff6
0x004aeff8
0x004aeff8
0x004aeff6
0x004aef70
0x004aef6d
0x004aef68
0x004aeffd
0x004aefff
0x004af002
0x004af01a
0x004af01c
0x004af01e
0x004af01e
0x004af02b
0x004af02d
0x004af02d
0x004af030
0x004af036
0x004af037
0x004af048
0x004af04d
0x004af052
0x004af055
0x004af057
0x004af059
0x004af059
0x004af05c
0x004af05c
0x004af07b
0x004af039
0x004af03f
0x004af096
0x004af096
0x004af03f
0x004af09f
0x004af0a6
0x004af0a9
0x004af0ac
0x004af0b9
0x004af0c6
0x004af0d3
0x004af0e0

APIs

Part of subcall function 0047FCE8: RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0047FD14

RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?,00000000,004AF007,?,00000000,004AF0E1), ref: 004AEF57
RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,00000000,?,00000000,00000000,?,00000000,?,00000000,004AF007,?,00000000), ref: 004AF09F

Part of subcall function 0048087C: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,004AA95E,00000000,004AA9AF,?,004AAB90), ref: 0048089B

Strings

Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004AEEA1
Software\Microsoft\Windows\CurrentVersion\SharedDLLs, xrefs: 004AEE71
, xrefs: 004AEEBB
RegCreateKeyEx, xrefs: 004AEEC4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseCreateFormatMessageQueryValue
String ID: $RegCreateKeyEx$Software\Microsoft\Windows\CurrentVersion\SharedDLLs$Software\Microsoft\Windows\CurrentVersion\SharedDLLs
API String ID: 2481121983-1280779767
Opcode ID: d8c8f2cdde1f872bf47910edfc5e70aa99523c473e19c14e8c52499c8020057e
Instruction ID: f51b78526bea01417bc40a53339b9dfd601407e58267c8bc684484e66f61ddad
Opcode Fuzzy Hash: d8c8f2cdde1f872bf47910edfc5e70aa99523c473e19c14e8c52499c8020057e
Instruction Fuzzy Hash: 31910C71E00209AFDB10DFE5C982BEEB7B9EB59304F10402AF615F7281D7799A05CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0045772C, Relevance: 16.6, APIs: 11, Instructions: 91
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0045772C(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t29;
				void* _t32;
				void* _t38;
				void* _t42;
				void* _t46;
				void* _t54;
				intOrPtr* _t65;

				_t65 =  &_v8;
				_t29 =  *0x503abc; // 0x0
				 *((intOrPtr*)(_t29 + 0x24c)) = _a4;
				if(IsWindowUnicode(_a4) == 0) {
					_t32 =  *0x503abc; // 0x0
					SetWindowLongW(_a4, 0xfffffffc,  *(_t32 + 0x250));
					if((GetWindowLongW(_a4, 0xfffffff0) & 0x40000000) != 0 && GetWindowLongW(_a4, 0xfffffff4) == 0) {
						SetWindowLongW(_a4, 0xfffffff4, _a4);
					}
				} else {
					_t54 =  *0x503abc; // 0x0
					SetWindowLongW(_a4, 0xfffffffc,  *(_t54 + 0x250));
					if((GetWindowLongW(_a4, 0xfffffff0) & 0x40000000) != 0 && GetWindowLongW(_a4, 0xfffffff4) == 0) {
						SetWindowLongW(_a4, 0xfffffff4, _a4);
					}
				}
				_t38 =  *0x503abc; // 0x0
				SetPropW(_a4,  *0x50b0ee & 0x0000ffff, _t38);
				_t42 =  *0x503abc; // 0x0
				SetPropW(_a4,  *0x50b0ec & 0x0000ffff, _t42);
				_t46 =  *0x503abc; // 0x0
				 *0x503abc = 0; // executed
				_v8 =  *((intOrPtr*)(_t46 + 0x250))(_a4, _a8, _a12, _a16);
				return  *_t65;
			}

0x00457731
0x00457734
0x0045773c
0x0045774d
0x00457798
0x004577aa
0x004577bf
0x004577da
0x004577da
0x0045774f
0x0045774f
0x00457761
0x00457776
0x00457791
0x00457791
0x00457776
0x004577df
0x004577f1
0x004577f6
0x00457808
0x00457819
0x0045781e
0x0045782e
0x00457836

APIs

IsWindowUnicode.USER32(?), ref: 00457746
SetWindowLongW.USER32 ref: 00457761
GetWindowLongW.USER32(?,000000F0), ref: 0045776C
GetWindowLongW.USER32(?,000000F4), ref: 0045777E
SetWindowLongW.USER32 ref: 00457791
SetWindowLongW.USER32 ref: 004577AA
GetWindowLongW.USER32(?,000000F0), ref: 004577B5
GetWindowLongW.USER32(?,000000F4), ref: 004577C7
SetWindowLongW.USER32 ref: 004577DA
SetPropW.USER32(?,00000000,00000000), ref: 004577F1
SetPropW.USER32(?,00000000,00000000), ref: 00457808

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Long$Prop$Unicode
String ID:
API String ID: 1693715928-0
Opcode ID: 4e8e89fc14b60baab23b8e6bb04f0cab4a7c7f82b789d9dcf25034671e4204b2
Instruction ID: 125025efc1e0c9eb7fd862ca22611ef6d5d70f106df6353254ea4012160e3e6e
Opcode Fuzzy Hash: 4e8e89fc14b60baab23b8e6bb04f0cab4a7c7f82b789d9dcf25034671e4204b2
Instruction Fuzzy Hash: 1931F276604248BBDF10DF9DDC84D9A37ACAB08364F108626BD24DB6E2D338ED54DB54

Uniqueness

Uniqueness Score: -1.00%

Function 004780A4, Relevance: 15.2, APIs: 10, Instructions: 163
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 71%

			E004780A4(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v22;
				intOrPtr _v28;
				struct HWND__* _v32;
				char _v36;
				intOrPtr _t58;
				intOrPtr _t64;
				intOrPtr _t70;
				intOrPtr _t71;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t77;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr _t94;
				void* _t99;
				intOrPtr _t108;
				intOrPtr _t139;
				void* _t141;
				void* _t144;
				void* _t145;
				intOrPtr _t146;

				_t142 = __esi;
				_t141 = __edi;
				_t122 = __ebx;
				_t144 = _t145;
				_t146 = _t145 + 0xffffffe0;
				_push(__ebx);
				_push(__esi);
				_v36 = 0;
				_v8 = __eax;
				_push(_t144);
				_push(0x4783ce);
				_push( *[fs:eax]);
				 *[fs:eax] = _t146;
				L00459510();
				if( *((char*)(_v8 + 0x57)) != 0 ||  *((intOrPtr*)( *_v8 + 0x4c))() == 0 || ( *(_v8 + 0x374) & 0x00000008) != 0 ||  *((char*)(_v8 + 0x287)) == 1) {
					_t58 =  *0x504cd0; // 0x42e3f4
					E00408D5C(_t58,  &_v36);
					L00411930(_v36, 1);
					E00404A74();
				}
				if(GetCapture() != 0) {
					SendMessageW(GetCapture(), 0x1f, 0, 0);
				}
				ReleaseCapture();
				_t64 =  *0x50b17c; // 0x25b4140
				E0047AF6C(_t64);
				_push(_t144);
				_push(0x4783b1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t146;
				_v32 = GetActiveWindow();
				 *(_v8 + 0x374) =  *(_v8 + 0x374) | 0x00000008;
				if( *((char*)(_v8 + 0x338)) == 0) {
					_t108 =  *0x50b17c; // 0x25b4140
					if( *((char*)(_t108 + 0xcc)) != 0) {
						E0046006C(_v8);
						L004639EC(_v8);
						if(_v32 == 0 || IsWindow(_v32) == 0) {
							_v32 = GetActiveWindow();
						}
					}
				}
				_v20 = E00470A50();
				_t70 =  *0x50b180; // 0x25c26a0
				_t71 =  *0x50b180; // 0x25c26a0
				L00423594( *((intOrPtr*)(_t71 + 0x74)),  *((intOrPtr*)(_t70 + 0x70)), 0);
				_t74 =  *0x50b180; // 0x25c26a0
				 *((intOrPtr*)(_t74 + 0x70)) = _v8;
				_t75 =  *0x50b180; // 0x25c26a0
				_v22 =  *(_t75 + 0x44) & 0x0000ffff;
				_t77 =  *0x50b180; // 0x25c26a0
				L00479CA8(_t77, 0);
				_t79 =  *0x50b180; // 0x25c26a0
				_v28 =  *((intOrPtr*)(_t79 + 0x48));
				_t82 = E00470BFC(0, _t122, _t141, _t142); // executed
				_v16 = _t82;
				_push(_t144);
				_push(0x47838f);
				_push( *[fs:edx]);
				 *[fs:edx] = _t146;
				L00477FB4(_v8);
				_push(_t144);
				_push(0x4782d1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t146;
				SendMessageW(L00463A10(_v8), 0xb000, 0, 0);
				 *((intOrPtr*)(_v8 + 0x2a4)) = 0;
				do {
					_t89 =  *0x50b17c; // 0x25b4140
					E0047C3C0(_t89, _t141, _t142);
					_t91 =  *0x50b17c; // 0x25b4140
					if( *((char*)(_t91 + 0xa0)) == 0) {
						if( *((intOrPtr*)(_v8 + 0x2a4)) != 0) {
							L00477F14(_v8);
						}
					} else {
						 *((intOrPtr*)(_v8 + 0x2a4)) = 2;
					}
					_t94 =  *((intOrPtr*)(_v8 + 0x2a4));
				} while (_t94 == 0);
				_v12 = _t94;
				SendMessageW(L00463A10(_v8), 0xb001, 0, 0);
				_t99 = L00463A10(_v8);
				if(_t99 != GetActiveWindow()) {
					_v32 = 0;
				}
				_pop(_t139);
				 *[fs:eax] = _t139;
				_push(0x4782d8);
				return L00477FAC();
			}

0x004780a4
0x004780a4
0x004780a4
0x004780a5
0x004780a7
0x004780aa
0x004780ab
0x004780ae
0x004780b1
0x004780b6
0x004780b7
0x004780bc
0x004780bf
0x004780c2
0x004780ce
0x004780f7
0x004780fc
0x0047810b
0x00478110
0x00478110
0x0047811c
0x0047812a
0x0047812a
0x0047812f
0x00478134
0x00478139
0x00478140
0x00478141
0x00478146
0x00478149
0x00478151
0x00478157
0x00478168
0x0047816a
0x00478176
0x0047817b
0x00478183
0x0047818c
0x004781a0
0x004781a0
0x0047818c
0x00478176
0x004781a8
0x004781ab
0x004781b3
0x004781bd
0x004781c2
0x004781ca
0x004781cd
0x004781d6
0x004781dc
0x004781e1
0x004781e6
0x004781ee
0x004781f3
0x004781f8
0x004781fd
0x004781fe
0x00478203
0x00478206
0x0047820c
0x00478213
0x00478214
0x00478219
0x0047821c
0x00478231
0x0047823b
0x00478241
0x00478241
0x00478246
0x0047824b
0x00478257
0x00478272
0x00478277
0x00478277
0x00478259
0x0047825c
0x0047825c
0x0047827f
0x00478285
0x00478289
0x0047829e
0x004782a6
0x004782b4
0x004782b8
0x004782b8
0x004782bd
0x004782c0
0x004782c3
0x004782d0

APIs

GetCapture.USER32 ref: 00478115
GetCapture.USER32 ref: 00478124
SendMessageW.USER32(00000000,0000001F,00000000,00000000), ref: 0047812A
ReleaseCapture.USER32(00000000,004783CE), ref: 0047812F
GetActiveWindow.USER32 ref: 0047814C
IsWindow.USER32(00000000), ref: 00478192
GetActiveWindow.USER32 ref: 0047819B
SendMessageW.USER32(00000000,0000B000,00000000,00000000), ref: 00478231
SendMessageW.USER32(00000000,0000B001,00000000,00000000), ref: 0047829E
GetActiveWindow.USER32 ref: 004782AD

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$ActiveCaptureMessageSend$Release
String ID:
API String ID: 3054343883-0
Opcode ID: 380e25832662f9a853230bd91f9e79af2ab649b6389cd54e0c3e292cfbaebbe8
Instruction ID: 1011f0d6a0b22324e5b38a8d1e40496526cded5341397e34e6f9d31782d1d69e
Opcode Fuzzy Hash: 380e25832662f9a853230bd91f9e79af2ab649b6389cd54e0c3e292cfbaebbe8
Instruction Fuzzy Hash: 1A615270A40248DFEB10EF69C989B9E77F5FF45704F5484AAF404AB2A2DB789D04DB48

Uniqueness

Uniqueness Score: -1.00%

Function 00474420, Relevance: 15.1, APIs: 10, Instructions: 133
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 97%

			E00474420(intOrPtr* __eax, signed char __edx) {
				long _v12;
				long _v16;
				long _v20;
				intOrPtr* _t22;
				char* _t59;
				long _t69;
				void* _t74;
				int _t80;
				intOrPtr* _t85;
				long* _t88;

				_t22 = __eax;
				_t88 =  &_v12;
				_t85 = __eax;
				if(__edx ==  *(__eax + 0x281)) {
					L17:
					return _t22;
				}
				 *(__eax + 0x281) = __edx;
				if( *((char*)(__eax + 0x268)) == 0) {
					L4:
					_t80 = 0;
					L6:
					L00471F44(_t85, _t80);
					_t22 = L00463DBC(_t85);
					if(_t22 == 0) {
						goto L17;
					}
					if(( *(_t85 + 0x1c) & 0x00000010) == 0) {
						L10:
						_v20 = GetWindowLongW(L00463A10(_t85), 0xfffffff0);
						_v16 = GetWindowLongW(L00463A10(_t85), 0xffffffec);
						_v12 = GetClassLongW(L00463A10(_t85), 0xffffffe6);
						_push( &_v12);
						E004042A8(_t85, _t96);
						E004042A8(_t85, _t96);
						SetWindowLongW(L00463A10(_t85), 0xfffffff0,  *_t88);
						SetWindowLongW(L00463A10(_t85), 0xffffffec, _v20);
						SetClassLongW(L00463A10(_t85), 0xffffffe6, _v16);
						if(L00463DBC(_t85) != 0) {
							_t59 =  *0x504ca0; // 0x50b0e4
							if( *_t59 != 0) {
								if( *((char*)(_t85 + 0x281)) == 3) {
									SendMessageW(L00463A10(_t85), 0x80, 1, 0);
								} else {
									_t69 = E00476570(_t85);
									SendMessageW(L00463A10(_t85), 0x80, 1, _t69); // executed
								}
							}
							GetSystemMenu(L00463A10(_t85), 0xffffffff);
							E0045C458(_t85, 0, 0x81, 0); // executed
						}
						SetWindowPos(L00463A10(_t85), 0, 0, 0, 0, 0, 0x37);
						return  *((intOrPtr*)( *_t85 + 0x80))();
					}
					if(( *(_t85 + 0x1c) & 0x00000010) == 0) {
						goto L17;
					}
					_t96 =  *((intOrPtr*)(_t85 + 0x30));
					if( *((intOrPtr*)(_t85 + 0x30)) == 0) {
						goto L17;
					}
					goto L10;
				}
				_t74 = ( *(__eax + 0x281) & 0x000000ff) - 2;
				if(_t74 == 0 || _t74 == 3) {
					_t80 = 1;
					goto L6;
				} else {
					goto L4;
				}
			}

0x00474420
0x00474422
0x00474425
0x0047442d
0x004745bc
0x004745bc
0x004745bc
0x00474433
0x00474440
0x00474451
0x00474451
0x00474457
0x00474459
0x00474460
0x00474467
0x00000000
0x00000000
0x00474471
0x00474487
0x00474496
0x004744a8
0x004744bb
0x004744c3
0x004744d2
0x004744e3
0x004744f6
0x0047450a
0x0047451e
0x0047452c
0x0047452e
0x00474536
0x0047453f
0x00474570
0x00474541
0x00474543
0x00474558
0x00474558
0x0047453f
0x0047457f
0x0047458f
0x0047458f
0x004745a8
0x00000000
0x004745b1
0x00474477
0x00000000
0x00000000
0x0047447d
0x00474481
0x00000000
0x00000000
0x00000000
0x00474481
0x00474449
0x0047444b
0x00474455
0x00000000
0x00000000
0x00000000
0x00000000

APIs

GetWindowLongW.USER32(00000000,000000F0), ref: 00474491
GetWindowLongW.USER32(00000000,000000EC), ref: 004744A3
GetClassLongW.USER32(00000000,000000E6), ref: 004744B6
SetWindowLongW.USER32 ref: 004744F6
SetWindowLongW.USER32 ref: 0047450A
SetClassLongW.USER32(00000000,000000E6,?), ref: 0047451E
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00474558
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00474570
GetSystemMenu.USER32(00000000,000000FF,00000000,000000E6,?,00000000,000000EC,?,00000000,000000F0,00000000,?,00000000,000000EC,00000000,000000F0), ref: 0047457F
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000037,00000000,000000E6,?,00000000,000000EC,?,00000000,000000F0,00000000), ref: 004745A8

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Long$Window$ClassMessageSend$MenuSystem
String ID:
API String ID: 494549727-0
Opcode ID: fd2a442789ba486d97912f1be2c9dea9f1b08cc32740a22f707074a0201fc805
Instruction ID: 6bde442644add904aef0f3c480088742fb8a5dcf9d70a4a041b36557313e0d6e
Opcode Fuzzy Hash: fd2a442789ba486d97912f1be2c9dea9f1b08cc32740a22f707074a0201fc805
Instruction Fuzzy Hash: 0C41087070828076DA01FB7D4C46BBE76891FC1308F08861AB594AB2D3CB7D9D61E34E

Uniqueness

Uniqueness Score: -1.00%

Function 0047A828, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 150
comwindowCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E0047A828(void* __ecx, char __edx) {
				char _v5;
				short _v518;
				void* __ebx;
				void* __ebp;
				intOrPtr _t52;
				signed int _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				struct HINSTANCE__** _t69;
				intOrPtr _t74;
				struct HINSTANCE__** _t78;
				void* _t82;
				short* _t84;
				intOrPtr _t90;
				signed int _t91;
				intOrPtr _t98;
				intOrPtr* _t105;
				intOrPtr* _t106;
				intOrPtr _t108;
				void* _t109;
				char _t111;
				intOrPtr _t123;
				void* _t125;
				void* _t126;

				_t111 = __edx;
				_t109 = __ecx;
				if(__edx != 0) {
					_t126 = _t126 + 0xfffffff0;
					_t52 = E004044D0(_t52, _t125);
				}
				_v5 = _t111;
				_t108 = _t52;
				E0042AC2C(_t109, 0);
				_t55 =  *0x5049bc; // 0x506040
				if( *_t55 == 0) {
					_push(0); // executed
					L004150FC(); // executed
					 *((char*)(_t108 + 0x17c)) = _t55 & 0xffffff00 | (_t55 & 0x80000000) == 0x00000000;
				}
				_t56 =  *0x504d38; // 0x502ea4
				if( *((short*)(_t56 + 2)) == 0) {
					_t106 =  *0x504d38; // 0x502ea4
					 *((intOrPtr*)(_t106 + 4)) = _t108;
					 *_t106 = 0x47c7e4;
				}
				_t57 =  *0x504e64; // 0x502eac
				if( *((short*)(_t57 + 2)) == 0) {
					_t105 =  *0x504e64; // 0x502eac
					 *((intOrPtr*)(_t105 + 4)) = _t108;
					 *_t105 = E0047C9F4;
				}
				 *((char*)(_t108 + 0x31)) = 0;
				_t123 = E00430B5C(1);
				 *((intOrPtr*)(_t108 + 0x38)) = _t123;
				 *((intOrPtr*)(_t123 + 0xc)) = _t108;
				 *((intOrPtr*)(_t123 + 8)) = 0x47ce78;
				 *((intOrPtr*)(_t108 + 0x8c)) = E00404068(1);
				 *((intOrPtr*)(_t108 + 0xac)) = E00404068(1);
				 *((intOrPtr*)(_t108 + 0x5c)) = 0;
				 *((intOrPtr*)(_t108 + 0x80)) = 0;
				 *((intOrPtr*)(_t108 + 0x58)) = 0xff000018;
				 *((intOrPtr*)(_t108 + 0x74)) = 0x1f4;
				 *((char*)(_t108 + 0x78)) = 1;
				 *((intOrPtr*)(_t108 + 0x7c)) = 0;
				 *((intOrPtr*)(_t108 + 0x70)) = 0x9c4;
				 *((char*)(_t108 + 0x84)) = 0;
				 *((char*)(_t108 + 0xa1)) = 1;
				 *((char*)(_t108 + 0xb8)) = 1;
				 *((intOrPtr*)(_t108 + 0x9c)) = E00436DCC(1);
				_t69 =  *0x504ba4; // 0x506038
				E004371D0(_t68, LoadIconW( *_t69, L"MAINICON"));
				_t28 = _t108 + 0x9c; // 0x1e140047
				_t74 =  *_t28;
				 *((intOrPtr*)(_t74 + 0x14)) = _t108;
				 *((intOrPtr*)(_t74 + 0x10)) = 0x47d128;
				 *((intOrPtr*)(_t108 + 0x94)) = E00404068(1);
				_t78 =  *0x504ba4; // 0x506038
				GetModuleFileNameW( *_t78,  &_v518, 0x100);
				_t82 = E0040E008(0x5c);
				_t134 = _t82;
				if(_t82 != 0) {
					_t34 = _t82 + 2; // 0x2
					L0040DD98( &_v518, _t34, _t134);
				}
				_t84 = L0040DFF0( &_v518, 0x2e);
				if(_t84 != 0) {
					 *_t84 = 0;
				}
				CharLowerW(CharNextW( &_v518));
				_t38 = _t108 + 0x88; // 0x470a08
				E00406640(_t38, 0x100,  &_v518);
				_t90 = E00470EF4(0x47c1b4, _t108); // executed
				 *((intOrPtr*)(_t108 + 0x178)) = _t90;
				 *((char*)(_t108 + 0xcc)) = 0;
				_t91 =  *0x5049bc; // 0x506040
				if( *_t91 == 0) {
					E0047ABF0(_t108, _t108, 0x100); // executed
				}
				 *((char*)(_t108 + 0x55)) = 1;
				 *((char*)(_t108 + 0x56)) = 1;
				 *((char*)(_t108 + 0x57)) = 1;
				 *((char*)(_t108 + 0xa2)) = 1;
				 *((char*)(_t108 + 0xcd)) = 0;
				 *((char*)(_t108 + 0xd8)) = 0;
				 *((intOrPtr*)(_t108 + 0xd0)) = 0;
				 *((char*)(_t108 + 0xcf)) = 0;
				 *((intOrPtr*)(_t108 + 0xa4)) = 0;
				L0047D350(_t108, 0x100);
				L0047DF14(_t108);
				_t98 = _t108;
				if(_v5 != 0) {
					E00404528(_t98);
					_pop( *[fs:0x0]);
				}
				return _t108;
			}

0x0047a828
0x0047a828
0x0047a835
0x0047a837
0x0047a83a
0x0047a83a
0x0047a83f
0x0047a842
0x0047a848
0x0047a84d
0x0047a855
0x0047a857
0x0047a859
0x0047a866
0x0047a866
0x0047a86c
0x0047a876
0x0047a878
0x0047a87d
0x0047a880
0x0047a880
0x0047a886
0x0047a890
0x0047a892
0x0047a897
0x0047a89a
0x0047a89a
0x0047a8a0
0x0047a8b0
0x0047a8b2
0x0047a8b5
0x0047a8b8
0x0047a8cb
0x0047a8dd
0x0047a8e5
0x0047a8ea
0x0047a8f0
0x0047a8f7
0x0047a8fe
0x0047a904
0x0047a907
0x0047a90e
0x0047a915
0x0047a91c
0x0047a931
0x0047a93c
0x0047a94d
0x0047a952
0x0047a952
0x0047a958
0x0047a95b
0x0047a96e
0x0047a980
0x0047a988
0x0047a997
0x0047a99c
0x0047a99e
0x0047a9a0
0x0047a9a9
0x0047a9a9
0x0047a9b8
0x0047a9bf
0x0047a9c1
0x0047a9c1
0x0047a9d3
0x0047a9d8
0x0047a9e9
0x0047a9f4
0x0047a9f9
0x0047a9ff
0x0047aa06
0x0047aa0e
0x0047aa12
0x0047aa12
0x0047aa17
0x0047aa1b
0x0047aa1f
0x0047aa23
0x0047aa2a
0x0047aa31
0x0047aa3a
0x0047aa40
0x0047aa49
0x0047aa51
0x0047aa58
0x0047aa5d
0x0047aa63
0x0047aa65
0x0047aa6a
0x0047aa71
0x0047aa7b

APIs

OleInitialize.OLE32(00000000), ref: 0047A859
LoadIconW.USER32(00400000,MAINICON), ref: 0047A944
GetModuleFileNameW.KERNEL32(00400000,?,00000100,?,?,?,00469730,00000000,00000000,?,00000000,?,00000000,004697AB), ref: 0047A988
CharNextW.USER32(?,00400000,?,00000100,?,?,?,00469730,00000000,00000000,?,00000000,?,00000000,004697AB), ref: 0047A9CD
CharLowerW.USER32(00000000,?,00400000,?,00000100,?,?,?,00469730,00000000,00000000,?,00000000,?,00000000,004697AB), ref: 0047A9D3

Part of subcall function 0047ABF0: GetClassInfoW.USER32 ref: 0047AC52
Part of subcall function 0047ABF0: RegisterClassW.USER32 ref: 0047AC6A
Part of subcall function 0047ABF0: SetWindowLongW.USER32 ref: 0047AD0A
Part of subcall function 0047ABF0: SendMessageW.USER32(8840C01B,00000080,00000001,00000000), ref: 0047AD2F

Strings

8`P, xrefs: 0047A93C, 0047A980
MAINICON, xrefs: 0047A937
@`P, xrefs: 0047A84D, 0047AA06

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CharClass$FileIconInfoInitializeLoadLongLowerMessageModuleNameNextRegisterSendWindow
String ID: 8`P$@`P$MAINICON
API String ID: 896494604-2479441349
Opcode ID: 1e5fd95e3d02b66ebac675ce727d18af330e138452b531cbecc1c41017ffe821
Instruction ID: 4598063fd3f050a30bd4bb6a08bc362ac08fa802665ce3c87ab879b9158c036f
Opcode Fuzzy Hash: 1e5fd95e3d02b66ebac675ce727d18af330e138452b531cbecc1c41017ffe821
Instruction Fuzzy Hash: D56160706002408FDB50EF79C885B8A3BE4AF55308F4484BAED48DF397D7B99848CB66

Uniqueness

Uniqueness Score: -1.00%

Function 0045F97C, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 134
registryCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E0045F97C(intOrPtr* __eax, intOrPtr __ebx, void* __edi, void* __esi) {
				short _v132;
				struct _WNDCLASSW _v172;
				intOrPtr _v180;
				signed char _v201;
				void* _v208;
				struct _WNDCLASSW _v248;
				char _v252;
				char _v256;
				char _v260;
				int _t52;
				void* _t53;
				intOrPtr _t86;
				intOrPtr _t105;
				intOrPtr _t109;
				void* _t110;
				intOrPtr* _t112;
				void* _t116;

				_t110 = __edi;
				_t94 = __ebx;
				_push(__ebx);
				_push(__esi);
				_v260 = 0;
				_t112 = __eax;
				_push(_t116);
				_push(0x45fb5b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t116 + 0xffffff00;
				 *((intOrPtr*)( *__eax + 0x9c))();
				if(_v180 != 0 || (_v201 & 0x00000040) == 0) {
					L7:
					 *((intOrPtr*)(_t112 + 0x248)) = _v172.lpfnWndProc;
					_t52 = GetClassInfoW(_v172.hInstance,  &_v132,  &_v248);
					asm("sbb eax, eax");
					_t53 = _t52 + 1;
					if(_t53 == 0 || E0045772C != _v248.lpfnWndProc) {
						if(_t53 != 0) {
							UnregisterClassW( &_v132, _v172.hInstance);
						}
						_v172.lpfnWndProc = E0045772C;
						_v172.lpszClassName =  &_v132;
						if(RegisterClassW( &_v172) == 0) {
							L004135BC();
						}
					}
					 *0x503abc = _t112;
					_t96 =  *_t112; // executed
					 *((intOrPtr*)( *_t112 + 0xa0))();
					if( *(_t112 + 0x24c) == 0) {
						L004135BC();
					}
					if((GetWindowLongW( *(_t112 + 0x24c), 0xfffffff0) & 0x40000000) != 0 && GetWindowLongW( *(_t112 + 0x24c), 0xfffffff4) == 0) {
						SetWindowLongW( *(_t112 + 0x24c), 0xfffffff4,  *(_t112 + 0x24c));
					}
					E0040E15C( *((intOrPtr*)(_t112 + 0x16c)));
					 *((intOrPtr*)(_t112 + 0x16c)) = 0;
					L00463DC8(_t112);
					E0045C458(_t112, E00430D88( *((intOrPtr*)(_t112 + 0x64)), _t94, _t96, _t110, _t112), 0x30, 1); // executed
					_t131 =  *((char*)(_t112 + 0x5c));
					if( *((char*)(_t112 + 0x5c)) != 0) {
						E004042A8(_t112, _t131);
					}
					_pop(_t105);
					 *[fs:eax] = _t105;
					_push(0x45fb62);
					return L00406438( &_v260);
				} else {
					_t94 =  *((intOrPtr*)(__eax + 4));
					if(_t94 == 0 || ( *(_t94 + 0x1c) & 0x00000002) == 0) {
						L6:
						_v256 =  *((intOrPtr*)(_t112 + 8));
						_v252 = 0x11;
						_push( &_v256);
						_t86 =  *0x504e94; // 0x42e3d4
						E00408D5C(_t86,  &_v260, 0);
						L0041196C(_t94, _v260, 1, _t110, _t112);
						E00404A74();
					} else {
						_t109 =  *0x4561d8; // 0x456230
						if(E00404238(_t94, _t109) == 0) {
							goto L6;
						}
						_v180 = L00463A10(_t94);
					}
					goto L7;
				}
			}

0x0045f97c
0x0045f97c
0x0045f985
0x0045f986
0x0045f989
0x0045f98f
0x0045f993
0x0045f994
0x0045f999
0x0045f99c
0x0045f9a9
0x0045f9b6
0x0045fa2e
0x0045fa34
0x0045fa4c
0x0045fa54
0x0045fa56
0x0045fa59
0x0045fa6a
0x0045fa77
0x0045fa77
0x0045fa7c
0x0045fa89
0x0045fa9e
0x0045faa0
0x0045faa0
0x0045fa9e
0x0045faa5
0x0045fab3
0x0045fab5
0x0045fac2
0x0045fac4
0x0045fac4
0x0045fadc
0x0045fafa
0x0045fafa
0x0045fb05
0x0045fb0c
0x0045fb14
0x0045fb2c
0x0045fb31
0x0045fb35
0x0045fb3d
0x0045fb3d
0x0045fb44
0x0045fb47
0x0045fb4a
0x0045fb5a
0x0045f9c1
0x0045f9c1
0x0045f9c6
0x0045f9ee
0x0045f9f1
0x0045f9f7
0x0045fa04
0x0045fa0d
0x0045fa12
0x0045fa24
0x0045fa29
0x0045f9ce
0x0045f9d0
0x0045f9dd
0x00000000
0x00000000
0x0045f9e6
0x0045f9e6
0x00000000
0x0045f9c6

APIs

GetClassInfoW.USER32 ref: 0045FA4C
UnregisterClassW.USER32 ref: 0045FA77
RegisterClassW.USER32 ref: 0045FA96
GetWindowLongW.USER32(00000000,000000F0), ref: 0045FAD2
GetWindowLongW.USER32(00000000,000000F4), ref: 0045FAE7
SetWindowLongW.USER32 ref: 0045FAFA

Strings

@, xrefs: 0045F9B8
0bE, xrefs: 0045F9D0

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ClassLongWindow$InfoRegisterUnregister
String ID: 0bE$@
API String ID: 717780171-122265358
Opcode ID: 3aa0ceecc46ffffc999964e51a48648b94f92615caab160b6aa7f284f36262f7
Instruction ID: bb4addde47a978899e9994ef4f08d1b2e8de62353fa3dc6971f42be30fd904fc
Opcode Fuzzy Hash: 3aa0ceecc46ffffc999964e51a48648b94f92615caab160b6aa7f284f36262f7
Instruction Fuzzy Hash: 4A51A5706003549BDB20EF69CC41B9A73A9AF05305F1045BAF949D7292DB78AD88CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 0046163C, Relevance: 13.7, APIs: 9, Instructions: 192
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E0046163C(intOrPtr* __eax, void* __edx, void* __edi) {
				intOrPtr* _v8;
				struct HDC__* _v12;
				struct HBITMAP__* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v68;
				intOrPtr _v72;
				int _v76;
				struct tagPAINTSTRUCT _v88;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t62;
				struct HDC__* _t100;
				void* _t123;
				void* _t125;
				signed int _t151;
				signed int _t154;
				intOrPtr _t158;
				signed int _t159;
				void* _t163;
				struct HDC__* _t165;
				void* _t168;
				void* _t170;
				intOrPtr _t171;

				_t162 = __edi;
				_t168 = _t170;
				_t171 = _t170 + 0xffffffac;
				_push(_t163);
				_t123 = __edx;
				_v8 = __eax;
				if( *((char*)(_v8 + 0x254)) == 0 ||  *((intOrPtr*)(__edx + 4)) != 0) {
					if(( *(_v8 + 0x55) & 0x00000001) != 0 || L0045F6DC(_v8) != 0) {
						_t62 = E00460EBC(_v8, _t123, _t123, _t162, _t163); // executed
					} else {
						_t62 =  *((intOrPtr*)( *_v8 - 0x10))();
					}
					return _t62;
				} else {
					if(L00439660(_t125) == 0) {
						_t165 = BeginPaint(L00463A10(_v8),  &_v88);
						_v16 = CreateCompatibleBitmap(_t165, _v72 - _v88.rcPaint, _v68 - _v76);
						_push(_t168);
						_push(0x46188c);
						_push( *[fs:ecx]);
						 *[fs:ecx] = _t171;
						_v12 = CreateCompatibleDC(_t165);
						_v20 = SelectObject(_v12, _v16);
						_push(_t168);
						_push(0x461853);
						_push( *[fs:ecx]);
						 *[fs:ecx] = _t171;
						SetWindowOrgEx(_v12, _v88.rcPaint, _v76, 0);
						E0045C458(_v8, _v12, 0x14, _v12);
						 *((intOrPtr*)(_t123 + 4)) = _v12;
						E0046163C(_v8, _t123, __edi);
						 *((intOrPtr*)(_t123 + 4)) = 0;
						_t150 = _v76;
						BitBlt(_t165, _v88.rcPaint, _v76, _v72 - _v88.rcPaint, _v68 - _v76, _v12, _v88.rcPaint, _t150, 0xcc0020);
						_pop(_t151);
						 *[fs:eax] = _t151;
						_push(0x46185a);
						return SelectObject(_v12, _v20);
					} else {
						_t100 = BeginPaint(L00463A10(_v8),  &_v88);
						_push(_t168);
						_push(0x461770);
						_push( *[fs:edx]);
						 *[fs:edx] = _t171;
						_v24 = E00438630(_t100,  &(_v88.rcPaint),  &_v12, 0);
						if(_v24 == 0) {
							_pop(_t154);
							 *[fs:eax] = _t154;
							_push(0x461893);
							return EndPaint(L00463A10(_v8),  &_v88);
						} else {
							_push(_t168);
							_push(0x461749);
							_push( *[fs:edx]);
							 *[fs:edx] = _t171;
							E0045C458(_v8, _v12, 0x14, _v12);
							E0045C458(_v8, _v12, 0x318, 4);
							_t158 =  *0x46f2d0; // 0x46f328
							if(E00404238(_v8, _t158) == 0) {
								E0043874C(_v24, 0xff,  &(_v88.rcPaint));
							}
							_pop(_t159);
							 *[fs:eax] = _t159;
							_push(0x461750);
							return E004386D0(_v24, _t159 | 0xffffffff);
						}
					}
				}
			}

0x0046163c
0x0046163d
0x0046163f
0x00461643
0x00461644
0x00461646
0x00461653
0x00461662
0x00461684
0x00461670
0x00461677
0x00461677
0x00461898
0x0046168e
0x00461695
0x00461789
0x0046179f
0x004617a4
0x004617a5
0x004617aa
0x004617ad
0x004617b6
0x004617c6
0x004617cb
0x004617cc
0x004617d1
0x004617d4
0x004617e5
0x004617f9
0x00461801
0x00461809
0x00461810
0x00461818
0x00461833
0x0046183a
0x0046183d
0x00461840
0x00461852
0x0046169b
0x004616a8
0x004616b1
0x004616b2
0x004616b7
0x004616ba
0x004616d2
0x004616d9
0x00461752
0x00461755
0x00461758
0x0046176f
0x004616db
0x004616dd
0x004616de
0x004616e3
0x004616e6
0x004616f8
0x0046170a
0x00461712
0x0046171f
0x0046172b
0x0046172b
0x00461732
0x00461735
0x00461738
0x00461748
0x00461748
0x004616d9
0x00461695

APIs

BeginPaint.USER32(00000000,?), ref: 004616A8

Part of subcall function 00460EBC: BeginPaint.USER32(00000000,?), ref: 00460EE7
Part of subcall function 00460EBC: EndPaint.USER32(00000000,?,00461022), ref: 00461015

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Paint$Begin
String ID:
API String ID: 3787552996-0
Opcode ID: 7c409f4ab0597410b05749fba46433bfd8b4f4b8770711e8726df9f751545dc2
Instruction ID: d46ae31251de83a97f6ba12247c19facf33136aff6cd86709a6d8903bde49e13
Opcode Fuzzy Hash: 7c409f4ab0597410b05749fba46433bfd8b4f4b8770711e8726df9f751545dc2
Instruction Fuzzy Hash: E6614575A00148AFDB04EFE9C951EAEBBF9EB49304F14406AF504E7361D738AE01CB55

Uniqueness

Uniqueness Score: -1.00%

Function 004458BC, Relevance: 13.7, APIs: 9, Instructions: 170
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E004458BC(intOrPtr* __eax, void* __ecx, void* __edx) {
				intOrPtr _v8;
				struct tagRECT _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				void* __edi;
				void* __ebp;
				void* _t86;
				intOrPtr* _t151;
				void* _t153;
				intOrPtr _t166;
				void* _t178;
				signed int _t180;
				void* _t183;
				void* _t185;
				void* _t187;
				intOrPtr _t188;

				_t153 = __ecx;
				_t185 = _t187;
				_t188 = _t187 + 0xffffffdc;
				_push(_t178);
				_t151 = __eax;
				_t86 = E0046163C(__eax, __edx, _t178); // executed
				if( *(_t151 + 0x1a9) == 0) {
					return _t86;
				} else {
					_v8 = L00431848(_t153, 1);
					 *[fs:eax] = _t188;
					L00459890(_v8, _t151);
					 *((intOrPtr*)( *_t151 + 0x44))( *[fs:eax], 0x445aec, _t185);
					L004316B8( *((intOrPtr*)(_v8 + 0x14)),  *_t151,  *((intOrPtr*)(_t151 + 0x6c)), _t178, _t185);
					L00431F18(_v8,  &_v24, _t178);
					InflateRect( &_v24, 0xffffffff, 0xffffffff);
					L00431F18(_v8,  &_v24, _t178);
					if( *(_t151 + 0x1a9) != 0) {
						if( *(_t151 + 0x1a8) != 0) {
							_t183 = _t183 +  *((intOrPtr*)(_t151 + 0x1ac));
						}
						if(_t183 == 0) {
							 *((intOrPtr*)( *_t151 + 0x44))();
							L004316B8( *((intOrPtr*)(_v8 + 0x14)),  *_t151,  *((intOrPtr*)(_t151 + 0x6c)), _t178, _t185);
							L00431F18(_v8,  &_v24, _t178);
							InflateRect( &_v24, 0xffffffff, 0xffffffff);
							L00431F18(_v8,  &_v24, _t178);
						}
						E0045A97C(_t151,  &_v40);
						_t180 = GetWindowLongW(E00432554(_v8), 0xfffffff0);
						if(( *(_t151 + 0x1a6) & 0x00000001) != 0) {
							_v40 = _v40 - _t183;
						}
						if(( *(_t151 + 0x1a6) & 0x00000002) != 0) {
							_v36 = _v36 - _t183;
						}
						if(( *(_t151 + 0x1a6) & 0x00000004) != 0) {
							_v32 = _v32 + _t183;
						}
						if((_t180 & 0x00200000) != 0) {
							_v32 = _v32 + GetSystemMetrics(0x14);
						}
						if(( *(_t151 + 0x1a6) & 0x00000008) != 0) {
							_v28 = _v28 + _t183;
						}
						if((_t180 & 0x00100000) != 0) {
							_v28 = _v28 + GetSystemMetrics(0x15);
						}
						 *((intOrPtr*)( *_t151 + 0x44))();
						DrawEdge(E00432554(_v8),  &_v24,  *(0x5037d8 + ( *(_t151 + 0x1a7) & 0x000000ff) * 4) |  *(0x5037e8 + ( *(_t151 + 0x1a8) & 0x000000ff) * 4),  *(_t151 + 0x1a6) & 0x000000ff |  *(0x5037f8 + ( *(_t151 + 0x1a9) & 0x000000ff) * 4) |  *(0x503808 + ( *(_t151 + 0x1e1) & 0x000000ff) * 4) | 0x00002000);
						_v24.left = _v24.right - GetSystemMetrics(0xa);
						if( *((char*)(_t151 + 0x2d6)) != 1) {
							if(L00443CE8(_t151) == 0) {
								DrawFrameControl(E00432554(_v8),  &_v24, 3, 0x4005);
							} else {
								DrawFrameControl(E00432554(_v8),  &_v24, 3, 0x4005);
							}
						}
					}
					_pop(_t166);
					 *[fs:eax] = _t166;
					_push(0x445af3);
					return E00404098(_v8);
				}
			}

0x004458bc
0x004458bd
0x004458bf
0x004458c4
0x004458c5
0x004458c9
0x004458d5
0x00445af9
0x004458db
0x004458e7
0x004458f5
0x004458fd
0x00445909
0x00445915
0x00445920
0x0044592d
0x00445938
0x00445944
0x00445964
0x0044596c
0x0044596c
0x00445970
0x00445979
0x00445985
0x00445990
0x0044599d
0x004459a8
0x004459a8
0x004459b2
0x004459c7
0x004459d0
0x004459d2
0x004459d2
0x004459dc
0x004459de
0x004459de
0x004459e8
0x004459ea
0x004459ea
0x004459f3
0x004459fc
0x004459fc
0x00445a06
0x00445a08
0x00445a08
0x00445a11
0x00445a1a
0x00445a1a
0x00445a24
0x00445a7a
0x00445a8b
0x00445a95
0x00445aa0
0x00445ad1
0x00445aa2
0x00445ab6
0x00445ab6
0x00445aa0
0x00445a95
0x00445ad8
0x00445adb
0x00445ade
0x00445aeb
0x00445aeb

APIs

Part of subcall function 00431848: InitializeCriticalSection.KERNEL32(00433F14,00433ED8,00000000,00000001,0043406E,00000000,?,00000000,00435659), ref: 00431868

Part of subcall function 00431F18: FrameRect.USER32 ref: 00431F41

InflateRect.USER32(?,000000FF,000000FF), ref: 0044592D
InflateRect.USER32(?,000000FF,000000FF), ref: 0044599D
GetWindowLongW.USER32(00000000,000000F0), ref: 004459C2
GetSystemMetrics.USER32 ref: 004459F7
GetSystemMetrics.USER32 ref: 00445A15
DrawEdge.USER32(00000000,?,00000000,00000008), ref: 00445A7A
GetSystemMetrics.USER32 ref: 00445A81
DrawFrameControl.USER32 ref: 00445AB6
DrawFrameControl.USER32 ref: 00445AD1

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DrawFrameMetricsRectSystem$ControlInflate$CriticalEdgeInitializeLongSectionWindow
String ID:
API String ID: 1915978996-0
Opcode ID: 03f134dd0134301db97ce73585b55a69737ace2bf493c903886dc178de53db3e
Instruction ID: e5c7667d68e5aa7310727093ebd7b4fe04d5cf93aebfcfcf51c9aee4529f5956
Opcode Fuzzy Hash: 03f134dd0134301db97ce73585b55a69737ace2bf493c903886dc178de53db3e
Instruction Fuzzy Hash: 7F618170A04245AFEF01EF69C985BDE77F4AF06314F280176A940BB297D7789E04CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00479D8C, Relevance: 13.6, APIs: 9, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00479D8C(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				signed char _v5;
				struct tagLOGFONTW _v100;
				struct tagLOGFONTW _v192;
				struct tagLOGFONTW _v284;
				struct tagLOGFONTW _v376;
				void _v600;
				void* _t27;
				int _t31;
				void* _t34;
				void* _t37;
				intOrPtr _t47;
				struct HFONT__* _t50;
				struct HFONT__* _t54;
				struct HFONT__* _t58;
				struct HFONT__* _t62;
				intOrPtr _t65;
				intOrPtr _t67;
				void* _t70;
				intOrPtr _t81;
				void* _t92;
				void* _t93;
				intOrPtr _t94;

				_t92 = _t93;
				_t94 = _t93 + 0xfffffdac;
				_t70 = __eax;
				_v5 = 0;
				if( *0x50b17c != 0) {
					_t67 =  *0x50b17c; // 0x25b4140
					_v5 =  *(_t67 + 0x84) & 0x000000ff;
				}
				_push(_t92);
				_push(0x479f07);
				_push( *[fs:eax]);
				 *[fs:eax] = _t94;
				if( *0x50b17c != 0) {
					_t65 =  *0x50b17c; // 0x25b4140
					E0047CE20(_t65, 0);
				}
				if(SystemParametersInfoW(0x1f, 0x5c,  &_v100, 0) == 0) {
					_t27 = GetStockObject(0xd);
					_t7 = _t70 + 0x7c; // 0x61727241
					E00430FA4( *_t7, _t27);
				} else {
					_t62 = CreateFontIndirectW( &_v100);
					_t6 = _t70 + 0x7c; // 0x61727241
					E00430FA4( *_t6, _t62);
				}
				_v600 = 0x1f4;
				_t31 = SystemParametersInfoW(0x29, 0,  &_v600, 0); // executed
				if(_t31 == 0) {
					_t16 = _t70 + 0x78; // 0x6d726f46
					E004310D8( *_t16, 8);
					_t34 = GetStockObject(0xd);
					_t17 = _t70 + 0x80; // 0xc79
					E00430FA4( *_t17, _t34);
					_t37 = GetStockObject(0xd);
					_t18 = _t70 + 0x84; // 0x0
					E00430FA4( *_t18, _t37);
				} else {
					_t50 = CreateFontIndirectW( &_v284);
					_t11 = _t70 + 0x78; // 0x6d726f46
					E00430FA4( *_t11, _t50);
					_t54 = CreateFontIndirectW( &_v376);
					_t13 = _t70 + 0x80; // 0xc79
					E00430FA4( *_t13, _t54);
					_t58 = CreateFontIndirectW( &_v192);
					_t15 = _t70 + 0x84; // 0x0
					E00430FA4( *_t15, _t58);
				}
				_t19 = _t70 + 0x78; // 0x6d726f46
				E00430D48( *_t19, 0xff000017);
				_t20 = _t70 + 0x80; // 0xc79
				E00430D48( *_t20, 0xff000007);
				_t21 = _t70 + 0x84; // 0x0
				E00430D48( *_t21, 0xff000008);
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(0x479f0e);
				if( *0x50b17c != 0) {
					_t47 =  *0x50b17c; // 0x25b4140
					return E0047CE20(_t47, _v5 & 0x000000ff);
				}
				return 0;
			}

0x00479d8d
0x00479d8f
0x00479d97
0x00479d99
0x00479da4
0x00479da6
0x00479db2
0x00479db2
0x00479db7
0x00479db8
0x00479dbd
0x00479dc0
0x00479dca
0x00479dce
0x00479dd3
0x00479dd3
0x00479ded
0x00479e06
0x00479e0d
0x00479e10
0x00479def
0x00479df3
0x00479dfa
0x00479dfd
0x00479dfd
0x00479e1a
0x00479e2d
0x00479e34
0x00479e80
0x00479e88
0x00479e8f
0x00479e96
0x00479e9c
0x00479ea3
0x00479eaa
0x00479eb0
0x00479e36
0x00479e3d
0x00479e44
0x00479e47
0x00479e53
0x00479e5a
0x00479e60
0x00479e6c
0x00479e73
0x00479e79
0x00479e79
0x00479eb5
0x00479ebd
0x00479ec2
0x00479ecd
0x00479ed2
0x00479edd
0x00479ee4
0x00479ee7
0x00479eea
0x00479ef6
0x00479efc
0x00000000
0x00479f01
0x00479f06

APIs

SystemParametersInfoW.USER32 ref: 00479DE6
CreateFontIndirectW.GDI32(0000005C), ref: 00479DF3
GetStockObject.GDI32(0000000D), ref: 00479E06

Part of subcall function 004310D8: MulDiv.KERNEL32(00000000,?,00000048), ref: 004310E5

SystemParametersInfoW.USER32 ref: 00479E2D
CreateFontIndirectW.GDI32(?), ref: 00479E3D
CreateFontIndirectW.GDI32(?), ref: 00479E53
CreateFontIndirectW.GDI32(?), ref: 00479E6C
GetStockObject.GDI32(0000000D), ref: 00479E8F
GetStockObject.GDI32(0000000D), ref: 00479EA3

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateFontIndirect$ObjectStock$InfoParametersSystem
String ID:
API String ID: 2565622021-0
Opcode ID: 3855c4ae409a996207003510e8f705c24cfddba21bbaf5e177040d12a032337f
Instruction ID: f5799cbe55373404752a6dcd0957b159e49acc015314b586878f5ffac0ee02c6
Opcode Fuzzy Hash: 3855c4ae409a996207003510e8f705c24cfddba21bbaf5e177040d12a032337f
Instruction Fuzzy Hash: 854186306046449BEB50EB7ACD91B9A33E4AF48304F54807BB94CDB3A7DA789C05CF69

Uniqueness

Uniqueness Score: -1.00%

Function 004C44E8, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 142
windowCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E004C44E8(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				long _v8;
				struct _SHFILEINFOW _v700;
				char _v704;
				long _t62;
				long _t77;
				void* _t80;
				intOrPtr* _t86;
				short* _t92;
				void* _t93;
				void* _t94;
				void* _t98;
				void* _t99;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t132;
				void* _t133;
				intOrPtr _t134;

				_t130 = __esi;
				_t129 = __edi;
				_t132 = _t133;
				_t134 = _t133 + 0xfffffd44;
				_push(__esi);
				_push(__edi);
				_v704 = 0;
				_v8 = 0;
				_push(_t132);
				_push(0x4c46de);
				_push( *[fs:eax]);
				 *[fs:eax] = _t134;
				E0045A758( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b0)), 0x20);
				E0045A78C( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b0)), 0x20);
				E0045A758( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b4)), 0x20);
				E0045A78C( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b4)), 0x20);
				_push(_t132);
				_push(0x4c46b3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t134;
				_t62 = SHGetFileInfoW(L"c:\\directory", 0x10,  &_v700, 0x2b4, 0x1010); // executed
				if(_t62 != 0 && _v700.szDisplayName != 0) {
					_t98 =  *0x508b50; // 0x400000
					_t99 = ExtractIconW(_t98,  &(_v700.szDisplayName), _v700.iIcon); // executed
					E004C4424(_t99,  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b0)), __edi);
				}
				if(L004D9994(6, 0) == 0) {
					E004DF184(0, 2, _t129, _t130, __eflags,  &_v8);
					__eflags = _v8;
					if(_v8 == 0) {
						__eflags = 0;
						E004DF184(1, 2, _t129, _t130, 0,  &_v8);
					}
					__eflags = _v8;
					if(_v8 != 0) {
						_t77 = SHGetFileInfoW(E004064D4(_v8), 0,  &_v700, 0x2b4, 0x1000);
						__eflags = _t77;
						if(_t77 != 0) {
							__eflags = _v700.szDisplayName;
							if(_v700.szDisplayName != 0) {
								_t80 =  *0x508b50; // 0x400000
								E004C4424(ExtractIconW(_t80,  &(_v700.szDisplayName), _v700.iIcon),  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b4)), _t129);
							}
						}
					}
				} else {
					_t86 =  *0x505040; // 0x50bdd0
					E0047E290( *_t86,  &_v704);
					E00406854( &_v704, L"shell32.dll", 0x27);
					_t92 = E004064D4(_v704);
					_t93 =  *0x508b50; // 0x400000
					_t94 = ExtractIconW(_t93, _t92, ??); // executed
					E004C4424(_t94,  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x4b4)), _t129);
				}
				_pop(_t115);
				 *[fs:eax] = _t115;
				_pop(_t116);
				 *[fs:eax] = _t116;
				_push(E004C46E5);
				L00406438( &_v704);
				return L00406438( &_v8);
			}

0x004c44e8
0x004c44e8
0x004c44e9
0x004c44eb
0x004c44f2
0x004c44f3
0x004c44f6
0x004c44fc
0x004c4501
0x004c4502
0x004c4507
0x004c450a
0x004c451e
0x004c4534
0x004c454a
0x004c4560
0x004c4567
0x004c4568
0x004c456d
0x004c4570
0x004c458b
0x004c4592
0x004c45ac
0x004c45b2
0x004c45c3
0x004c45c3
0x004c45d3
0x004c4630
0x004c4635
0x004c4639
0x004c463f
0x004c4645
0x004c4645
0x004c464a
0x004c464e
0x004c466c
0x004c4671
0x004c4673
0x004c4675
0x004c467d
0x004c468d
0x004c46a4
0x004c46a4
0x004c467d
0x004c4673
0x004c45d5
0x004c45dd
0x004c45e4
0x004c45f4
0x004c45ff
0x004c4605
0x004c460b
0x004c461c
0x004c461c
0x004c46ab
0x004c46ae
0x004c46bf
0x004c46c2
0x004c46c5
0x004c46d0
0x004c46dd

APIs

Part of subcall function 0045A758: KiUserCallbackDispatcher.NTDLL(?,00000000,?,?,004C4A09,0000000C), ref: 0045A76B

SHGetFileInfoW.SHELL32(c:\directory,00000010,?,000002B4,00001010), ref: 004C458B
ExtractIconW.SHELL32(00400000,00000000,?), ref: 004C45B2

Part of subcall function 004C4424: DrawIconEx.USER32 ref: 004C44BF
Part of subcall function 004C4424: DestroyIcon.USER32(?,004C44E2,?,00000020,00000020,00000000,00000000,00000003,?,00000020,?,?), ref: 004C44D5

ExtractIconW.SHELL32(00400000,00000000,00000027), ref: 004C460B
SHGetFileInfoW.SHELL32(00000000,00000000,?,000002B4,00001000), ref: 004C466C
ExtractIconW.SHELL32(00400000,00000000,?), ref: 004C4693

Strings

c:\directory, xrefs: 004C4586
shell32.dll, xrefs: 004C45EF

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Icon$Extract$FileInfo$CallbackDestroyDispatcherDrawUser
String ID: c:\directory$shell32.dll
API String ID: 350228638-1375355148
Opcode ID: f0d83c5d1efc28f01d1a8f98fef8e879719c3522288f11ce8ba15c6e9d46fd7b
Instruction ID: 1da30287260a14f896440c9f0ae22c16ea11510bd26958a61633ce3c97e55299
Opcode Fuzzy Hash: f0d83c5d1efc28f01d1a8f98fef8e879719c3522288f11ce8ba15c6e9d46fd7b
Instruction Fuzzy Hash: 4E518078600204AFCB50EB55C99AF9AB7E8EB49304F2081AAF80497386C73CDE448F59

Uniqueness

Uniqueness Score: -1.00%

Function 0047C268, Relevance: 12.1, APIs: 8, Instructions: 118
windowCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E0047C268(void* __eax, char* __ecx, struct tagMSG* __edx) {
				char _v18;
				char _v19;
				char _t14;
				int _t34;
				void* _t35;
				void* _t36;
				void* _t46;
				struct tagMSG* _t47;
				struct HWND__* _t48;
				signed char* _t49;

				_t37 = __ecx;
				_push(__ecx);
				_t47 = __edx;
				_t46 = __eax;
				 *_t49 = 0;
				PeekMessageW(__edx, 0, 0x200, 0x20a, 1); // executed
				asm("sbb ebx, ebx");
				_t36 = _t35 + 1;
				if(_t36 != 0) {
					L2:
					_t48 = _t47->hwnd;
					if(_t48 == 0 || IsWindowUnicode(_t48) != 0) {
						_t14 = 1;
					} else {
						_t14 = 0;
					}
					_v18 = _t14;
					if(_t36 == 0) {
						if(_v18 == 0) {
							PeekMessageA(_t47, 0, 0, 0, 1);
							asm("sbb ebx, ebx");
							_t36 = _t36 + 1;
						} else {
							PeekMessageW(_t47, 0, 0, 0, 1); // executed
							asm("sbb ebx, ebx");
							_t36 = _t36 + 1;
						}
					}
					if(_t36 != 0) {
						 *_t49 = 1;
						if(_t47->message == 0x12) {
							 *((char*)(_t46 + 0xa0)) = 1;
						} else {
							_v19 = 0;
							if( *((short*)(_t46 + 0x10a)) != 0) {
								_t37 =  &_v19;
								 *((intOrPtr*)(_t46 + 0x108))();
							}
							if(L0047DF34(_t46, _t37, _t47) == 0 && E0047C114(_t46, _t47) == 0 && _v19 == 0 && L0047BFCC(_t46, _t47) == 0 && E0047C01C(_t46, _t47) == 0 && L0047BF84(_t46, _t47) == 0) {
								TranslateMessage(_t47);
								if(_v18 == 0) {
									DispatchMessageA(_t47);
								} else {
									DispatchMessageW(_t47); // executed
								}
							}
						}
					}
					L24:
					return  *_t49 & 0x000000ff;
				}
				_t34 = PeekMessageW(_t47, 0, 0, 0, 0); // executed
				if(_t34 == 0) {
					goto L24;
				}
				goto L2;
			}

0x0047c268
0x0047c26c
0x0047c26d
0x0047c26f
0x0047c271
0x0047c284
0x0047c28c
0x0047c28e
0x0047c291
0x0047c2a9
0x0047c2a9
0x0047c2ad
0x0047c2bd
0x0047c2b9
0x0047c2b9
0x0047c2b9
0x0047c2bf
0x0047c2c5
0x0047c2cc
0x0047c2ed
0x0047c2f5
0x0047c2f7
0x0047c2ce
0x0047c2d7
0x0047c2df
0x0047c2e1
0x0047c2e1
0x0047c2cc
0x0047c2fa
0x0047c300
0x0047c308
0x0047c394
0x0047c30e
0x0047c30e
0x0047c31b
0x0047c31d
0x0047c329
0x0047c329
0x0047c33a
0x0047c378
0x0047c382
0x0047c38d
0x0047c384
0x0047c385
0x0047c385
0x0047c382
0x0047c33a
0x0047c308
0x0047c39b
0x0047c3a4
0x0047c3a4
0x0047c29c
0x0047c2a3
0x00000000
0x00000000
0x00000000

APIs

PeekMessageW.USER32 ref: 0047C284
PeekMessageW.USER32 ref: 0047C29C
IsWindowUnicode.USER32 ref: 0047C2B0
PeekMessageW.USER32 ref: 0047C2D7
PeekMessageA.USER32 ref: 0047C2ED
TranslateMessage.USER32 ref: 0047C378
DispatchMessageW.USER32 ref: 0047C385
DispatchMessageA.USER32 ref: 0047C38D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
String ID:
API String ID: 2190272339-0
Opcode ID: aec265175d4dcb7c97616442d8e5c82354d272469c79db9d15f44d72e31fbebf
Instruction ID: f564e25ef9def22ee9d688585a514d3139351bcb3ac6a6811250e2314314223d
Opcode Fuzzy Hash: aec265175d4dcb7c97616442d8e5c82354d272469c79db9d15f44d72e31fbebf
Instruction Fuzzy Hash: 5E31B22074874075EA316A294CC6BEF57844F5270CF24C56FFDC9A72C3C7AD9846425E

Uniqueness

Uniqueness Score: -1.00%

Function 00474A7C, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174
windowCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E00474A7C(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t46;
				void* _t66;
				void* _t73;
				struct HMENU__* _t76;
				struct HMENU__* _t82;
				intOrPtr _t89;
				void* _t91;
				intOrPtr _t93;
				intOrPtr _t95;
				intOrPtr _t99;
				void* _t104;
				intOrPtr _t112;
				void* _t127;
				intOrPtr _t129;
				void* _t132;

				_v20 = 0;
				_t129 = __edx;
				_t104 = __eax;
				_push(_t132);
				_push(0x474c90);
				_push( *[fs:eax]);
				 *[fs:eax] = _t132 + 0xfffffff0;
				if(__edx == 0) {
					L7:
					_t44 =  *((intOrPtr*)(_t104 + 0x2a0));
					if( *((intOrPtr*)(_t104 + 0x2a0)) != 0) {
						E00452EC0(_t44, 0, 0);
					}
					if(( *(_t104 + 0x1c) & 0x00000008) != 0 || _t129 != 0 && ( *(_t129 + 0x1c) & 0x00000008) != 0) {
						_t129 = 0;
					}
					 *((intOrPtr*)(_t104 + 0x2a0)) = _t129;
					if(_t129 != 0) {
						E0042AD08(_t129, _t104);
					}
					if(_t129 == 0 || ( *(_t104 + 0x1c) & 0x00000010) == 0 &&  *((char*)(_t104 + 0x281)) == 3) {
						_t46 = L00463DBC(_t104);
						__eflags = _t46;
						if(_t46 != 0) {
							SetMenu(L00463A10(_t104), 0); // executed
						}
						goto L30;
					} else {
						if( *((char*)( *((intOrPtr*)(_t104 + 0x2a0)) + 0x5c)) != 0 ||  *((char*)(_t104 + 0x287)) == 1) {
							if(( *(_t104 + 0x1c) & 0x00000010) == 0) {
								__eflags =  *((char*)(_t104 + 0x287)) - 1;
								if( *((char*)(_t104 + 0x287)) != 1) {
									_t66 = L00463DBC(_t104);
									__eflags = _t66;
									if(_t66 != 0) {
										SetMenu(L00463A10(_t104), 0);
									}
								}
								goto L30;
							}
							goto L21;
						} else {
							L21:
							if(L00463DBC(_t104) != 0) {
								_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x2a0)))) + 0x34))();
								_t76 = GetMenu(L00463A10(_t104));
								_t154 = _t73 - _t76;
								if(_t73 != _t76) {
									_t82 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x2a0)))) + 0x34))();
									SetMenu(L00463A10(_t104), _t82);
								}
								E00452EC0(_t129, L00463A10(_t104), _t154);
							}
							L30:
							if( *((char*)(_t104 + 0x286)) != 0) {
								E004763FC(_t104, 1);
							}
							E004749B4(_t104);
							if( *((intOrPtr*)(_t104 + 0x2a8)) != 0 && ( *(_t104 + 0x1c) & 0x00000010) != 0 &&  *((intOrPtr*)(_t104 + 0x30)) != 0) {
								SetWindowPos(L00463A10(_t104), 0, 0, 0, 0, 0, 0x37);
								E0045C458(_t104, 0, 0x85, 0);
								E0045C458(_t104, 0, 0xf, 0);
							}
							_pop(_t112);
							 *[fs:eax] = _t112;
							_push(0x474c97);
							return L00406438( &_v20);
						}
					}
				}
				_t89 =  *0x50b180; // 0x25c26a0
				_t91 = L004796E8(_t89) - 1;
				if(_t91 >= 0) {
					_v8 = _t91 + 1;
					_t127 = 0;
					do {
						_t93 =  *0x50b180; // 0x25c26a0
						if(_t129 ==  *((intOrPtr*)(L004796D4(_t93, _t127) + 0x2a0))) {
							_t95 =  *0x50b180; // 0x25c26a0
							if(_t104 != L004796D4(_t95, _t127)) {
								_v16 =  *((intOrPtr*)(_t129 + 8));
								_v12 = 0x11;
								_push( &_v16);
								_t99 =  *0x504b40; // 0x42e564
								E00408D5C(_t99,  &_v20, 0);
								L0041196C(_t104, _v20, 1, _t127, _t129);
								E00404A74();
							}
						}
						_t127 = _t127 + 1;
						_t10 =  &_v8;
						 *_t10 = _v8 - 1;
					} while ( *_t10 != 0);
				}
			}

0x00474a87
0x00474a8a
0x00474a8c
0x00474a90
0x00474a91
0x00474a96
0x00474a99
0x00474a9e
0x00474b10
0x00474b10
0x00474b18
0x00474b1c
0x00474b1c
0x00474b25
0x00474b31
0x00474b31
0x00474b33
0x00474b3b
0x00474b41
0x00474b41
0x00474b48
0x00474bfb
0x00474c00
0x00474c02
0x00474c0e
0x00474c0e
0x00000000
0x00474b61
0x00474b6b
0x00474b7a
0x00474bd4
0x00474bdb
0x00474bdf
0x00474be4
0x00474be6
0x00474bf2
0x00474bf2
0x00474be6
0x00000000
0x00474bdb
0x00000000
0x00474b7c
0x00474b7c
0x00474b85
0x00474b93
0x00474ba0
0x00474ba5
0x00474ba7
0x00474bb1
0x00474bbd
0x00474bbd
0x00474bcd
0x00474bcd
0x00474c13
0x00474c1a
0x00474c20
0x00474c20
0x00474c27
0x00474c33
0x00474c55
0x00474c65
0x00474c75
0x00474c75
0x00474c7c
0x00474c7f
0x00474c82
0x00474c8f
0x00474c8f
0x00474b6b
0x00474b48
0x00474aa0
0x00474aaa
0x00474aad
0x00474ab0
0x00474ab3
0x00474ab5
0x00474ab7
0x00474ac7
0x00474acb
0x00474ad7
0x00474adc
0x00474adf
0x00474ae6
0x00474aec
0x00474af1
0x00474b00
0x00474b05
0x00474b05
0x00474ad7
0x00474b0a
0x00474b0b
0x00474b0b
0x00474b0b
0x00474ab5

APIs

GetMenu.USER32(00000000), ref: 00474BA0
SetMenu.USER32(00000000,00000000), ref: 00474BBD
SetMenu.USER32(00000000,00000000), ref: 00474BF2
SetMenu.USER32(00000000,00000000,00000000,00474C90), ref: 00474C0E

Part of subcall function 00408D5C: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00408DA1

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00474C55

Strings

dB, xrefs: 00474AEC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Menu$LoadStringWindow
String ID: dB
API String ID: 1738039741-590823066
Opcode ID: a0aa07798e338e453f53891f609012d7f48b889524cafb65d768c95d63bc2483
Instruction ID: 242794a663fa9c04f36dd6bfc9733e18e3a1e7e904f1d9d6ef06693e97fba7fe
Opcode Fuzzy Hash: a0aa07798e338e453f53891f609012d7f48b889524cafb65d768c95d63bc2483
Instruction Fuzzy Hash: 59518E70B013445BDB21EF7A88857EA3698AB85308F05847BBC499B397CB7CDC48CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004AFA3C, Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 157
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E004AFA3C(signed char __eax, void* __ebx, char __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, void* _a8, signed short _a12, signed char _a16, char _a20) {
				char _v8;
				signed char _v9;
				short _v32;
				intOrPtr _v36;
				char _v80;
				void* _v92;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t75;
				intOrPtr _t107;
				char _t114;
				intOrPtr _t132;
				void* _t142;
				intOrPtr* _t144;
				void* _t147;

				_t116 = __ecx;
				_v116 = 0;
				_v120 = 0;
				_v108 = 0;
				_v112 = 0;
				_v104 = 0;
				_v100 = 0;
				_v8 = 0;
				_t114 = __ecx;
				_t142 = __edx;
				_v9 = __eax;
				_t144 = _a4;
				L00406430(_a20);
				_push(_t147);
				_push(0x4afc3e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t147 + 0xffffff8c;
				E00406BE4(_t142, __ecx, 0x4afc5c);
				if(0 != 0) {
					_push(0x4afc6c);
					_push(_t142);
					_push(0x4afc6c);
					E004069F8( &_v8, 3, _t142);
					__eflags = _t114;
					if(_t114 != 0) {
						_push(_v8);
						_push(0x4afc7c);
						_push(_t114);
						E004069F8( &_v8, 3, _t142);
					}
					E0047E7C8(_t142, _t116,  &_v100);
					_t63 = E0040C24C(_v100, _t116, L".bat");
					__eflags = _t63;
					if(_t63 == 0) {
						L6:
						_t64 = L0047FAF0();
						__eflags = _t64;
						if(_t64 == 0) {
							_push(0x4afc6c);
							L0047F714( &_v120);
							E0047E290(_v120,  &_v116);
							_push(_v116);
							_push(L"COMMAND.COM\" /C ");
							_push(_v8);
							E004069F8( &_v8, 4, _t142);
						} else {
							_push(0x4afc6c);
							L0047F740( &_v112);
							E0047E290(_v112,  &_v108);
							_push(_v108);
							_push(L"cmd.exe\" /C \"");
							_push(_v8);
							_push(0x4afc6c);
							E004069F8( &_v8, 5, _t142);
						}
						goto L9;
					} else {
						E0047E7C8(_t142, _t116,  &_v104);
						_t107 = E0040C24C(_v104, _t116, L".cmd");
						__eflags = _t107;
						if(_t107 != 0) {
							L9:
							__eflags = _a20;
							if(_a20 == 0) {
								E0047E76C(_t142, _t116,  &_a20);
							}
							goto L11;
						}
						goto L6;
					}
				} else {
					E0040649C( &_v8, __ecx);
					L11:
					L00403540( &_v80, 0x44);
					_v80 = 0x44;
					_v36 = 1;
					_v32 = _a12 & 0x0000ffff;
					_t150 = _a20;
					if(_a20 == 0) {
						L0047F740( &_a20);
					}
					_t75 = E004064D4(_a20);
					E004AD01C(_v9 & 0x000000ff, E004064D4(_v8), 0, _t150,  &_v96,  &_v80, _t75, 0, 0x4000000, 0, 0, 0); // executed
					asm("sbb ebx, ebx");
					_t115 = _t114 + 1;
					if(_t114 + 1 != 0) {
						CloseHandle(_v92);
						E004AF9A8(_v96, _t115, _a16 & 0x000000ff, _t142, _t144, _t144); // executed
					} else {
						 *_t144 = GetLastError();
					}
					_pop(_t132);
					 *[fs:eax] = _t132;
					_push(0x4afc45);
					L00406440( &_v120, 6);
					L00406438( &_v8);
					return L00406438( &_a20);
				}
			}

0x004afa3c
0x004afa47
0x004afa4a
0x004afa4d
0x004afa50
0x004afa53
0x004afa56
0x004afa59
0x004afa5c
0x004afa5e
0x004afa60
0x004afa63
0x004afa69
0x004afa70
0x004afa71
0x004afa76
0x004afa79
0x004afa83
0x004afa88
0x004afa99
0x004afa9e
0x004afa9f
0x004afaac
0x004afab1
0x004afab3
0x004afab5
0x004afab8
0x004afabd
0x004afac6
0x004afac6
0x004afad0
0x004afadd
0x004afae2
0x004afae4
0x004afb01
0x004afb01
0x004afb06
0x004afb08
0x004afb41
0x004afb49
0x004afb54
0x004afb59
0x004afb5c
0x004afb61
0x004afb6c
0x004afb0a
0x004afb0a
0x004afb12
0x004afb1d
0x004afb22
0x004afb25
0x004afb2a
0x004afb2d
0x004afb3a
0x004afb3a
0x00000000
0x004afae6
0x004afaeb
0x004afaf8
0x004afafd
0x004afaff
0x004afb71
0x004afb71
0x004afb75
0x004afb7c
0x004afb7c
0x00000000
0x004afb75
0x00000000
0x004afaff
0x004afa8a
0x004afa8f
0x004afb81
0x004afb8b
0x004afb90
0x004afb97
0x004afba2
0x004afba6
0x004afbaa
0x004afbaf
0x004afbaf
0x004afbc4
0x004afbe2
0x004afbea
0x004afbec
0x004afbef
0x004afbfe
0x004afc0e
0x004afbf1
0x004afbf6
0x004afbf6
0x004afc15
0x004afc18
0x004afc1b
0x004afc28
0x004afc30
0x004afc3d
0x004afc3d

APIs

GetLastError.KERNEL32(?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,004AFC6C,004AFC6C,?,004AFC6C,00000000), ref: 004AFBF1
CloseHandle.KERNEL32(004FCF6D,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,?,COMMAND.COM" /C ,?,004AFC6C,004AFC6C,?,004AFC6C), ref: 004AFBFE

Part of subcall function 004AF9A8: WaitForInputIdle.USER32 ref: 004AF9D4
Part of subcall function 004AF9A8: MsgWaitForMultipleObjects.USER32 ref: 004AF9F6
Part of subcall function 004AF9A8: GetExitCodeProcess.KERNEL32 ref: 004AFA07
Part of subcall function 004AF9A8: CloseHandle.KERNEL32(00000001,004AFA34,004AFA2D,?,?,?,00000001,?,?,004AFDD6,?,0000003C,00000000,004AFDEC), ref: 004AFA27

Strings

COMMAND.COM" /C , xrefs: 004AFB5C
.cmd, xrefs: 004AFAF3
cmd.exe" /C ", xrefs: 004AFB25
.bat, xrefs: 004AFAD8
D, xrefs: 004AFB90

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseHandleWait$CodeErrorExitIdleInputLastMultipleObjectsProcess
String ID: .bat$.cmd$COMMAND.COM" /C $D$cmd.exe" /C "
API String ID: 854858120-615399546
Opcode ID: 9549761f24674e75a1a8d65ef4facb71aa54c1c01a217c777a8b32c823b5dfa9
Instruction ID: 88e2853dccfaa7143611bf52dc62ae34b40875a7a0a12817af126c8a521733c8
Opcode Fuzzy Hash: 9549761f24674e75a1a8d65ef4facb71aa54c1c01a217c777a8b32c823b5dfa9
Instruction Fuzzy Hash: 39516870A0020C9BDB10EFD6C982BDEB7B9BF59304F60417BB804B7291D7789E199B59

Uniqueness

Uniqueness Score: -1.00%

Function 004799B4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 126
registryCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E004799B4(intOrPtr __eax, void* __ebx, void* __ecx, void* __fp0) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				char _v20;
				void* _v24;
				struct HKL__* _v280;
				char _v792;
				char _v920;
				char _v924;
				char _v928;
				char _v932;
				void* _t60;
				long _t74;
				intOrPtr _t107;
				intOrPtr _t113;
				void* _t119;
				void* _t120;
				intOrPtr _t121;
				void* _t131;

				_t131 = __fp0;
				_t119 = _t120;
				_t121 = _t120 + 0xfffffc60;
				_v932 = 0;
				_v8 = __eax;
				_push(_t119);
				_push(0x479b61);
				_push( *[fs:eax]);
				 *[fs:eax] = _t121;
				if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
					L11:
					_pop(_t107);
					 *[fs:eax] = _t107;
					_push(0x479b68);
					return L00406438( &_v932);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = L00425DEC(1);
					E00406448(_v8 + 0x38, 0);
					_t60 = GetKeyboardLayoutList(0x40,  &_v280) - 1;
					if(_t60 < 0) {
						L10:
						 *((char*)( *((intOrPtr*)(_v8 + 0x34)) + 0x29)) = 0;
						L00425BD8( *((intOrPtr*)(_v8 + 0x34)), 1);
						goto L11;
					} else {
						_v20 = _t60 + 1;
						_v24 =  &_v280;
						do {
							if(L0046956C( *_v24) == 0) {
								goto L9;
							} else {
								_v928 =  *_v24;
								_v924 = 0;
								_t74 = RegOpenKeyExW(0x80000002, E0040E1D0( &_v920,  &_v928, L"System\\CurrentControlSet\\Control\\Keyboard Layouts\\%.8x", _t131, 0), 0, 0x20019,  &_v16); // executed
								if(_t74 != 0) {
									goto L9;
								} else {
									_push(_t119);
									_push(0x479b1d);
									_push( *[fs:eax]);
									 *[fs:eax] = _t121;
									_v12 = 0x200;
									if(RegQueryValueExW(_v16, L"layout text", 0, 0,  &_v792,  &_v12) == 0) {
										E00406640( &_v932, 0x100,  &_v792);
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)))) + 0x3c))();
										if( *_v24 ==  *((intOrPtr*)(_v8 + 0x3c))) {
											E00406640(_v8 + 0x38, 0x100,  &_v792);
										}
									}
									_pop(_t113);
									 *[fs:eax] = _t113;
									_push(0x479b24);
									return RegCloseKey(_v16);
								}
							}
							goto L12;
							L9:
							_v24 = _v24 + 4;
							_t38 =  &_v20;
							 *_t38 = _v20 - 1;
						} while ( *_t38 != 0);
						goto L10;
					}
				}
				L12:
			}

0x004799b4
0x004799b5
0x004799b7
0x004799c0
0x004799c6
0x004799cb
0x004799cc
0x004799d1
0x004799d4
0x004799de
0x00479b42
0x00479b4a
0x00479b4d
0x00479b50
0x00479b60
0x004799e4
0x004799f3
0x004799fe
0x00479a11
0x00479a14
0x00479b31
0x00479b37
0x00479b3d
0x00000000
0x00479a1a
0x00479a1b
0x00479a24
0x00479a27
0x00479a33
0x00000000
0x00479a39
0x00479a4b
0x00479a51
0x00479a74
0x00479a7b
0x00000000
0x00479a81
0x00479a83
0x00479a84
0x00479a89
0x00479a8c
0x00479a8f
0x00479ab5
0x00479ac8
0x00479ae0
0x00479aee
0x00479b01
0x00479b01
0x00479aee
0x00479b08
0x00479b0b
0x00479b0e
0x00479b1c
0x00479b1c
0x00479a7b
0x00000000
0x00479b24
0x00479b24
0x00479b28
0x00479b28
0x00479b28
0x00000000
0x00479a27
0x00479a14
0x00000000

APIs

GetKeyboardLayoutList.USER32(00000040,?,00000000,00479B61,?,025C26A0,?,00479C05,00000000,?,0045E17B,00460448,?,00000000,0045E1F9), ref: 00479A0C
RegOpenKeyExW.ADVAPI32(80000002,00000000), ref: 00479A74
RegQueryValueExW.ADVAPI32(?,layout text,00000000,00000000,?,00000200,00000000,00479B1D,?,80000002,00000000), ref: 00479AAE
RegCloseKey.ADVAPI32(?,00479B24,00000000,?,00000200,00000000,00479B1D,?,80000002,00000000), ref: 00479B17

Strings

System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 00479A5E
layout text, xrefs: 00479AA5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseKeyboardLayoutListOpenQueryValue
String ID: System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
API String ID: 1703357764-2652665750
Opcode ID: b3a485c0e166dcb435b7bc67bf712b1348be531460d20602af41734a65f45dd1
Instruction ID: 840c971cceb15e7099a20cec3684e3c81698b4dbb0a39db1a36b2c17f7ae8159
Opcode Fuzzy Hash: b3a485c0e166dcb435b7bc67bf712b1348be531460d20602af41734a65f45dd1
Instruction Fuzzy Hash: C0411874A002089FDB15DF55D982BDEB7F9FB48304F9184A6E908A7391D778AE00CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0048148C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91
windowregistryCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E0048148C(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				void* _t10;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t27;
				struct HWND__* _t33;
				void* _t42;
				intOrPtr _t44;
				void* _t49;
				intOrPtr _t51;
				struct HWND__* _t52;
				intOrPtr _t54;
				intOrPtr _t55;

				_t50 = __esi;
				_t42 = __edx;
				_t54 = _t55;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				if(__edx != 0) {
					_t55 = _t55 + 0xfffffff0;
					_t10 = E004044D0(_t10, _t54);
				}
				_t49 = _t10;
				_push(_t54);
				_push(0x48159e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55;
				E00404068(0);
				 *((intOrPtr*)(_t49 + 0xc)) = GetActiveWindow();
				 *((intOrPtr*)(_t49 + 0x10)) = GetFocus();
				_t17 = E00470BFC(0, _t42, _t49, _t50); // executed
				 *((intOrPtr*)(_t49 + 0x14)) = _t17;
				if( *0x50b1e2 == 0) {
					 *0x50b1e2 = RegisterClassW(0x503e00);
				}
				if( *0x50b1e2 != 0) {
					_t22 =  *0x508b50; // 0x400000
					_t24 = E0040A124(0, L"TWindowDisabler-Window", 0, _t22, 0, 0, 0, 0, 0, 0, 0x88000000); // executed
					_t51 = _t24;
					 *((intOrPtr*)(_t49 + 8)) = _t51;
					if(_t51 != 0) {
						_t5 = _t49 + 8; // 0x61736944
						_t26 =  *0x508b50; // 0x400000
						_t27 =  *0x504e38; // 0x50b17c
						L0047BEA4( *_t27,  &_v8);
						E004064D4(_v8);
						_t33 = E0040A124(0, L"TWindowDisabler-Window", 0, _t26, 0,  *_t5, 0, 0, 0, 0, 0x80000000); // executed
						_t52 = _t33;
						 *(_t49 + 4) = _t52;
						if(_t52 != 0) {
							ShowWindow(_t52, 8); // executed
						}
					}
				}
				SetFocus(0);
				_pop(_t44);
				 *[fs:eax] = _t44;
				_push(0x4815a5);
				return L00406438( &_v8);
			}

0x0048148c
0x0048148c
0x0048148d
0x0048148f
0x00481491
0x00481492
0x00481493
0x00481496
0x00481498
0x0048149b
0x0048149b
0x004814a2
0x004814a6
0x004814a7
0x004814ac
0x004814af
0x004814b6
0x004814c0
0x004814c8
0x004814cd
0x004814d2
0x004814dd
0x004814e9
0x004814e9
0x004814f7
0x0048150e
0x00481522
0x00481527
0x00481529
0x0048152e
0x0048153d
0x00481543
0x0048154e
0x00481555
0x0048155d
0x0048156b
0x00481570
0x00481572
0x00481577
0x0048157c
0x0048157c
0x00481577
0x0048152e
0x00481583
0x0048158a
0x0048158d
0x00481590
0x0048159d

APIs

GetActiveWindow.USER32 ref: 004814BB
GetFocus.USER32 ref: 004814C3
RegisterClassW.USER32 ref: 004814E4
ShowWindow.USER32(00000000,00000008,00000000,00400000,00000000,61736944,00000000,00000000,00000000,00000000,80000000,00000000,00400000,00000000,00000000,00000000), ref: 0048157C
SetFocus.USER32(00000000,00000000,0048159E,?,?,00000000,00000001,00000000,?,004B3357,?,00000000,00000000,004FE5AF,?,00000001), ref: 00481583

Strings

TWindowDisabler-Window, xrefs: 0048151B, 00481564

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FocusWindow$ActiveClassRegisterShow
String ID: TWindowDisabler-Window
API String ID: 495420250-1824977358
Opcode ID: 228318ed0b1cae2d7259128f9f24f96d89976fc0744655dc0fc5f27cc2bcc331
Instruction ID: 49d0bc2b81e5ad620ede4f7c9f028102b8841b21f60e8c55bafaaeb2fca67e8d
Opcode Fuzzy Hash: 228318ed0b1cae2d7259128f9f24f96d89976fc0744655dc0fc5f27cc2bcc331
Instruction Fuzzy Hash: EE21B170A407007BE710FF659C52F2E72E9EB84B04F11892BB500AB2E1D77CAD158799

Uniqueness

Uniqueness Score: -1.00%

Function 004B0A78, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E004B0A78(signed char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, union _ULARGE_INTEGER* _a4) {
				signed char _v5;
				char _v6;
				char _v16;
				signed int _v20;
				long _v24;
				long _v28;
				long _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				int _t66;
				int _t84;
				void* _t91;
				intOrPtr _t104;
				intOrPtr _t111;
				void* _t114;
				void* _t116;
				void* _t118;
				void* _t119;
				intOrPtr _t120;

				_t92 = __ecx;
				_t118 = _t119;
				_t120 = _t119 + 0xffffffd0;
				_push(__ebx);
				_push(__esi);
				_v44 = 0;
				_v48 = 0;
				_v52 = 0;
				_v36 = 0;
				_v40 = 0;
				_t114 = __ecx;
				_t116 = __edx;
				_v5 = __eax;
				_push(_t118);
				_push(0x4b0bc1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120;
				_t91 = E00409620(0, _t116, GetModuleHandleW(L"kernel32.dll"), L"GetDiskFreeSpaceExW");
				if(E004ACF58(_v5 & 0x000000ff,  &_v16) != 0) {
					_push(_t118);
					_push(0x4b0b9f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t120;
					if(_t91 == 0) {
						E0047E6BC(_t116,  &_v52,  &_v20);
						E0047E794(_v52, _t92,  &_v48);
						E0047E290(_v48,  &_v44);
						_t66 = GetDiskFreeSpaceW(E004064D4(_v44),  &_v24,  &_v28,  &_v32, ??);
						asm("sbb eax, eax");
						_v6 = _t66 + 1;
						if(_v6 != 0) {
							L00481950(_v24 * _v20, _t114, _v28);
							L00481950(_v24 * _v20, _a4, _v32);
						}
					} else {
						E0047E6BC(_t116,  &_v40, _t114);
						E0047E290(_v40,  &_v36);
						_t84 = GetDiskFreeSpaceExW(E004064D4(_v36), _a4, 0, ??); // executed
						asm("sbb eax, eax");
						_v6 = _t84 + 1;
					}
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(0x4b0ba6);
					return E004ACF94( &_v16);
				} else {
					_v6 = 0;
					_pop(_t111);
					 *[fs:eax] = _t111;
					_push(0x4b0bc8);
					return L00406440( &_v52, 5);
				}
			}

0x004b0a78
0x004b0a79
0x004b0a7b
0x004b0a7e
0x004b0a7f
0x004b0a83
0x004b0a86
0x004b0a89
0x004b0a8c
0x004b0a8f
0x004b0a92
0x004b0a94
0x004b0a96
0x004b0a9b
0x004b0a9c
0x004b0aa1
0x004b0aa4
0x004b0abc
0x004b0acc
0x004b0ad9
0x004b0ada
0x004b0adf
0x004b0ae2
0x004b0ae7
0x004b0b30
0x004b0b3b
0x004b0b46
0x004b0b54
0x004b0b5c
0x004b0b5f
0x004b0b66
0x004b0b73
0x004b0b84
0x004b0b84
0x004b0ae9
0x004b0af5
0x004b0b00
0x004b0b0e
0x004b0b13
0x004b0b16
0x004b0b16
0x004b0b8b
0x004b0b8e
0x004b0b91
0x004b0b9e
0x004b0ace
0x004b0ace
0x004b0ba8
0x004b0bab
0x004b0bae
0x004b0bc0
0x004b0bc0

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetDiskFreeSpaceExW,00000000,004B0BC1), ref: 004B0AB1

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

GetDiskFreeSpaceExW.KERNEL32(00000000,?,?,00000000,00000000,004B0B9F,?,00000000,kernel32.dll,GetDiskFreeSpaceExW,00000000,004B0BC1), ref: 004B0B0E

Strings

GetDiskFreeSpaceExW, xrefs: 004B0AA7
kernel32.dll, xrefs: 004B0AAC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressDiskFreeHandleModuleProcSpace
String ID: GetDiskFreeSpaceExW$kernel32.dll
API String ID: 1197914913-1127948838
Opcode ID: c1e043c8253ff10d34c1658abe8dd9afdccb6a116e6bfe2e6d288f93909a21b2
Instruction ID: f17c09da845011f287a1b8d983794b1e0dfa65d8092af23d93cb9f6b5e720b4e
Opcode Fuzzy Hash: c1e043c8253ff10d34c1658abe8dd9afdccb6a116e6bfe2e6d288f93909a21b2
Instruction Fuzzy Hash: 38415171A04248AFCB01DFE6D882DDFBBB8EF49308F51896BF404B3251D6386905CB68

Uniqueness

Uniqueness Score: -1.00%

Function 004DE8AC, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E004DE8AC(long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char* _t40;
				intOrPtr _t41;
				int _t47;
				intOrPtr _t77;
				void* _t80;
				intOrPtr _t81;
				intOrPtr _t94;
				intOrPtr _t107;
				intOrPtr _t108;

				_t105 = __esi;
				_t104 = __edi;
				_t79 = __ebx;
				_t107 = _t108;
				_t80 = 6;
				do {
					_push(0);
					_push(0);
					_t80 = _t80 - 1;
				} while (_t80 != 0);
				_push(_t80);
				_push(__ebx);
				_push(_t107);
				 *[fs:eax] = _t108;
				E004AE274( &_v20, __ebx, __edx, __edi, __esi); // executed
				E00406448(0x50bdc8, _v20,  *[fs:eax]);
				_t81 =  *0x50bdc8; // 0x25a98fc
				E00406914( &_v24, _t81, L"Created temporary directory: ", 0x4de9fe);
				E004B2BC8(_v24, _t79, _t81, __edi, __esi);
				_t40 =  *0x504f00; // 0x50bc24
				if( *_t40 != 0) {
					_t77 =  *0x50bdc8; // 0x25a98fc
					E004B22D0(_t77);
				}
				_t41 =  *0x50bdc8; // 0x25a98fc
				E0047E290(_t41,  &_v28);
				E00406914( &_v8, L"_isetup", _v28);
				_t47 = CreateDirectoryW(E004064D4(_v8), 0); // executed
				if(_t47 == 0) {
					_t79 = GetLastError();
					_push( &_v32);
					L004ABB3C(0x36,  &_v48, _v8);
					_v44 = _v48;
					E0040D15C( &_v52, _t61);
					_v40 = _v52;
					E0048087C(_t79,  &_v56);
					_v36 = _v56;
					L004ABB0C(0x68, 2,  &_v44, 0);
					L00411930(_v32, 1);
					E00404A74();
				}
				L004B3478( &_v12);
				_t113 = _v12;
				if(_v12 != 0) {
					E00406914( &_v16, L"\\_setup64.tmp", _v8);
					E004DE854(_v12, _t79, _v16, _t104, _t105, _t113); // executed
					L004B34D0(_v16);
				}
				_pop(_t94);
				 *[fs:eax] = _t94;
				_push(E004DEA05);
				L00406440( &_v56, 3);
				return L00406440( &_v32, 7);
			}

0x004de8ac
0x004de8ac
0x004de8ac
0x004de8ad
0x004de8af
0x004de8b4
0x004de8b4
0x004de8b6
0x004de8b8
0x004de8b8
0x004de8bb
0x004de8bc
0x004de8bf
0x004de8c8
0x004de8ce
0x004de8db
0x004de8e3
0x004de8ee
0x004de8f6
0x004de8fb
0x004de903
0x004de905
0x004de90a
0x004de90a
0x004de912
0x004de917
0x004de927
0x004de937
0x004de93e
0x004de945
0x004de94a
0x004de953
0x004de95b
0x004de967
0x004de96f
0x004de977
0x004de97f
0x004de98c
0x004de99b
0x004de9a0
0x004de9a0
0x004de9a8
0x004de9ad
0x004de9b1
0x004de9be
0x004de9c9
0x004de9d1
0x004de9d1
0x004de9d8
0x004de9db
0x004de9de
0x004de9eb
0x004de9fd

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,00000000,004DE9FE,?,0050B17C,00000005,00000000,00000000,?,004FE411,00000000,004FE5C9,?,00000000,004FE639), ref: 004DE937
GetLastError.KERNEL32(00000000,00000000,00000000,004DE9FE,?,0050B17C,00000005,00000000,00000000,?,004FE411,00000000,004FE5C9,?,00000000,004FE639), ref: 004DE940

Strings

Created temporary directory: , xrefs: 004DE8E9
_isetup, xrefs: 004DE922
\_setup64.tmp, xrefs: 004DE9B6

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: Created temporary directory: $\_setup64.tmp$_isetup
API String ID: 1375471231-2952887711
Opcode ID: 9c2f40a32887d448f03f9f8e01d4962487fbd44746a265313fdec099bb0ef30b
Instruction ID: d615ad965eb37596d86b9359e25ae7b517ebc8272817c1d1977c1002efbd3dd7
Opcode Fuzzy Hash: 9c2f40a32887d448f03f9f8e01d4962487fbd44746a265313fdec099bb0ef30b
Instruction Fuzzy Hash: CB413774A001099BDB01FB96D892ADEB3B5EF44304F50417BF501B7395DB38AE05DB69

Uniqueness

Uniqueness Score: -1.00%

Function 0050156C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 70%

			_entry_() {
				intOrPtr* _t11;
				intOrPtr _t20;
				intOrPtr* _t21;
				intOrPtr* _t26;
				intOrPtr* _t29;
				intOrPtr* _t33;
				intOrPtr _t34;
				intOrPtr* _t40;
				intOrPtr* _t59;
				struct HWND__* _t60;
				void* _t63;
				intOrPtr _t64;
				void* _t68;
				intOrPtr _t71;
				intOrPtr _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr _t76;
				intOrPtr _t77;
				void* _t78;
				void* _t80;
				intOrPtr* _t82;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t86;
				void* _t87;

				E00408F4C(0x4febf4);
				_t11 =  *0x504e38; // 0x50b17c
				_t60 =  *( *_t11 + 0x170);
				SetWindowLongW(_t60, 0xffffffec, GetWindowLongW(_t60, 0xffffffec) & 0xffffff7f); // executed
				_push(_t82);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				SetErrorMode(1); // executed
				E004FE938(_t84);
				_t20 =  *0x4fe82c; // 0x4fe884
				_t21 =  *0x504e38; // 0x50b17c
				E0047C3E4( *_t21, E004FE890, _t20);
				E004FE9A8(_t60, _t78, _t80, _t84, _t87);
				_pop(_t71);
				_t63 = 0x5015e7;
				 *[fs:eax] = _t71;
				_t26 =  *0x504e38; // 0x50b17c
				E0047BF28( *_t26, _t63, L"Setup", _t84);
				_t29 =  *0x504e38; // 0x50b17c
				ShowWindow( *( *_t29 + 0x170), 5);
				_t33 =  *0x504e38; // 0x50b17c
				_t34 =  *_t33;
				_t73 =  *0x4d9740; // 0x4d9798
				 *((intOrPtr*)(_t34 + 0xf4)) = _t73;
				 *((intOrPtr*)(_t34 + 0xf0)) = 0x4e4fd8;
				_push(_t82);
				_push(0x501690);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				E0047C4C4(); // executed
				E004E2284(_t60, _t78, _t80, _t87);
				_t64 =  *0x504b20; // 0x50bd2c
				_t40 =  *0x504e38; // 0x50b17c
				_t74 =  *0x4d9740; // 0x4d9798, executed
				E0047C4DC( *_t40, _t60, _t64, _t74, _t78, _t80); // executed
				L004E51A8(_t84, _t87);
				_pop(_t75);
				 *[fs:eax] = _t75;
				_push(_t82);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				E0047C62C( *((intOrPtr*)( *0x504e38)), _t60, _t78, _t80);
				_pop(_t76);
				_t68 = 0x501713;
				 *[fs:eax] = _t76;
				_push(_t82);
				_push(0x50174a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				L004E4124( *0x504cb4 & 0xffffff00 |  *( *0x504cb4) == 0x00000000, _t60, _t68, _t78, _t80,  *( *0x504cb4), _t87);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_t59 = L004051B0( *( *0x504cb4));
				E00405084();
				 *_t59 =  *_t59 + _t59;
				 *((intOrPtr*)(_t59 - 0xfffdfc)) =  *((intOrPtr*)(_t59 - 0xfffdfc)) + _t77;
				asm("invalid");
				 *0x53000000 =  *0x53000000 + 1;
				 *_t82 =  *_t82 + _t59;
				_t86 =  *_t82;
				if (_t86 == 0) goto L5;
				if (_t86 != 0) goto L6;
				if (_t86 < 0) goto 0x501786;
			}

0x0050157a
0x00501581
0x00501588
0x005015a2
0x005015a9
0x005015af
0x005015b2
0x005015b7
0x005015bc
0x005015c1
0x005015cc
0x005015d3
0x005015d8
0x005015df
0x005015e1
0x005015e2
0x00501600
0x0050160c
0x00501613
0x00501621
0x00501626
0x0050162b
0x0050162d
0x00501633
0x00501639
0x00501645
0x00501646
0x0050164b
0x0050164e
0x00501658
0x0050165d
0x00501662
0x00501668
0x0050166f
0x00501675
0x00501681
0x00501688
0x0050168b
0x005016f1
0x005016f7
0x005016fa
0x00501704
0x0050170b
0x0050170d
0x0050170e
0x00501724
0x00501725
0x0050172a
0x0050172d
0x0050173b
0x00501742
0x00501745
0x00501760
0x00501768
0x0050176d
0x0050176f
0x00501775
0x00501777
0x0050177d
0x0050177d
0x00501780
0x00501782
0x00501784

APIs

Part of subcall function 00408F4C: GetModuleHandleW.KERNEL32(00000000,?,0050157F), ref: 00408F58

GetWindowLongW.USER32(?,000000EC), ref: 0050158F
SetWindowLongW.USER32 ref: 005015A2
SetErrorMode.KERNEL32(00000001,00000000,005015E7,?,?,000000EC,00000000), ref: 005015B7

Part of subcall function 004FE938: GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,005015C1,00000001,00000000,005015E7,?,?,000000EC,00000000), ref: 004FE942

Part of subcall function 0047C3E4: SendMessageW.USER32(?,0000B020,00000000,?), ref: 0047C409

Part of subcall function 0047BF28: SetWindowTextW.USER32(?,00000000), ref: 0047BF58

ShowWindow.USER32(?,00000005,00000000,005015E7,?,?,000000EC,00000000), ref: 00501621

Part of subcall function 0047C4DC: GetWindowLongW.USER32(?,000000EC), ref: 0047C5B8
Part of subcall function 0047C4DC: SetWindowLongW.USER32 ref: 0047C5C6

Strings

Setup, xrefs: 00501607

Memory Dump Source

Source File: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Long$HandleModule$ErrorMessageModeSendShowText
String ID: Setup
API String ID: 409482983-3839654196
Opcode ID: 5813d92d832c3a24bc5f91728c724cc08d1364cad99fd056d9369d2e3a652a44
Instruction ID: 85a335eca4af0587aa7e4792b47526a5508c6ab4af5c4621c7bb7e4a51b097de
Opcode Fuzzy Hash: 5813d92d832c3a24bc5f91728c724cc08d1364cad99fd056d9369d2e3a652a44
Instruction Fuzzy Hash: 14212A752006009FC311FF6ADC85D6A37E8FB4E715B050166F6058B7B2CA79AC04DF5A

Uniqueness

Uniqueness Score: -1.00%

Function 004788F8, Relevance: 7.6, APIs: 5, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E004788F8(void* __eax) {
				void* _t16;
				void* _t39;
				signed int _t41;

				_t16 = __eax;
				_t39 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0 &&  *0x503c98 != 0) {
					_t16 = L00463DBC(__eax);
					if(_t16 != 0) {
						_t41 = GetWindowLongW(L00463A10(_t39), 0xffffffec);
						if( *(_t39 + 0x330) != 0 ||  *(_t39 + 0x358) != 0) {
							if((_t41 & 0x00080000) == 0) {
								SetWindowLongW(L00463A10(_t39), 0xffffffec, _t41 | 0x00080000);
							}
							return  *0x503c98(L00463A10(_t39), E004306C0( *((intOrPtr*)(_t39 + 0x35c))),  *(_t39 + 0x331) & 0x000000ff,  *(0x503d28 + ( *(_t39 + 0x330) & 0x000000ff) * 4) |  *(0x503d30 + ( *(_t39 + 0x358) & 0x000000ff) * 4));
						} else {
							SetWindowLongW(L00463A10(_t39), 0xffffffec, _t41 & 0xfff7ffff); // executed
							return RedrawWindow(L00463A10(_t39), 0, 0, 0x485);
						}
					}
				}
				return _t16;
			}

0x004788f8
0x004788fa
0x00478900
0x00478915
0x0047891c
0x00478931
0x0047893a
0x0047894b
0x0047895e
0x0047895e
0x00000000
0x004789a4
0x004789b5
0x00000000
0x004789cb
0x0047893a
0x0047891c
0x004789d2

APIs

GetWindowLongW.USER32(00000000,000000EC), ref: 0047892C
SetWindowLongW.USER32 ref: 0047895E
SetLayeredWindowAttributes.USER32(00000000,00000000,?,00000000,00000000,000000EC,?,?,00475C6B), ref: 0047899C
SetWindowLongW.USER32 ref: 004789B5
RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,000000EC,00000000,00000000,000000EC,?,?,00475C6B), ref: 004789CB

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Long$AttributesLayeredRedraw
String ID:
API String ID: 1758778077-0
Opcode ID: 38f946655069d2aa1ab86c44932aa06d58e9694477719161465c0c2d9a5b5af9
Instruction ID: 5edffc186236ca9cd662aa7780263bab535e46823a61d8d4c1d37994e57ed627
Opcode Fuzzy Hash: 38f946655069d2aa1ab86c44932aa06d58e9694477719161465c0c2d9a5b5af9
Instruction Fuzzy Hash: F311C8F090439026DB51AF795C89BAB368C0B01315F18097BB989FA2D3CA3CCE54D36D

Uniqueness

Uniqueness Score: -1.00%

Function 004A4BC4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E004A4BC4(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				char _v24;
				char _v32;
				void* _t48;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				void* _t63;
				void* _t64;
				intOrPtr _t65;
				intOrPtr _t67;

				_t61 = __esi;
				_t60 = __edi;
				_t63 = _t64;
				_t65 = _t64 + 0xffffffe4;
				_push(__ebx);
				_v8 = 0;
				_v12 = __edx;
				_t48 = __eax;
				_push(_t63);
				_push(0x4a4cc5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t65;
				_t50 =  *((intOrPtr*)(__eax + 0x48));
				E00422030(0,  *((intOrPtr*)(__eax + 0x48)), 0,  &_v32, 0);
				if(_v24 > 0) {
					_t6 =  &_v24;
					 *_t6 = _v24 - 1;
					_t67 =  *_t6;
				}
				_t8 =  &_v8; // 0x4a4d63
				E0045B0C8(_t48, _t8, _t67);
				if(_v8 == 0 ||  *((char*)(_t48 + 0x26a)) != 0 &&  *_v8 == 0x26 &&  *((short*)(_v8 + 2)) == 0) {
					E00406854( &_v8, 0x4a4ce0);
				}
				_v16 = GetDC(0);
				_push(_t63);
				_push(0x4a4c95);
				_push( *[fs:eax]);
				 *[fs:eax] = _t65;
				SelectObject(_v16, E00430D88( *((intOrPtr*)(_t48 + 0x64)), _t48, _t50, _t60, _t61));
				E004A494C(_v16, _v8, E004A4B7C(_t48) | 0x00000400); // executed
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(E004A4C9C);
				return ReleaseDC(0, _v16);
			}

0x004a4bc4
0x004a4bc4
0x004a4bc5
0x004a4bc7
0x004a4bca
0x004a4bcd
0x004a4bd0
0x004a4bd3
0x004a4bd7
0x004a4bd8
0x004a4bdd
0x004a4be0
0x004a4be9
0x004a4bf0
0x004a4bf9
0x004a4bfb
0x004a4bfb
0x004a4bfb
0x004a4bfb
0x004a4bfe
0x004a4c03
0x004a4c0c
0x004a4c32
0x004a4c32
0x004a4c3e
0x004a4c43
0x004a4c44
0x004a4c49
0x004a4c4c
0x004a4c5c
0x004a4c77
0x004a4c7e
0x004a4c81
0x004a4c84
0x004a4c94

APIs

GetDC.USER32(00000000), ref: 004A4C39
SelectObject.GDI32(?,00000000), ref: 004A4C5C
ReleaseDC.USER32 ref: 004A4C8F

Strings

cMJ, xrefs: 004A4BFE

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ObjectReleaseSelect
String ID: cMJ
API String ID: 1831053106-1712207277
Opcode ID: 6b71cf63299bba1c9cfc14544bc38dc231065f563dac187f4686542547228b00
Instruction ID: 8ca3febb1ab0f4ca3628e4dbf8ad6a543fdc1f83c590c8228c2ae4e78597abcd
Opcode Fuzzy Hash: 6b71cf63299bba1c9cfc14544bc38dc231065f563dac187f4686542547228b00
Instruction Fuzzy Hash: BC21A470E01248EFDB10DFA5C841B9EB3F9EB99314F52846AE404A7282D7B89E00CA59

Uniqueness

Uniqueness Score: -1.00%

Function 004373B0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E004373B0(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				int _t12;
				intOrPtr* _t15;
				void* _t22;
				void* _t30;
				void* _t33;
				intOrPtr _t41;
				void* _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t49;

				_t45 = __esi;
				_t44 = __edi;
				_t33 = __ebx;
				_t47 = _t48;
				_t49 = _t48 + 0xfffffef8;
				_v8 = 0;
				_push(_t47);
				_push(0x4374ae);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				_t12 =  *0x50aef4; // 0x60
				 *0x502f0c =  ~(MulDiv(8, _t12, 0x48));
				_t15 =  *0x505038; // 0x502914
				if( *_t15 == 1) {
					_t30 = L0043736C(_t15);
					_t51 = _t30 - 0x80;
					if(_t30 == 0x80) {
						E0040649C( &_v8, L"Tahoma");
					}
				}
				_v12 = E0042E7BC(1);
				_push(_t47);
				_push(0x43746b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t49;
				E0042E85C(_v12, 0x80000002);
				_t22 = E0042E8C0(_v12, _t33, L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes", _t44, _t45, _t51); // executed
				_t52 = _t22;
				if(_t22 != 0) {
					E0042EB0C(_v12,  &_v8, L"MS Shell Dlg 2", _t52);
					E0042E82C(_v12);
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(0x437472);
				return E00404098(_v12);
			}

0x004373b0
0x004373b0
0x004373b0
0x004373b1
0x004373b3
0x004373bb
0x004373c0
0x004373c1
0x004373c6
0x004373c9
0x004373ce
0x004373dd
0x004373e2
0x004373ea
0x004373ec
0x004373f1
0x004373f3
0x004373fd
0x004373fd
0x004373f3
0x0043740e
0x00437413
0x00437414
0x00437419
0x0043741c
0x00437427
0x00437434
0x00437439
0x0043743b
0x00437448
0x00437450
0x00437450
0x00437457
0x0043745a
0x0043745d
0x0043746a

APIs

MulDiv.KERNEL32(00000008,00000060,00000048), ref: 004373D6

Part of subcall function 0043736C: GetDC.USER32(00000000), ref: 00437375
Part of subcall function 0043736C: SelectObject.GDI32(00000000,058A00B4), ref: 00437387
Part of subcall function 0043736C: GetTextMetricsW.GDI32(00000000,?,00000000), ref: 00437392
Part of subcall function 0043736C: ReleaseDC.USER32 ref: 004373A3

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes, xrefs: 0043742C
MS Shell Dlg 2, xrefs: 00437440
Tahoma, xrefs: 004373F8

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MetricsObjectReleaseSelectText
String ID: MS Shell Dlg 2$SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes$Tahoma
API String ID: 2013942131-1011973972
Opcode ID: f5915ef49f0666334897a883be5335ad055b9bc3b399126011555a0ca1a3dff7
Instruction ID: e0ae67a72fd2220e59121ca18970ec0978b29c3944d44ea30f011eceb9cb27e6
Opcode Fuzzy Hash: f5915ef49f0666334897a883be5335ad055b9bc3b399126011555a0ca1a3dff7
Instruction Fuzzy Hash: CC11DDB0604208AFD720EF6ADC4295DBBA9EB59300F91946AF88093B91D738AD05CB1C

Uniqueness

Uniqueness Score: -1.00%

Function 004A9DE8, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55
libraryCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E004A9DE8(void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				struct HINSTANCE__* _t24;
				intOrPtr _t38;
				intOrPtr _t46;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t46);
				_push(0x4a9eb0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				if( *0x504240 == 0) {
					 *0x50b410 = 4;
					L004A9DB8( &_v12);
					E0047E290(_v12,  &_v8);
					E00406854( &_v8, L"MSFTEDIT.DLL");
					_t24 = LoadLibraryW(E004064D4(_v8)); // executed
					 *0x50b40c = _t24;
					if( *0x50b40c == 0) {
						 *0x50b410 = 2;
						L004A9DB8( &_v20);
						E0047E290(_v20,  &_v16);
						E00406854( &_v16, L"RICHED20.DLL");
						 *0x50b40c = LoadLibraryW(E004064D4(_v16));
					}
				}
				 *0x504240 =  *0x504240 + 1;
				_pop(_t38);
				 *[fs:eax] = _t38;
				_push(0x4a9eb7);
				return L00406440( &_v20, 4);
			}

0x004a9ded
0x004a9dee
0x004a9def
0x004a9df0
0x004a9df3
0x004a9df4
0x004a9df9
0x004a9dfc
0x004a9e06
0x004a9e0c
0x004a9e19
0x004a9e24
0x004a9e31
0x004a9e3f
0x004a9e44
0x004a9e50
0x004a9e52
0x004a9e5f
0x004a9e6a
0x004a9e77
0x004a9e8a
0x004a9e8a
0x004a9e50
0x004a9e8f
0x004a9e97
0x004a9e9a
0x004a9e9d
0x004a9eaf

APIs

Part of subcall function 004A9DB8: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004A9DD0

LoadLibraryW.KERNEL32(00000000,00000000,004A9EB0,?,00000000,00000000,00000000,00000000), ref: 004A9E3F
LoadLibraryW.KERNEL32(00000000,00000000,00000000,004A9EB0,?,00000000,00000000,00000000,00000000), ref: 004A9E85

Strings

RICHED20.DLL, xrefs: 004A9E72
MSFTEDIT.DLL, xrefs: 004A9E2C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LibraryLoad$DirectorySystem
String ID: MSFTEDIT.DLL$RICHED20.DLL
API String ID: 2630572097-3133735514
Opcode ID: 44ea779b64916a4735bb4f74ab0ca1462b10a09fb95fece1cc478d8d0abecea3
Instruction ID: a9f132dd17a2b82c4d76cca9c0a579eb9b5eaf10c42bece485a4e9ac59b76b11
Opcode Fuzzy Hash: 44ea779b64916a4735bb4f74ab0ca1462b10a09fb95fece1cc478d8d0abecea3
Instruction Fuzzy Hash: E6119070910108DFDB00FFA1D882AAE73B9EB65308F41C97BE500A7693D7786E49CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004B0580, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41
registryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E004B0580(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _v8;
				void* __ecx;
				void* __ebp;
				void* _t7;
				long _t15;
				intOrPtr _t27;
				intOrPtr _t31;
				intOrPtr _t33;

				_t31 = _t33;
				_t7 = E0047FD20(0, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 0x80000002,  &_v8, 1, 0); // executed
				if(_t7 != 0) {
					return _t7;
				} else {
					_push(_t31);
					_push(0x4b05e4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t33;
					E004B04A4(_v8, __ebx, L"PendingFileRenameOperations", __edi, __esi, _t31); // executed
					E004B04A4(_v8, __ebx, L"PendingFileRenameOperations2", __edi, __esi, _t31); // executed
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x4b05eb);
					_t15 = RegCloseKey(_v8); // executed
					return _t15;
				}
			}

0x004b0581
0x004b0598
0x004b059f
0x004b05ed
0x004b05a1
0x004b05a3
0x004b05a4
0x004b05a9
0x004b05ac
0x004b05b8
0x004b05c7
0x004b05cf
0x004b05d2
0x004b05d5
0x004b05de
0x004b05e3
0x004b05e3

APIs

Part of subcall function 0047FD20: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

RegCloseKey.ADVAPI32(?,004B05EB,?,00000001,00000000), ref: 004B05DE

Strings

PendingFileRenameOperations2, xrefs: 004B05BF
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 004B058C
PendingFileRenameOperations, xrefs: 004B05B0

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseOpen
String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
API String ID: 47109696-2115312317
Opcode ID: 633ada50cbb5e8d618329f40e08504c767cab241233615bf87bb99e2a3fffe4a
Instruction ID: 804ad6ca0943b894b96feb314c15f8beab6de6e5b0984f264e825367721b0471
Opcode Fuzzy Hash: 633ada50cbb5e8d618329f40e08504c767cab241233615bf87bb99e2a3fffe4a
Instruction Fuzzy Hash: D7F06D712042087BEB14D6A69D12A9BB39CD784725F60886BF54486A81EA79ED019A3C

Uniqueness

Uniqueness Score: -1.00%

Function 00460848, Relevance: 6.4, APIs: 4, Instructions: 359
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00460848(signed int __eax, signed int __edx) {
				signed int _v8;
				signed int _v12;
				char _v20;
				short _v22;
				long _v24;
				short _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				char _v56;
				void* __ebp;
				void* _t135;
				signed int _t136;
				signed int _t139;
				void* _t141;
				intOrPtr* _t144;
				signed int _t152;
				int _t159;
				signed int _t165;
				signed int _t181;
				signed int _t182;
				signed int _t187;
				signed int _t188;
				signed int _t190;
				signed int _t191;
				signed int _t199;
				signed int _t209;
				signed int _t232;
				void* _t239;
				struct HWND__* _t240;
				signed int _t241;
				signed int _t243;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				void* _t251;
				void* _t253;
				void* _t268;
				signed int _t269;
				intOrPtr _t275;
				signed int _t279;
				signed int _t289;
				signed int _t292;
				signed int _t299;
				void* _t307;
				void* _t310;
				void* _t314;
				void* _t316;
				intOrPtr _t317;
				void* _t320;

				_t314 = _t316;
				_t317 = _t316 + 0xffffffcc;
				_v12 = __edx;
				_v8 = __eax;
				_t135 =  *_v12;
				_t268 = _t135;
				if(_t268 >= 0x200) {
					__eflags = _t268 - 0xb04a;
					if(__eflags > 0) {
						_t269 = _t268 - 0xb04e;
						__eflags = _t269;
						if(_t269 == 0) {
							_t136 = _v8;
							__eflags =  *(_t136 + 0x1c) & 0x00000010;
							if(( *(_t136 + 0x1c) & 0x00000010) != 0) {
								_t141 = E0046AED4();
								__eflags =  *((char*)(_t141 + 5));
								if( *((char*)(_t141 + 5)) != 0) {
									_t144 =  *0x505050; // 0x50afd0
									 *((intOrPtr*)( *_t144))(L00463A10(_v8), 0x460d7c, 0x460d7c);
									SetWindowPos(L00463A10(_v8), 0, 0, 0, 0, 0, 0x77);
								}
							}
						} else {
							__eflags = _t269 - 3;
							if(__eflags == 0) {
								L0045F6FC(_v8, _t251, _v12, __eflags);
							}
						}
						goto L82;
					} else {
						if(__eflags == 0) {
							_t152 = _v12;
							__eflags =  *(_t152 + 4);
							if( *(_t152 + 4) != 0) {
								E00464FD8(_v8, _t251, 1);
							}
							 *[fs:eax] = _t317;
							 *((intOrPtr*)( *_v8 + 0xb0))( *[fs:eax], _t314);
							_pop(_t275);
							_t253 = 0x460d43;
							 *[fs:eax] = _t275;
							_push(0x460d76);
							_t159 =  *(_v12 + 4);
							__eflags = _t159;
							if(_t159 != 0) {
								__eflags = 0;
								return E00464FD8(_v8, _t253, 0);
							}
							return _t159;
						} else {
							_t279 = _t268 + 0xfffffe00 - 0xb;
							__eflags = _t279;
							if(_t279 < 0) {
								__eflags = _t135 - 0x200;
								if(_t135 == 0x200) {
									L00409188( *(_v12 + 8),  &_v56,  *((short*)(_v12 + 0xa)));
									E0045AAEC(_v8,  &_v20,  &_v56);
									 *0x503b78 = L00457D94();
									__eflags =  *0x503b78;
									if( *0x503b78 != 0) {
										_t247 =  *0x503b78; // 0x0
									} else {
										_t247 = L0045955C( &_v20, 1);
									}
									_t181 = _v8;
									__eflags = _t247 -  *((intOrPtr*)(_t181 + 0x244));
									if(_t247 !=  *((intOrPtr*)(_t181 + 0x244))) {
										_t187 = _v8;
										__eflags =  *(_t187 + 0x244);
										if( *(_t187 + 0x244) == 0) {
											L46:
											__eflags =  *0x503b78;
											if( *0x503b78 == 0) {
												L48:
												__eflags =  *0x503b78;
												if( *0x503b78 != 0) {
													_t199 =  *0x503b78; // 0x0
													_t289 = _v8;
													__eflags =  *((intOrPtr*)(_t199 + 0x30)) -  *((intOrPtr*)(_t289 + 0x244));
													if( *((intOrPtr*)(_t199 + 0x30)) ==  *((intOrPtr*)(_t289 + 0x244))) {
														goto L50;
													}
												}
											} else {
												__eflags =  *(_v8 + 0x244) -  *0x503b78; // 0x0
												if(__eflags == 0) {
													goto L50;
												} else {
													goto L48;
												}
											}
										} else {
											__eflags =  *0x503b78;
											if( *0x503b78 == 0) {
												L50:
												__eflags = 0;
												E0045C458( *(_v8 + 0x244), 0, 0xb014, 0);
											} else {
												goto L46;
											}
										}
										_t188 = _v8;
										_t189 =  *(_t188 + 0x244);
										__eflags =  *(_t188 + 0x244);
										if( *(_t188 + 0x244) != 0) {
											E0042AF48(_t189, _v8);
										}
										_t190 = _t247;
										 *(_v8 + 0x244) = _t190;
										__eflags = _t190;
										if(_t190 != 0) {
											E0042AD08(_t190, _v8);
										}
										_t191 = _v8;
										__eflags =  *(_t191 + 0x244);
										if( *(_t191 + 0x244) == 0) {
											L57:
											__eflags =  *0x503b78;
											if( *0x503b78 != 0) {
												__eflags =  *(_v8 + 0x244) -  *0x503b78; // 0x0
												if(__eflags == 0) {
													goto L59;
												}
											}
										} else {
											__eflags =  *0x503b78;
											if( *0x503b78 == 0) {
												L59:
												__eflags = 0;
												E0045C458( *(_v8 + 0x244), 0, 0xb013, 0);
											} else {
												goto L57;
											}
										}
									}
									_t182 = _v8;
									__eflags =  *((char*)(_t182 + 0x240));
									if( *((char*)(_t182 + 0x240)) == 0) {
										 *((char*)(_v8 + 0x240)) = 1;
										_v44 = 2;
										_v40 = L00463A10(_v8);
										_v36 = 0xffffffff;
										_v48 = 0x10;
										_push( &_v48);
										L0042E31C();
									}
								}
								_t165 = E00460654(_v8, _v12);
								__eflags = _t165;
								if(_t165 == 0) {
									goto L82;
								} else {
									_t139 = _v12;
									__eflags =  *(_t139 + 0xc);
									if( *(_t139 + 0xc) == 0) {
										_t139 = L00463DBC(_v8);
										__eflags = _t139;
										if(_t139 != 0) {
											_t139 = DefWindowProcW(L00463A10(_v8),  *_v12,  *(_v12 + 4),  *(_v12 + 8));
										}
									}
								}
							} else {
								_t292 = _t279 - 0x98;
								__eflags = _t292;
								if(_t292 == 0) {
									 *((char*)(_v8 + 0x240)) = 0;
									_t209 = _v8;
									_t210 =  *(_t209 + 0x244);
									__eflags =  *(_t209 + 0x244);
									if( *(_t209 + 0x244) == 0) {
										__eflags = 0;
										E0045C458(_v8, 0, 0xb014, 0);
									} else {
										E0045C458(_t210, 0, 0xb014, 0);
									}
									 *(_v8 + 0x244) = 0;
								} else {
									__eflags = _t292 == 0xada4;
									if(_t292 == 0xada4) {
										_t248 = E004710A8(_v8);
										__eflags = _t248;
										if(_t248 != 0) {
											__eflags = _t248 - _v8;
											if(_t248 != _v8) {
												E0045C458(_t248,  *(_v12 + 4), 0xb047,  *(_v12 + 8));
											}
										}
									}
								}
								goto L82;
							}
							goto L84;
						}
					}
				} else {
					_t320 = _t268 - 0x21;
					if(_t320 > 0) {
						_t299 = _t268 - 0x84;
						__eflags = _t299;
						if(_t299 == 0) {
							E0045C584(_v8, _v12);
							_t139 = _v12;
							__eflags =  *(_t139 + 0xc) - 0xffffffff;
							if( *(_t139 + 0xc) == 0xffffffff) {
								_v24 =  *(_v12 + 8);
								_v32 = _v24;
								_v28 = _v22;
								E0045AC20(_v8,  &_v56,  &_v32);
								_t139 = E00460590(_v8, 0,  &_v56, 0, 0);
								__eflags = _t139;
								if(_t139 != 0) {
									_t139 = _v12;
									 *(_t139 + 0xc) = 1;
								}
							}
						} else {
							__eflags = _t299 + 0xffffff84 - 0xa;
							if(_t299 + 0xffffff84 - 0xa < 0) {
								_t139 = L0045B9A8(_v8);
								__eflags = _t139;
								if(_t139 == 0) {
									goto L82;
								}
							} else {
								goto L82;
							}
						}
					} else {
						if(_t320 == 0) {
							_t232 = E004606FC(_v8, 0, _v12, __eflags);
							__eflags = _t232;
							if(_t232 == 0) {
								goto L82;
							} else {
								_t139 = _v12;
								__eflags =  *(_t139 + 0xc);
								if( *(_t139 + 0xc) == 0) {
									_t139 = L00463DBC(_v8);
									__eflags = _t139;
									if(_t139 != 0) {
										_t139 = E0045C584(_v8, _v12);
									}
								}
							}
						} else {
							_t307 = _t268 - 7;
							if(_t307 == 0) {
								_t249 = E004710A8(_v8);
								__eflags = _t249;
								if(_t249 == 0) {
									goto L82;
								} else {
									__eflags =  *(_t249 + 0x1c) & 0x00000010;
									if(( *(_t249 + 0x1c) & 0x00000010) == 0) {
										L28:
										_t139 =  *((intOrPtr*)( *_t249 + 0xfc))();
										__eflags = _t139;
										if(_t139 != 0) {
											goto L82;
										}
									} else {
										__eflags =  *(_t249 + 0x30);
										if( *(_t249 + 0x30) != 0) {
											goto L82;
										} else {
											goto L28;
										}
									}
								}
							} else {
								_t310 = _t307 - 1;
								if(_t310 == 0) {
									_t139 = _v8;
									__eflags =  *(_t139 + 0x54) & 0x00000020;
									if(( *(_t139 + 0x54) & 0x00000020) == 0) {
										goto L82;
									}
								} else {
									if(_t310 == 0x17) {
										_t239 = L00463A10(_v8);
										_t240 = GetCapture();
										__eflags = _t239 - _t240;
										if(_t239 == _t240) {
											__eflags =  *0x503b78;
											if( *0x503b78 != 0) {
												_t241 =  *0x503b78; // 0x0
												__eflags =  *((intOrPtr*)(_t241 + 0x30)) - _v8;
												if( *((intOrPtr*)(_t241 + 0x30)) == _v8) {
													_t243 =  *0x503b78; // 0x0
													E0045C458(_t243, 0, 0x1f, 0);
												}
											}
										}
									}
									L82:
									E0045C584(_v8, _v12); // executed
									_t139 = _v12;
									if( *_t139 == 0x128) {
										_t139 =  *((intOrPtr*)( *_v8 + 0x80))();
									}
								}
							}
						}
					}
					L84:
					return _t139;
				}
			}

0x00460849
0x0046084b
0x0046084f
0x00460852
0x00460858
0x0046085a
0x00460862
0x004608aa
0x004608b0
0x004608e0
0x004608e0
0x004608e6
0x004608f6
0x004608f9
0x004608fd
0x00460903
0x00460908
0x0046090c
0x00460925
0x0046092c
0x00460943
0x00460943
0x0046090c
0x004608e8
0x004608e8
0x004608eb
0x00460d50
0x00460d50
0x004608eb
0x00000000
0x004608b2
0x004608b2
0x00460cf4
0x00460cfa
0x00460cfc
0x00460d03
0x00460d03
0x00460d13
0x00460d1b
0x00460d23
0x00460d25
0x00460d26
0x00460d29
0x00460d31
0x00460d34
0x00460d36
0x00460d38
0x00000000
0x00460d3d
0x00460d42
0x004608b8
0x004608be
0x004608be
0x004608c1
0x00460a88
0x00460a8d
0x00460aa4
0x00460ab2
0x00460abc
0x00460ac1
0x00460ac8
0x00460ad8
0x00460aca
0x00460ad4
0x00460ad4
0x00460ade
0x00460ae1
0x00460ae7
0x00460aed
0x00460af0
0x00460af7
0x00460b02
0x00460b02
0x00460b09
0x00460b1c
0x00460b1c
0x00460b23
0x00460b25
0x00460b2d
0x00460b30
0x00460b36
0x00000000
0x00000000
0x00460b36
0x00460b0b
0x00460b14
0x00460b1a
0x00000000
0x00000000
0x00000000
0x00000000
0x00460b1a
0x00460af9
0x00460af9
0x00460b00
0x00460b38
0x00460b43
0x00460b4a
0x00000000
0x00000000
0x00000000
0x00460b00
0x00460b4f
0x00460b52
0x00460b58
0x00460b5a
0x00460b5f
0x00460b5f
0x00460b67
0x00460b69
0x00460b6f
0x00460b71
0x00460b76
0x00460b76
0x00460b7b
0x00460b7e
0x00460b85
0x00460b90
0x00460b90
0x00460b97
0x00460ba2
0x00460ba8
0x00000000
0x00000000
0x00460ba8
0x00460b87
0x00460b87
0x00460b8e
0x00460baa
0x00460bb5
0x00460bbc
0x00000000
0x00000000
0x00000000
0x00460b8e
0x00460b85
0x00460bc1
0x00460bc4
0x00460bcb
0x00460bd0
0x00460bd7
0x00460be6
0x00460be9
0x00460bf0
0x00460bfa
0x00460bfb
0x00460bfb
0x00460bcb
0x00460c06
0x00460c0b
0x00460c0d
0x00000000
0x00460c13
0x00460c13
0x00460c16
0x00460c1a
0x00460c23
0x00460c28
0x00460c2a
0x00460c4d
0x00460c4d
0x00460c2a
0x00460c1a
0x004608c7
0x004608c7
0x004608c7
0x004608cd
0x00460a40
0x00460a47
0x00460a4a
0x00460a50
0x00460a52
0x00460a66
0x00460a70
0x00460a54
0x00460a5d
0x00460a5d
0x00460a7a
0x004608d3
0x004608d3
0x004608d9
0x00460957
0x00460959
0x0046095b
0x00460961
0x00460964
0x0046097e
0x0046097e
0x00460964
0x0046095b
0x004608d9
0x00000000
0x004608cd
0x00000000
0x004608c1
0x004608b2
0x00460864
0x00460864
0x00460867
0x0046088d
0x0046088d
0x00460893
0x004609de
0x004609e3
0x004609e6
0x004609ea
0x004609f6
0x004609fd
0x00460a04
0x00460a14
0x00460a21
0x00460a26
0x00460a28
0x00460a2e
0x00460a31
0x00460a31
0x00460a28
0x00460899
0x0046089c
0x0046089f
0x00460c9c
0x00460ca1
0x00460ca3
0x00000000
0x00460ca9
0x004608a5
0x00000000
0x004608a5
0x0046089f
0x00460869
0x00460869
0x00460c5f
0x00460c64
0x00460c66
0x00000000
0x00460c6c
0x00460c6c
0x00460c6f
0x00460c73
0x00460c7c
0x00460c81
0x00460c83
0x00460c8f
0x00460c8f
0x00460c83
0x00460c73
0x0046086f
0x0046086f
0x00460872
0x00460992
0x00460994
0x00460996
0x00000000
0x0046099c
0x0046099c
0x004609a0
0x004609ac
0x004609b3
0x004609b9
0x004609bb
0x00000000
0x004609c1
0x004609a2
0x004609a2
0x004609a6
0x00000000
0x00000000
0x00000000
0x00000000
0x004609a6
0x004609a0
0x00460878
0x00460878
0x00460879
0x004609c6
0x004609c9
0x004609cd
0x00000000
0x004609d3
0x0046087f
0x00460882
0x00460cb1
0x00460cb8
0x00460cbd
0x00460cbf
0x00460cc5
0x00460ccc
0x00460cd2
0x00460cda
0x00460cdd
0x00460ce8
0x00460ced
0x00460ced
0x00460cdd
0x00460ccc
0x00460cbf
0x00460d55
0x00460d5b
0x00460d60
0x00460d69
0x00460d70
0x00460d70
0x00460d69
0x00460879
0x00460872
0x00460869
0x00460d76
0x00460d7a
0x00460d7a

APIs

GetCapture.USER32 ref: 00460CB8

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Capture
String ID:
API String ID: 1145282425-0
Opcode ID: 9ec700b3cb7743530922297284542ed004c7e30c035a30f926527527995ac77b
Instruction ID: 7b86f330580d24c5676f6a5729b9b713e574994b2e37c410721b7974a9053e91
Opcode Fuzzy Hash: 9ec700b3cb7743530922297284542ed004c7e30c035a30f926527527995ac77b
Instruction Fuzzy Hash: B2E12230600204DFDB15DFA8C589BAFB7F5EF05314F2441A6E804AB366E778AE45DB4A

Uniqueness

Uniqueness Score: -1.00%

Function 0045E480, Relevance: 6.3, APIs: 4, Instructions: 308
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0045E480(signed int __eax, int* __ecx, void* __edx, char _a4, intOrPtr* _a8, void* _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v40;
				signed int _t170;
				signed int _t181;
				void* _t194;
				void* _t198;
				int _t218;
				int _t223;
				int _t228;
				signed int _t229;
				void* _t237;
				signed int _t238;
				int* _t244;
				signed int _t274;
				signed int _t276;
				signed int _t278;
				void* _t284;
				intOrPtr* _t290;
				void* _t292;
				void* _t302;
				void* _t304;

				_t170 = __eax;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t244 = __ecx;
				_t292 = __edx;
				_v8 = __eax;
				_t290 = _a8;
				if(_a16 == 0) {
					L2:
					if( *(_t292 + 0x184) == 0 ||  *(_t292 + 0x188) == 0) {
						L30:
						if(_a16 == 0) {
							L55:
							return _t170;
						}
						L31:
						_v20 =  *((intOrPtr*)(_t290 + 8)) -  *_t290;
						if(_v20 < 0) {
							L34:
							_v20 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
							L35:
							_v24 =  *((intOrPtr*)(_t290 + 0xc)) -  *((intOrPtr*)(_t290 + 4));
							if(_v24 < 0) {
								L38:
								_v24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
								L39:
								_v12 =  *_t290;
								_v16 =  *((intOrPtr*)(_t290 + 4));
								_t181 = _a16 & 0x000000ff;
								if(_t181 > 6) {
									L46:
									E00469970( *((intOrPtr*)(_t292 + 0x74)), _v12, 1, _v24, _v20); // executed
									if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))() != _v20) {
										L48:
										_t170 = _a16 & 0x000000ff;
										if(_t170 > 5) {
											goto L55;
										}
										switch( *((intOrPtr*)(_t170 * 4 +  &M0045E7AB))) {
											case 0:
												goto L55;
											case 1:
												_t189 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
												 *((intOrPtr*)(_t290 + 4)) =  *((intOrPtr*)(_t290 + 4)) - _v24 - _t189;
												return _t189;
											case 2:
												__edx = 3;
												__eax =  *(__esi + 0x74);
												__ecx =  *( *(__esi + 0x74));
												__eax =  *((intOrPtr*)( *( *(__esi + 0x74)) + 0x10))();
												_v24 = _v24 - __eax;
												 *(__edi + 0xc) =  *(__edi + 0xc) + _v24 - __eax;
												return __eax;
											case 3:
												__edx = 2;
												__eax =  *(__esi + 0x74);
												__ecx =  *( *(__esi + 0x74));
												__eax =  *((intOrPtr*)( *( *(__esi + 0x74)) + 0x10))();
												_v20 = _v20 - __eax;
												 *__edi =  *__edi - _v20 - __eax;
												return __eax;
											case 4:
												__edx = 2;
												__eax =  *(__esi + 0x74);
												__ecx =  *( *(__esi + 0x74));
												__eax =  *((intOrPtr*)( *( *(__esi + 0x74)) + 0x10))();
												_v20 = _v20 - __eax;
												 *(__edi + 8) =  *(__edi + 8) + _v20 - __eax;
												return __eax;
											case 5:
												__edx = 2;
												__eax =  *(__esi + 0x74);
												__ecx =  *( *(__esi + 0x74));
												__eax =  *((intOrPtr*)( *( *(__esi + 0x74)) + 0x10))();
												_v20 = _v20 - __eax;
												 *(__edi + 8) =  *(__edi + 8) + _v20 - __eax;
												__edx = 3;
												__eax =  *(__esi + 0x74);
												__ecx =  *( *(__esi + 0x74));
												__eax =  *((intOrPtr*)( *( *(__esi + 0x74)) + 0x10))();
												_v24 = _v24 - __eax;
												_t168 = __edi + 0xc;
												 *_t168 =  *(__edi + 0xc) + _v24 - __eax;
												__eflags =  *_t168;
												return __eax;
										}
									}
									_t170 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
									if(_t170 == _v24) {
										goto L55;
									}
									goto L48;
								}
								switch( *((intOrPtr*)(_t181 * 4 +  &M0045E6E3))) {
									case 0:
										goto L46;
									case 1:
										 *((intOrPtr*)(_t290 + 4)) =  *((intOrPtr*)(_t290 + 4)) + _v24;
										goto L46;
									case 2:
										__eax = _v24;
										 *(__edi + 0xc) =  *(__edi + 0xc) - _v24;
										__eax =  *(__edi + 0xc);
										_v16 = __eax;
										goto L46;
									case 3:
										__eax = _v20;
										 *__edi =  *__edi + __eax;
										goto L46;
									case 4:
										__eax = _v20;
										 *(__edi + 8) =  *(__edi + 8) - _v20;
										__eax =  *(__edi + 8);
										_v12 = __eax;
										goto L46;
									case 5:
										__eax =  *(__esi + 0x40);
										_v12 =  *(__esi + 0x40);
										__eax =  *(__esi + 0x44);
										_v16 =  *(__esi + 0x44);
										__eax =  &_v16;
										_push( &_v16);
										__eax =  &_v20;
										_push( &_v20);
										__eax =  &_v24;
										_push( &_v24);
										_push(__edi);
										__eax =  &_v40;
										_push( &_v40);
										__ecx =  &_v12;
										__edx = __esi;
										__eax = _v8;
										__eax =  *((intOrPtr*)( *_v8 + 0xac))();
										goto L46;
								}
							}
							_t194 = (_a16 & 0x000000ff) - 0xffffffffffffffff;
							if(_t194 < 0 || _t194 == 3) {
								goto L38;
							} else {
								goto L39;
							}
						}
						_t198 = (_a16 & 0x000000ff) + 0xfd - 2;
						if(_t198 < 0 || _t198 == 1) {
							goto L34;
						} else {
							goto L35;
						}
					} else {
						_v12 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
						_v16 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
						_v20 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
						_v24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t292 + 0x74)))) + 0x10))();
						if(( *(_t292 + 0x61) & 0x00000004) == 0) {
							__eflags =  *(_t292 + 0x61) & 0x00000001;
							if(__eflags == 0) {
								_t238 = _t237 - _t284;
								__eflags = _t238;
								_v12 = _t238;
							}
						} else {
							if(( *(_t292 + 0x61) & 0x00000001) == 0) {
								_v12 =  *_t244 -  *(_t292 + 0x184) -  *((intOrPtr*)(_t292 + 0x174));
							} else {
								_v20 =  *_t244 -  *(_t292 + 0x184) -  *((intOrPtr*)(_t292 + 0x174));
							}
						}
						if(( *(_t292 + 0x61) & 0x00000008) == 0) {
							__eflags =  *(_t292 + 0x61) & 0x00000002;
							if(__eflags == 0) {
								_t228 = MulDiv( *(_t292 + 0x178), _t244[1],  *(_t292 + 0x188));
								_t278 = _v24 >> 1;
								if(__eflags < 0) {
									asm("adc edx, 0x0");
								}
								_t229 = _t228 - _t278;
								__eflags = _t229;
								_v16 = _t229;
							}
						} else {
							if(( *(_t292 + 0x61) & 0x00000002) == 0) {
								_v16 = _t244[1] -  *(_t292 + 0x188) -  *(_t292 + 0x178);
							} else {
								_v24 = _t244[1] -  *(_t292 + 0x188) -  *(_t292 + 0x178);
							}
						}
						if(_a4 != 0) {
							_t302 = ( *0x45e858 & 0x000000ff) - ( *0x45e854 & 0x000000ff &  *(_t292 + 0x61));
							if(_t302 != 0) {
								_t223 = MulDiv( *(_t292 + 0x17c),  *_t244,  *(_t292 + 0x184));
								_t276 = _v20 >> 1;
								if(_t302 < 0) {
									asm("adc edx, 0x0");
								}
								_v12 = _t223 - _t276;
							}
							_t304 = ( *0x45e858 & 0x000000ff) - ( *0x45e85c & 0x000000ff &  *(_t292 + 0x61));
							if(_t304 != 0) {
								_t218 = MulDiv( *(_t292 + 0x180), _t244[1],  *(_t292 + 0x188));
								_t274 = _v24 >> 1;
								if(_t304 < 0) {
									asm("adc edx, 0x0");
								}
								_v16 = _t218 - _t274;
							}
						}
						_t170 = E00469970( *((intOrPtr*)(_t292 + 0x74)), _v12, 1, _v24, _v20);
						goto L30;
					}
				}
				_t7 = (_a16 & 0x000000ff) + 0x503ac0; // 0xb0d0703
				_t170 =  *_t7 & 0x000000ff;
				if(_t170 ==  *((intOrPtr*)(__edx + 0x61))) {
					goto L31;
				}
				goto L2;
			}

0x0045e480
0x0045e48f
0x0045e490
0x0045e491
0x0045e492
0x0045e493
0x0045e495
0x0045e497
0x0045e49a
0x0045e4a1
0x0045e4b7
0x0045e4be
0x0045e666
0x0045e66a
0x0045e84e
0x0045e84e
0x0045e84e
0x0045e670
0x0045e675
0x0045e67c
0x0045e68c
0x0045e699
0x0045e69c
0x0045e6a2
0x0045e6a9
0x0045e6b8
0x0045e6c5
0x0045e6c8
0x0045e6ca
0x0045e6d0
0x0045e6d3
0x0045e6da
0x0045e757
0x0045e76a
0x0045e77f
0x0045e797
0x0045e797
0x0045e79e
0x00000000
0x00000000
0x0045e7a4
0x00000000
0x00000000
0x00000000
0x0045e7cd
0x0045e7d5
0x00000000
0x00000000
0x0045e7da
0x0045e7df
0x0045e7e2
0x0045e7e4
0x0045e7ea
0x0045e7ec
0x00000000
0x00000000
0x0045e7f1
0x0045e7f6
0x0045e7f9
0x0045e7fb
0x0045e801
0x0045e803
0x00000000
0x00000000
0x0045e807
0x0045e80c
0x0045e80f
0x0045e811
0x0045e817
0x0045e819
0x00000000
0x00000000
0x0045e81e
0x0045e823
0x0045e826
0x0045e828
0x0045e82e
0x0045e830
0x0045e833
0x0045e838
0x0045e83b
0x0045e83d
0x0045e843
0x0045e845
0x0045e845
0x0045e845
0x00000000
0x00000000
0x0045e7a4
0x0045e78b
0x0045e791
0x00000000
0x00000000
0x00000000
0x0045e791
0x0045e6dc
0x00000000
0x00000000
0x00000000
0x0045e702
0x00000000
0x00000000
0x0045e707
0x0045e70a
0x0045e70d
0x0045e710
0x00000000
0x00000000
0x0045e715
0x0045e718
0x00000000
0x00000000
0x0045e71c
0x0045e71f
0x0045e722
0x0045e725
0x00000000
0x00000000
0x0045e72a
0x0045e72d
0x0045e730
0x0045e733
0x0045e736
0x0045e739
0x0045e73a
0x0045e73d
0x0045e73e
0x0045e741
0x0045e742
0x0045e743
0x0045e746
0x0045e747
0x0045e74a
0x0045e74c
0x0045e751
0x00000000
0x00000000
0x0045e6dc
0x0045e6b0
0x0045e6b2
0x00000000
0x00000000
0x00000000
0x00000000
0x0045e6b2
0x0045e684
0x0045e686
0x00000000
0x00000000
0x00000000
0x00000000
0x0045e4d1
0x0045e4db
0x0045e4eb
0x0045e4fb
0x0045e50b
0x0045e512
0x0045e544
0x0045e548
0x0045e56a
0x0045e56a
0x0045e56c
0x0045e56c
0x0045e514
0x0045e518
0x0045e53f
0x0045e51a
0x0045e52a
0x0045e52a
0x0045e518
0x0045e573
0x0045e5a7
0x0045e5ab
0x0045e5bf
0x0045e5c7
0x0045e5c9
0x0045e5cb
0x0045e5cb
0x0045e5ce
0x0045e5ce
0x0045e5d0
0x0045e5d0
0x0045e575
0x0045e579
0x0045e5a2
0x0045e57b
0x0045e58c
0x0045e58c
0x0045e579
0x0045e5d7
0x0045e5ea
0x0045e5ec
0x0045e5ff
0x0045e607
0x0045e609
0x0045e60b
0x0045e60b
0x0045e610
0x0045e610
0x0045e624
0x0045e626
0x0045e63a
0x0045e642
0x0045e644
0x0045e646
0x0045e646
0x0045e64b
0x0045e64b
0x0045e626
0x0045e661
0x00000000
0x0045e661
0x0045e4be
0x0045e4a7
0x0045e4a7
0x0045e4b1
0x00000000
0x00000000
0x00000000

APIs

MulDiv.KERNEL32(?,00000000,00000000), ref: 0045E5FF
MulDiv.KERNEL32(?,?,?), ref: 0045E63A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15b5de875d9476425ee5d1d7a97e60a8c037a1b7bca8de3296af04510af2a251
Instruction ID: 5be1a7d65d3e7bbec65ed8cc02008475eeea24c6e4d026fb2131eb66a9c07e63
Opcode Fuzzy Hash: 15b5de875d9476425ee5d1d7a97e60a8c037a1b7bca8de3296af04510af2a251
Instruction Fuzzy Hash: 12D18B70A00609DFCB15CF69C584AAABBF2FF48301F148A5AE856DB356DB34EE05CB10

Uniqueness

Uniqueness Score: -1.00%

Function 004E2074, Relevance: 6.1, APIs: 4, Instructions: 142
fileCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E004E2074(void* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4, signed char _a8, signed char _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v8;
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				struct _WIN32_FIND_DATAW _v616;
				char _v620;
				char _v624;
				char _v628;
				void* _t61;
				void* _t73;
				signed char _t93;
				int _t96;
				void* _t105;
				intOrPtr _t119;
				intOrPtr _t127;
				void* _t130;
				intOrPtr* _t132;
				void* _t134;
				void* _t135;
				intOrPtr _t136;
				void* _t137;

				_t137 = __eflags;
				_t134 = _t135;
				_t136 = _t135 + 0xfffffd90;
				_v624 = 0;
				_v628 = 0;
				_v620 = 0;
				_v8 = 0;
				_v12 = __ecx;
				_t130 = __edx;
				_t105 = __eax;
				_t132 = _a4;
				_push(_t134);
				_push(0x4e2252);
				_push( *[fs:eax]);
				 *[fs:eax] = _t136;
				_push(__edx);
				_push(_v12);
				_push(_a16);
				E004069F8( &_v8, 3, __edx);
				 *((intOrPtr*)(_t132 + 4)) = 0;
				 *_t132 = 0;
				_t61 = E004AD294(_t105,  &_v616, _v8, _t137); // executed
				_v16 = _t61;
				if(_v16 != 0xffffffff) {
					do {
						_t93 = _v616.dwFileAttributes;
						if((_t93 & 0x00000010) == 0) {
							if(_a12 == 0) {
								L4:
								_v20 = _v616.nFileSizeHigh;
								_v24 = _v616.nFileSizeLow;
								L00481940(_t132,  &_v24, _t141);
							} else {
								_t141 = _t93 & 0x00000002;
								if((_t93 & 0x00000002) == 0) {
									goto L4;
								}
							}
						}
						_t96 = FindNextFileW(_v16,  &_v616); // executed
					} while (_t96 != 0);
					FindClose(_v16); // executed
				}
				_t143 = _a8;
				if(_a8 == 0) {
					L14:
					__eflags = 0;
					_pop(_t119);
					 *[fs:eax] = _t119;
					_push(E004E2259);
					L00406440( &_v628, 3);
					return L00406438( &_v8);
				} else {
					_push(_t130);
					_push(_v12);
					_push(0x4e2270);
					E004069F8( &_v620, 3, _t130);
					_v16 = E004AD294(_t105,  &_v616, _v620, _t143);
					if(_v16 == 0xffffffff) {
						goto L14;
					} else {
						_push(_t134);
						_push(0x4e2225);
						_push( *[fs:eax]);
						 *[fs:eax] = _t136;
						do {
							_t73 = L004DF478( &_v616);
							_t146 = _t73;
							if(_t73 != 0) {
								_push(_a20);
								_push(_a16);
								_push(_a12 & 0x000000ff);
								E00406640( &_v628, 0x104,  &(_v616.cFileName));
								E004069F8( &_v624, 3, _t130);
								E004E2074(_t105, _t105, _v624, _t130, _t130, _t132, _t146, E004E2280, _v628, _v12,  &_v24, _a8 & 0x000000ff);
								L00481940(_t132,  &_v24, _t146);
							}
						} while (FindNextFileW(_v16,  &_v616) != 0);
						_pop(_t127);
						 *[fs:eax] = _t127;
						_push(E004E222C);
						return FindClose(_v16);
					}
				}
			}

0x004e2074
0x004e2075
0x004e2077
0x004e2082
0x004e2088
0x004e208e
0x004e2094
0x004e2097
0x004e209a
0x004e209c
0x004e209e
0x004e20a3
0x004e20a4
0x004e20a9
0x004e20ac
0x004e20af
0x004e20b0
0x004e20b3
0x004e20be
0x004e20c5
0x004e20ca
0x004e20d7
0x004e20dc
0x004e20e3
0x004e20e5
0x004e20e5
0x004e20ed
0x004e20f3
0x004e20f9
0x004e20ff
0x004e2108
0x004e2110
0x004e20f5
0x004e20f5
0x004e20f7
0x00000000
0x00000000
0x004e20f7
0x004e20f3
0x004e2120
0x004e2125
0x004e212d
0x004e212d
0x004e2132
0x004e2136
0x004e222c
0x004e222c
0x004e222e
0x004e2231
0x004e2234
0x004e2244
0x004e2251
0x004e213c
0x004e213c
0x004e213d
0x004e2140
0x004e2150
0x004e2168
0x004e216f
0x00000000
0x004e2175
0x004e2177
0x004e2178
0x004e217d
0x004e2180
0x004e2183
0x004e2189
0x004e218e
0x004e2190
0x004e2195
0x004e2199
0x004e219e
0x004e21bc
0x004e21d7
0x004e21e6
0x004e21f1
0x004e21f1
0x004e2206
0x004e2210
0x004e2213
0x004e2216
0x004e2224
0x004e2224
0x004e216f

APIs

FindNextFileW.KERNEL32(000000FF,?,?,00000000,?,00000000,004E2252,?,00000000,00000000,?,?,004E3575,?,?,00000000), ref: 004E2120
FindClose.KERNEL32(000000FF,000000FF,?,?,00000000,?,00000000,004E2252,?,00000000,00000000,?,?,004E3575,?,?), ref: 004E212D
FindNextFileW.KERNEL32(000000FF,?,00000000,004E2225,?,004E2270,00000000,?,?,00000000,?,00000000,004E2252,?,00000000,00000000), ref: 004E2201
FindClose.KERNEL32(000000FF,004E222C,004E2225,?,004E2270,00000000,?,?,00000000,?,00000000,004E2252,?,00000000,00000000), ref: 004E221F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Find$CloseFileNext
String ID:
API String ID: 2066263336-0
Opcode ID: 2b8314bdbceea27102b83af79ede51fa39ffa57f6316832691afec693f4d2ff1
Instruction ID: 36a0e88ed47ed5a5c9c6a220835a55ad9e2fb1171e9217a1a669a0d379b35c3b
Opcode Fuzzy Hash: 2b8314bdbceea27102b83af79ede51fa39ffa57f6316832691afec693f4d2ff1
Instruction Fuzzy Hash: 8D518071904249AFDF11EFA6CD45ADEB7BCEB08304F1045AAE908A3281D6789F45CF14

Uniqueness

Uniqueness Score: -1.00%

Function 004793CC, Relevance: 6.1, APIs: 4, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E004793CC(char __edx) {
				char _v5;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr* _t32;
				intOrPtr* _t33;
				intOrPtr* _t52;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t72;
				void* _t73;
				char _t74;
				struct HDC__* _t85;
				void* _t86;
				void* _t87;

				_t74 = __edx;
				if(__edx != 0) {
					_t87 = _t87 + 0xfffffff0;
					_t29 = E004044D0(_t29, _t86);
				}
				_v5 = _t74;
				_t72 = _t29;
				E0042AC2C(_t73, 0);
				_t32 =  *0x504b08; // 0x502e94
				 *((intOrPtr*)(_t32 + 4)) = _t72;
				 *_t32 = 0x4797e0;
				_t33 =  *0x504b14; // 0x502e9c
				 *((intOrPtr*)(_t33 + 4)) = _t72;
				 *_t33 = 0x4797ec;
				E004797F8(_t72);
				 *((intOrPtr*)(_t72 + 0x3c)) = GetKeyboardLayout(0);
				 *((intOrPtr*)(_t72 + 0x4c)) = E00404068(1);
				 *((intOrPtr*)(_t72 + 0x50)) = E00404068(1);
				 *((intOrPtr*)(_t72 + 0x54)) = E00404068(1);
				 *((intOrPtr*)(_t72 + 0x58)) = E00404068(1);
				 *((intOrPtr*)(_t72 + 0x74)) = E00404068(1);
				_t85 = GetDC(0);
				 *((intOrPtr*)(_t72 + 0x40)) = GetDeviceCaps(_t85, 0x5a);
				ReleaseDC(0, _t85);
				_t11 = _t72 + 0x58; // 0x4708646e
				_t52 =  *0x504d64; // 0x50aecc
				 *((intOrPtr*)( *_t52))(0, 0, E0047472C,  *_t11);
				 *((intOrPtr*)(_t72 + 0x7c)) = E00430B5C(1);
				 *((intOrPtr*)(_t72 + 0x80)) = E00430B5C(1);
				 *((intOrPtr*)(_t72 + 0x78)) = E00430B5C(1);
				 *((intOrPtr*)(_t72 + 0x84)) = E00430B5C(1);
				E00479D8C(_t72, _t72, _t73, _t85);
				_t16 = _t72 + 0x7c; // 0x61727241
				_t65 =  *_t16;
				 *((intOrPtr*)(_t65 + 0xc)) = _t72;
				 *((intOrPtr*)(_t65 + 8)) = 0x479c14;
				_t19 = _t72 + 0x80; // 0xc79
				_t66 =  *_t19;
				 *((intOrPtr*)(_t66 + 0xc)) = _t72;
				 *((intOrPtr*)(_t66 + 8)) = 0x479c14;
				_t22 = _t72 + 0x78; // 0x6d726f46
				_t67 =  *_t22;
				 *((intOrPtr*)(_t67 + 0xc)) = _t72;
				 *((intOrPtr*)(_t67 + 8)) = 0x479c14;
				_t25 = _t72 + 0x84; // 0x0
				_t68 =  *_t25;
				 *((intOrPtr*)(_t68 + 0xc)) = _t72;
				 *((intOrPtr*)(_t68 + 8)) = 0x479c14;
				_t69 = _t72;
				if(_v5 != 0) {
					E00404528(_t69);
					_pop( *[fs:0x0]);
				}
				return _t72;
			}

0x004793cc
0x004793d4
0x004793d6
0x004793d9
0x004793d9
0x004793de
0x004793e1
0x004793e7
0x004793ec
0x004793f1
0x004793f4
0x004793fa
0x004793ff
0x00479402
0x0047940a
0x00479416
0x00479425
0x00479434
0x00479443
0x00479452
0x00479461
0x0047946b
0x00479475
0x0047947b
0x00479480
0x0047948e
0x00479495
0x004794a3
0x004794b2
0x004794c4
0x004794d3
0x004794db
0x004794e0
0x004794e0
0x004794e3
0x004794e6
0x004794ed
0x004794ed
0x004794f3
0x004794f6
0x004794fd
0x004794fd
0x00479500
0x00479503
0x0047950a
0x0047950a
0x00479510
0x00479513
0x0047951a
0x00479520
0x00479522
0x00479527
0x0047952e
0x00479537

APIs

GetKeyboardLayout.USER32 ref: 00479411
GetDC.USER32(00000000), ref: 00479466
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00479470
ReleaseDC.USER32 ref: 0047947B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CapsDeviceKeyboardLayoutRelease
String ID:
API String ID: 3331096196-0
Opcode ID: d5d74c8ca3efa44066210ef010089a58dcc0b90acec5453446a83ae0bd2fe379
Instruction ID: d0959ebf1726b2668cf9b8fb25dc699690e94914cae8e69f49161f1a5ca15aee
Opcode Fuzzy Hash: d5d74c8ca3efa44066210ef010089a58dcc0b90acec5453446a83ae0bd2fe379
Instruction Fuzzy Hash: 3041C4B06012408FD750EF69D8C1B447BE1AB04318F45D1BAE908DF3A3D639AC08CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00443158, Relevance: 6.1, APIs: 4, Instructions: 81
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00443158(void* __eax, void* __ebx, intOrPtr __ecx, int __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				long _t27;
				int _t41;
				int _t42;
				intOrPtr _t50;
				int _t55;
				void* _t57;
				void* _t60;

				_v8 = 0;
				_v12 = __ecx;
				_t55 = __edx;
				_t57 = __eax;
				_push(_t60);
				_push(0x44323d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t60 + 0xfffffff8;
				if(__edx >= 0) {
					_t41 = SendMessageW(L00463A10( *((intOrPtr*)(__eax + 0x1c))), 0xbb, __edx, 0);
					if(_t41 < 0) {
						_t55 = _t55 - 1;
						_t42 = SendMessageW(L00463A10( *((intOrPtr*)(_t57 + 0x1c))), 0xbb, _t55, 0);
						if(_t42 >= 0) {
							_t27 = SendMessageW(L00463A10( *((intOrPtr*)(_t57 + 0x1c))), 0xc1, _t42, 0);
							if(_t27 != 0) {
								_t41 = _t42 + _t27;
								E00406914( &_v8, _v12, 0x443258);
								goto L6;
							}
						}
					} else {
						E00406914( &_v8, 0x443258, _v12);
						L6:
						SendMessageW(L00463A10( *((intOrPtr*)(_t57 + 0x1c))), 0xb1, _t41, _t41);
						E00414FF4(L00463A10( *((intOrPtr*)(_t57 + 0x1c))), _t41, 0, 0xc2, _t55, _t57, _v8); // executed
					}
				}
				_pop(_t50);
				 *[fs:eax] = _t50;
				_push(0x443244);
				return L00406438( &_v8);
			}

0x00443163
0x00443166
0x00443169
0x0044316b
0x0044316f
0x00443170
0x00443175
0x00443178
0x0044317d
0x00443199
0x0044319d
0x004431b3
0x004431c8
0x004431cc
0x004431df
0x004431e6
0x004431e8
0x004431f5
0x00000000
0x004431f5
0x004431e6
0x0044319f
0x004431aa
0x004431fa
0x0044320a
0x00443222
0x00443222
0x0044319d
0x00443229
0x0044322c
0x0044322f
0x0044323c

APIs

SendMessageW.USER32(00000000,000000BB,?,00000000), ref: 00443194
SendMessageW.USER32(00000000,000000BB,?,00000000), ref: 004431C3
SendMessageW.USER32(00000000,000000C1,00000000,00000000), ref: 004431DF
SendMessageW.USER32(00000000,000000B1,00000000,00000000), ref: 0044320A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fef5ed53fd31a327b844ff8843d04730729e65a09a6991a3f5528ed982a67ded
Instruction ID: 4d174a75eacc8a696d77b554faee4562b2c03e2f9e8e69cf2d99b769e5ad33a4
Opcode Fuzzy Hash: fef5ed53fd31a327b844ff8843d04730729e65a09a6991a3f5528ed982a67ded
Instruction Fuzzy Hash: 2521F8703007456BE710EFA6DC82F5BB2ECEB84B05F20487E7441E76C2DAB89E10852D

Uniqueness

Uniqueness Score: -1.00%

Function 0042BDD0, Relevance: 6.1, APIs: 4, Instructions: 59
registryCOMMON

Download Yara Rule

C-Code - Quality: 94%

			E0042BDD0(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSW _v44;
				struct HINSTANCE__* _t6;
				WCHAR* _t8;
				struct HINSTANCE__* _t9;
				int _t10;
				void* _t11;
				struct HINSTANCE__* _t13;
				struct HWND__* _t15;
				long _t17;
				struct HINSTANCE__* _t19;
				WCHAR* _t20;
				struct HWND__* _t22;
				WCHAR* _t24;

				_t6 =  *0x508b50; // 0x400000
				 *0x502ee0 = _t6;
				_t8 =  *0x502ef4; // 0x42bdb4
				_t9 =  *0x508b50; // 0x400000
				_t10 = GetClassInfoW(_t9, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00409BCC != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t19 =  *0x508b50; // 0x400000
						_t20 =  *0x502ef4; // 0x42bdb4
						UnregisterClassW(_t20, _t19);
					}
					RegisterClassW(0x502ed0);
				}
				_t13 =  *0x508b50; // 0x400000
				_t24 =  *0x502ef4; // 0x42bdb4
				_t15 = E0040A124(0x80, _t24, 0, _t13, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					_t17 = E0042BD08(_a4, _a8); // executed
					SetWindowLongW(_t22, 0xfffffffc, _t17);
				}
				return _t22;
			}

0x0042bdd7
0x0042bddc
0x0042bde5
0x0042bdeb
0x0042bdf1
0x0042bdf9
0x0042bdfb
0x0042bdfe
0x0042be0c
0x0042be0e
0x0042be14
0x0042be1a
0x0042be1a
0x0042be24
0x0042be24
0x0042be3a
0x0042be47
0x0042be52
0x0042be57
0x0042be5e
0x0042be66
0x0042be6f
0x0042be6f
0x0042be7a

APIs

GetClassInfoW.USER32 ref: 0042BDF1
UnregisterClassW.USER32 ref: 0042BE1A
RegisterClassW.USER32 ref: 0042BE24
SetWindowLongW.USER32 ref: 0042BE6F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Class$InfoLongRegisterUnregisterWindow
String ID:
API String ID: 4025006896-0
Opcode ID: 79c0db732e8d308a1803ed9c95c1be72988015461dfd962e98590c7cf2f32bc1
Instruction ID: 44257e4e844b348939103baf6fa14a3357942d68770810eb0762cc7fdd13d0f6
Opcode Fuzzy Hash: 79c0db732e8d308a1803ed9c95c1be72988015461dfd962e98590c7cf2f32bc1
Instruction Fuzzy Hash: CB01A1717445056BCB00EB98EC45FAF33ADE718304F004626FA44E73E1CB7A9C199794

Uniqueness

Uniqueness Score: -1.00%

Function 0047AEC4, Relevance: 6.1, APIs: 4, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047AEC4(void* __eax, void* __ecx, char __edx) {
				char _v12;
				struct HWND__* _v20;
				int _t16;
				void* _t25;
				struct HWND__* _t31;
				void* _t33;
				void* _t34;
				long _t35;

				_t35 = _t34 + 0xfffffff8;
				_t25 = __eax;
				_t16 =  *(__eax + 0x170);
				if(_t16 != 0) {
					if( *((intOrPtr*)(__eax + 0x90)) == 0) {
						 *_t35 = _t16;
						_v12 = __edx;
						EnumWindows(E0047AE10, _t35); // executed
						_t16 =  *(_t25 + 0x8c);
						if( *((intOrPtr*)(_t16 + 8)) != 0) {
							_t31 = GetWindow(_v20, 3);
							_v20 = _t31;
							if((GetWindowLongW(_t31, 0xffffffec) & 0x00000008) != 0) {
								_v20 = 0xfffffffe;
							}
							_t16 =  *(_t25 + 0x8c);
							_t33 =  *((intOrPtr*)(_t16 + 8)) - 1;
							if(_t33 >= 0) {
								do {
									_t16 = SetWindowPos(L00423514( *(_t25 + 0x8c), _t33), _v20, 0, 0, 0, 0, 0x213);
									_t33 = _t33 - 1;
								} while (_t33 != 0xffffffff);
							}
						}
					}
					 *((intOrPtr*)(_t25 + 0x90)) =  *((intOrPtr*)(_t25 + 0x90)) + 1;
				}
				return _t16;
			}

0x0047aec6
0x0047aec9
0x0047aecb
0x0047aed3
0x0047aee0
0x0047aee2
0x0047aee5
0x0047aef1
0x0047aef6
0x0047af00
0x0047af0e
0x0047af10
0x0047af1d
0x0047af1f
0x0047af1f
0x0047af26
0x0047af2f
0x0047af33
0x0047af35
0x0047af55
0x0047af5a
0x0047af5b
0x0047af35
0x0047af33
0x0047af00
0x0047af60
0x0047af60
0x0047af6a

APIs

EnumWindows.USER32(Function_0007AE10), ref: 0047AEF1
GetWindow.USER32(?,00000003), ref: 0047AF09
GetWindowLongW.USER32(00000000,000000EC), ref: 0047AF16
SetWindowPos.USER32(00000000,000000EC,00000000,00000000,00000000,00000000,00000213,00000000,000000EC,?,00000003,Function_0007AE10), ref: 0047AF55

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$EnumLongWindows
String ID:
API String ID: 4191631535-0
Opcode ID: dc46f87aefadf03c832279afaf1de0c6b497e464b5d3ad6a3c82fe943312a327
Instruction ID: 2d5f21eb873434450f0e1e4589335b27ae91d818ecc58bf65364ca7c416f6070
Opcode Fuzzy Hash: dc46f87aefadf03c832279afaf1de0c6b497e464b5d3ad6a3c82fe943312a327
Instruction Fuzzy Hash: 01115A716442109FEB109A28DC85F9A73E4AB44724F24817AFD9CDF2D6C7789C50877A

Uniqueness

Uniqueness Score: -1.00%

Function 004AF9A8, Relevance: 6.1, APIs: 4, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 15%

			E004AF9A8(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, DWORD* _a4) {
				void* _v8;
				int _t10;
				int _t13;
				void* _t22;
				intOrPtr* _t23;
				intOrPtr _t27;
				DWORD* _t29;
				intOrPtr* _t31;
				intOrPtr _t34;

				_push(_t23);
				_t31 = _t23;
				_t22 = __edx;
				_v8 = __eax;
				_t29 = _a4;
				_push(_t34);
				_push(0x4afa2d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				if(__edx == 2) {
					do {
						 *_t31();
					} while (WaitForInputIdle(_v8, 0x32) == 0x102);
				}
				if(_t22 == 1) {
					do {
						 *_t31();
					} while (MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0xff) == 1);
					 *_t31();
				}
				_t10 = GetExitCodeProcess(_v8, _t29); // executed
				if(_t10 == 0) {
					 *_t29 = 0xffffffff;
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(0x4afa34);
				_t13 = CloseHandle(_v8); // executed
				return _t13;
			}

0x004af9ab
0x004af9af
0x004af9b1
0x004af9b3
0x004af9b6
0x004af9bb
0x004af9bc
0x004af9c1
0x004af9c4
0x004af9ca
0x004af9cc
0x004af9cc
0x004af9d9
0x004af9cc
0x004af9e3
0x004af9e5
0x004af9e5
0x004af9fb
0x004afa00
0x004afa00
0x004afa07
0x004afa0e
0x004afa10
0x004afa10
0x004afa18
0x004afa1b
0x004afa1e
0x004afa27
0x004afa2c

APIs

WaitForInputIdle.USER32 ref: 004AF9D4
MsgWaitForMultipleObjects.USER32 ref: 004AF9F6
GetExitCodeProcess.KERNEL32 ref: 004AFA07
CloseHandle.KERNEL32(00000001,004AFA34,004AFA2D,?,?,?,00000001,?,?,004AFDD6,?,0000003C,00000000,004AFDEC), ref: 004AFA27

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Wait$CloseCodeExitHandleIdleInputMultipleObjectsProcess
String ID:
API String ID: 4071923889-0
Opcode ID: 02d04c88c0c95989d0c24f47a548bdca4c2924962698a642de4bda368f377a05
Instruction ID: ec98638fec8b4c59f707463353998ef2b7cc20731e6726f35f7d2b9a88429f14
Opcode Fuzzy Hash: 02d04c88c0c95989d0c24f47a548bdca4c2924962698a642de4bda368f377a05
Instruction Fuzzy Hash: E601F570A403047EEB2097E68C06FAB7BACDB5A720F600137F504D32D2D6B88D00C669

Uniqueness

Uniqueness Score: -1.00%

Function 004D73E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E004D73E0(intOrPtr __ebx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v9;
				intOrPtr* _v16;
				char _v20;
				intOrPtr* _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				intOrPtr _t100;
				intOrPtr* _t105;
				intOrPtr* _t107;
				intOrPtr* _t117;
				intOrPtr* _t127;
				intOrPtr* _t128;
				intOrPtr* _t129;
				intOrPtr _t130;
				intOrPtr _t144;
				void* _t166;
				void* _t168;
				void* _t169;
				void* _t170;
				void* _t173;
				intOrPtr _t174;
				void* _t176;
				void* _t177;
				intOrPtr _t178;
				void* _t189;

				_t171 = __esi;
				_t126 = __ebx;
				_t176 = _t177;
				_t178 = _t177 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v20 = 0;
				_v8 = 0;
				_push(_t176);
				_push(0x4d75fa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t178;
				_t129 =  *0x504e38; // 0x50b17c
				_t130 =  *_t129;
				_t62 = E004D7644(1, __edi, __fp0); // executed
				_v16 = _t62;
				_push(_t176);
				_push(0x4d75d5);
				_push( *[fs:edx]);
				 *[fs:edx] = _t178;
				_t63 =  *0x504ac0; // 0x50bf7c
				_t166 =  *((intOrPtr*)( *_t63 + 8)) - 1;
				if(_t166 < 0) {
					L3:
					_t65 =  *0x504b94; // 0x50be1c
					if(( *(_t65 + 0x11c) & 0x00000002) == 0 ||  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c)))) + 0x14))() - 1 <= 0) {
						L11:
						if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)))) + 0xdc))() + 1 == 0) {
							_t127 =  *((intOrPtr*)(_v16 + 0x38c));
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t127 + 0x29c)))) + 0x5c))();
							 *((intOrPtr*)( *_t127 + 0xe0))();
						}
						_t189 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c)))) + 0x14))() - 1;
						if(_t189 <= 0) {
							_v9 = 1;
						} else {
							 *((intOrPtr*)( *_v16 + 0x100))();
							_v9 = _t189 == 0;
							if(_v9 != 0 &&  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)))) + 0xdc))() >= 0) {
								E004E0420( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c)))) + 0x18))(),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c)))));
							}
						}
						_pop(_t144);
						 *[fs:eax] = _t144;
						_push(0x4d75dc);
						return E00404098(_v16);
					} else {
						_t100 =  *0x504b94; // 0x50be1c
						_t24 = _t100 + 8; // 0x2611c7c
						L004DDD78( *_t24, _t130,  &_v20);
						E004D9AC0(_v20, _t126, 0, L"Inno Setup: Language", _t166, _t171,  &_v8); // executed
						if(_v8 == 0) {
							goto L11;
						}
						_t105 =  *0x504ac0; // 0x50bf7c
						_t168 =  *((intOrPtr*)( *_t105 + 8)) - 1;
						if(_t168 < 0) {
							goto L11;
						}
						_t169 = _t168 + 1;
						_t173 = 0;
						while(1) {
							_t107 =  *0x504ac0; // 0x50bf7c
							if(E0040C24C(_v8, 0,  *((intOrPtr*)(L00423514( *_t107, _t173)))) == 0) {
								break;
							}
							_t173 = _t173 + 1;
							_t169 = _t169 - 1;
							if(_t169 != 0) {
								continue;
							}
							goto L11;
						}
						_t128 =  *((intOrPtr*)(_v16 + 0x38c));
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t128 + 0x29c)))) + 0x5c))();
						 *((intOrPtr*)( *_t128 + 0xe0))();
						goto L11;
					}
				}
				_t170 = _t166 + 1;
				_t174 = 0;
				do {
					_t117 =  *0x504ac0; // 0x50bf7c
					L00423514( *_t117, _t174);
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c)))) + 0x38))();
					_t130 = _t174;
					_t126 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c))));
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x38c)) + 0x29c)))) + 0x24))();
					_t174 = _t174 + 1;
					_t170 = _t170 - 1;
				} while (_t170 != 0);
				goto L3;
			}

0x004d73e0
0x004d73e0
0x004d73e1
0x004d73e3
0x004d73e6
0x004d73e7
0x004d73e8
0x004d73eb
0x004d73ee
0x004d73f3
0x004d73f4
0x004d73f9
0x004d73fc
0x004d73ff
0x004d7405
0x004d740e
0x004d7413
0x004d7418
0x004d7419
0x004d741e
0x004d7421
0x004d7424
0x004d742e
0x004d7431
0x004d7476
0x004d7476
0x004d7482
0x004d751e
0x004d7530
0x004d753d
0x004d754b
0x004d7554
0x004d7554
0x004d756e
0x004d756f
0x004d75bb
0x004d7571
0x004d7576
0x004d757d
0x004d7585
0x004d75b4
0x004d75b4
0x004d7585
0x004d75c1
0x004d75c4
0x004d75c7
0x004d75d4
0x004d749f
0x004d74a6
0x004d74ab
0x004d74ae
0x004d74bd
0x004d74c6
0x00000000
0x00000000
0x004d74c8
0x004d74d2
0x004d74d5
0x00000000
0x00000000
0x004d74d7
0x004d74d8
0x004d74da
0x004d74da
0x004d74f4
0x00000000
0x00000000
0x004d751a
0x004d751b
0x004d751c
0x00000000
0x00000000
0x00000000
0x004d751c
0x004d74f9
0x004d7509
0x004d7512
0x00000000
0x004d7512
0x004d7482
0x004d7433
0x004d7434
0x004d7436
0x004d7436
0x004d743f
0x004d7458
0x004d746a
0x004d746d
0x004d746f
0x004d7472
0x004d7473
0x004d7473
0x00000000

APIs

KiUserCallbackDispatcher.NTDLL ref: 004D7576

Strings

Inno Setup: Language, xrefs: 004D74B8
DP, xrefs: 004D7532

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID: Inno Setup: Language$DP
API String ID: 2492992576-1510822476
Opcode ID: 69695308997ec537a0632b4fed0b97087e6cc79432a7f7aead90144bbb846600
Instruction ID: 46c6b14f10b98dd14d92ccdcbf4993a458a9ea6492aae00aeb7a79143bd3c464
Opcode Fuzzy Hash: 69695308997ec537a0632b4fed0b97087e6cc79432a7f7aead90144bbb846600
Instruction Fuzzy Hash: 136113386045049FC701DF58D4A8E9AB7F2FB89304F2581E6EC099B761EB34ED46CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004E0420, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 148
windowCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E004E0420(long __eax, void* __ecx) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				long _t23;
				intOrPtr _t24;
				intOrPtr _t28;
				intOrPtr _t43;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t58;
				intOrPtr* _t63;
				struct HWND__* _t66;
				int _t67;
				intOrPtr _t68;
				void* _t71;
				void* _t73;
				void* _t87;
				void* _t88;
				void* _t89;
				intOrPtr _t90;
				void* _t92;
				intOrPtr _t94;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t103;
				intOrPtr _t106;
				intOrPtr _t108;
				intOrPtr _t110;
				void* _t116;
				void* _t117;
				void* _t119;
				void* _t120;
				long _t121;
				void* _t122;

				_t89 = __ecx;
				_t23 = __eax;
				_t121 = __eax;
				_t122 = _t121 -  *0x5044e8; // 0x0
				if(_t122 == 0) {
					L28:
					return _t23;
				}
				_t24 =  *0x50bf7c; // 0x25d1300
				_t87 = L00423514(_t24, __eax);
				_t1 = _t87 + 0x18; // 0x18
				_t92 = L00405AC4(_t1, _t89, _t117);
				_t28 =  *((intOrPtr*)(_t87 + 0x18));
				if(_t28 != 0) {
					_t28 =  *((intOrPtr*)(_t28 - 4));
				}
				L004ABC30(_t92, _t89, _t28);
				 *0x5044e8 = _t121;
				_t94 =  *0x4820e4; // 0x4820e8
				L004073F0(0x50bf3c, _t94);
				_t90 =  *0x4820e4; // 0x4820e8
				L00407414(0x50bf3c, _t90, _t87);
				if( *0x50bf64 == 0x411 &&  *0x50c06c < 0x5010000 && E00480294(L"MS PGothic", _t87) != 0) {
					E00406448(0x50bf4c, L"MS PGothic");
					 *0x50bf70 = 0xc;
				}
				if( *((intOrPtr*)(_t87 + 0x1c)) == 0) {
					_t96 =  *0x50be8c; // 0x0
					L004052D0(0x50bfc8, _t96);
				} else {
					L004052D0(0x50bfc8,  *((intOrPtr*)(_t87 + 0x1c)));
				}
				if( *((intOrPtr*)(_t87 + 0x20)) == 0) {
					_t97 =  *0x50be90; // 0x255bf3c
					L004052D0(0x50bfcc, _t97);
				} else {
					L004052D0(0x50bfcc,  *((intOrPtr*)(_t87 + 0x20)));
				}
				_t130 =  *((intOrPtr*)(_t87 + 0x24));
				if( *((intOrPtr*)(_t87 + 0x24)) == 0) {
					_t98 =  *0x50be94; // 0x0
					L004052D0(0x50bfd0, _t98);
				} else {
					L004052D0(0x50bfd0,  *((intOrPtr*)(_t87 + 0x24)));
				}
				L004811D0( *0x50bf78 & 0x000000ff);
				_t43 =  *0x504e48; // 0x50b83c
				_t10 = _t43 + 0x184; // 0x25e06f4
				L00481198(0, _t90, E004064D4( *_t10), _t130);
				_t48 =  *0x504e48; // 0x50b83c
				_t11 = _t48 + 0x98; // 0x25cae7c
				L00481198(1, _t90, E004064D4( *_t11), _t130);
				_t53 =  *0x504e48; // 0x50b83c
				_t12 = _t53 + 0x12c; // 0x25cae9c
				L00481198(2, _t90, E004064D4( *_t12), _t130);
				_t58 =  *0x504e48; // 0x50b83c
				_t13 = _t58 + 0x12c; // 0x25cae9c
				L00481198(3, _t90, E004064D4( *_t13), _t130);
				_t103 =  *0x504e48; // 0x50b83c
				_t14 = _t103 + 0x274; // 0x25caf1c
				_t63 =  *0x504e38; // 0x50b17c
				E0047BF28( *_t63, _t90,  *_t14, _t130);
				_t23 =  *0x50bf88; // 0x25d1348
				_t119 =  *((intOrPtr*)(_t23 + 8)) - 1;
				if(_t119 < 0) {
					L26:
					if( *0x50bd40 == 0) {
						goto L28;
					}
					_t66 =  *0x50bd44; // 0x1f0056
					_t67 = SendNotifyMessageW(_t66, 0x496, 0x2711, _t121); // executed
					return _t67;
				} else {
					_t120 = _t119 + 1;
					_t116 = 0;
					do {
						_t68 =  *0x50bf88; // 0x25d1348
						_t88 = L00423514(_t68, _t116);
						_t71 = ( *(_t88 + 0x25) & 0x000000ff) - 1;
						if(_t71 == 0) {
							_t17 = _t88 + 4; // 0x4
							_t106 =  *0x504e48; // 0x50b83c
							_t18 = _t106 + 0x168; // 0x2604c84
							_t23 = E00406448(_t17,  *_t18);
						} else {
							_t73 = _t71 - 1;
							if(_t73 == 0) {
								_t19 = _t88 + 4; // 0x4
								_t108 =  *0x504e48; // 0x50b83c
								_t20 = _t108 + 0x80; // 0x2612efc
								_t23 = E00406448(_t19,  *_t20);
							} else {
								_t23 = _t73 - 1;
								if(_t23 == 0) {
									_t21 = _t88 + 4; // 0x4
									_t110 =  *0x504e48; // 0x50b83c
									_t22 = _t110 + 0xa0; // 0x2604bdc
									_t23 = E00406448(_t21,  *_t22);
								}
							}
						}
						_t116 = _t116 + 1;
						_t120 = _t120 - 1;
					} while (_t120 != 0);
					goto L26;
				}
			}

0x004e0420
0x004e0420
0x004e0424
0x004e0426
0x004e042c
0x004e0651
0x004e0651
0x004e0651
0x004e0434
0x004e043e
0x004e0440
0x004e0448
0x004e044a
0x004e044f
0x004e0454
0x004e0454
0x004e0457
0x004e045c
0x004e0467
0x004e046d
0x004e0479
0x004e047f
0x004e048e
0x004e04b4
0x004e04b9
0x004e04b9
0x004e04c7
0x004e04dd
0x004e04e3
0x004e04c9
0x004e04d1
0x004e04d1
0x004e04ec
0x004e0502
0x004e0508
0x004e04ee
0x004e04f6
0x004e04f6
0x004e050d
0x004e0511
0x004e0527
0x004e052d
0x004e0513
0x004e051b
0x004e051b
0x004e0539
0x004e053e
0x004e0543
0x004e0552
0x004e0557
0x004e055c
0x004e056b
0x004e0570
0x004e0575
0x004e0584
0x004e0589
0x004e058e
0x004e059d
0x004e05a2
0x004e05a8
0x004e05ae
0x004e05b5
0x004e05ba
0x004e05c2
0x004e05c5
0x004e062e
0x004e0635
0x00000000
0x00000000
0x004e0642
0x004e0648
0x00000000
0x004e05c7
0x004e05c7
0x004e05c8
0x004e05ca
0x004e05cc
0x004e05d6
0x004e05dc
0x004e05de
0x004e05ea
0x004e05ed
0x004e05f3
0x004e05f9
0x004e05e0
0x004e05e0
0x004e05e2
0x004e0600
0x004e0603
0x004e0609
0x004e060f
0x004e05e4
0x004e05e4
0x004e05e6
0x004e0616
0x004e0619
0x004e061f
0x004e0625
0x004e0625
0x004e05e6
0x004e05e2
0x004e062a
0x004e062b
0x004e062b
0x00000000
0x004e05ca

APIs

SendNotifyMessageW.USER32(001F0056,00000496,00002711,-00000001), ref: 004E0648

Strings

MS PGothic, xrefs: 004E049C, 004E04AF
H, xrefs: 004E0467, 004E0479

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageNotifySend
String ID: MS PGothic$ H
API String ID: 3556456075-689709186
Opcode ID: d302acb5336035e41d9ca051e1be5f1ae645d19136de79bec13a08679331ca6f
Instruction ID: 70a8af17b21394a0c53c4b04d40a4f99bdbf1127fad7a61562f0c4bade8fa5c9
Opcode Fuzzy Hash: d302acb5336035e41d9ca051e1be5f1ae645d19136de79bec13a08679331ca6f
Instruction Fuzzy Hash: 2951CF302001458BDB00FF26ECC5A5E33A1FB94305F5441BBA9149B3A6CBB8DC86DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004D9AC0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87
registryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E004D9AC0(void* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char* _v40;
				void* _t43;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr _t66;
				intOrPtr _t71;
				void* _t73;
				void* _t77;
				void* _t78;
				intOrPtr _t79;

				_t77 = _t78;
				_t79 = _t78 + 0xffffffdc;
				_v24 = 0;
				_v8 = 0;
				_v12 = __ecx;
				_t73 = __edx;
				_t54 = __eax;
				_t75 = _a4;
				_push(_t77);
				_push(0x4d9bca);
				 *[fs:eax] = _t79;
				E00406448(_a4, _v12,  *[fs:eax]);
				if(_t54 == 0) {
					L5:
					_pop(_t66);
					 *[fs:eax] = _t66;
					_push(0x4d9bd1);
					L00406438( &_v24);
					return L00406438( &_v8);
				} else {
					L004D99AC(_t54, _t54,  &_v8, __edx, _t75);
					_v16 = 2;
					_t55 = 0x5044f4;
					while(1) {
						_v40 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall";
						_v36 = 0x11;
						_v32 = _v8;
						_v28 = 0x11;
						E0040E258(L"%s\\%s_is1", 1,  &_v40,  &_v24);
						_t43 = E0047FD20( *0x5044ec & 0x000000ff, E004064D4(_v24),  *_t55,  &_v20, 1, 0); // executed
						if(_t43 == 0) {
							break;
						}
						_t55 = _t55 + 4;
						_t19 =  &_v16;
						 *_t19 = _v16 - 1;
						if( *_t19 != 0) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_push(_t77);
					_push(0x4d9b99);
					_push( *[fs:eax]);
					 *[fs:eax] = _t79;
					E004064D4(_t73);
					E0047FC48();
					_pop(_t71);
					 *[fs:eax] = _t71;
					_push(0x4d9bac);
					return RegCloseKey(_v20);
				}
				L6:
			}

0x004d9ac1
0x004d9ac3
0x004d9acb
0x004d9ace
0x004d9ad1
0x004d9ad4
0x004d9ad6
0x004d9ad8
0x004d9add
0x004d9ade
0x004d9ae6
0x004d9aee
0x004d9af5
0x004d9bac
0x004d9bae
0x004d9bb1
0x004d9bb4
0x004d9bbc
0x004d9bc9
0x004d9afb
0x004d9b00
0x004d9b05
0x004d9b0c
0x004d9b11
0x004d9b22
0x004d9b25
0x004d9b2c
0x004d9b2f
0x004d9b40
0x004d9b58
0x004d9b5f
0x00000000
0x00000000
0x004d9ba0
0x004d9ba3
0x004d9ba3
0x004d9ba6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004d9ba6
0x004d9b63
0x004d9b64
0x004d9b69
0x004d9b6c
0x004d9b71
0x004d9b7d
0x004d9b84
0x004d9b87
0x004d9b8a
0x004d9b98
0x004d9b98
0x00000000

APIs

Part of subcall function 0047FD20: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

RegCloseKey.ADVAPI32(?,004D9BAC,004D75FA,?,00000001,00000000,00000000,004D9BCA,?,?), ref: 004D9B93

Strings

Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 004D9B1D
%s\%s_is1, xrefs: 004D9B3B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseOpen
String ID: %s\%s_is1$Software\Microsoft\Windows\CurrentVersion\Uninstall
API String ID: 47109696-1598650737
Opcode ID: 94d5b9df6421e1a34229022527724a68be74c9bfa3565f254976db8116c6688c
Instruction ID: 0e036e32b0eee643e748d4c2650ce68e673eb64dcdf1fafbc9949c39ec5037ec
Opcode Fuzzy Hash: 94d5b9df6421e1a34229022527724a68be74c9bfa3565f254976db8116c6688c
Instruction Fuzzy Hash: C231B470A002089FDB00DBA9DC62AAEB7F8FB49304F51407BE504F7381D779AE008B58

Uniqueness

Uniqueness Score: -1.00%

Function 004AE274, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E004AE274(void* __eax, long __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char* _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				int _t30;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t76;

				_t71 = __edi;
				_t54 = __ebx;
				_t75 = _t76;
				_t55 = 4;
				do {
					_push(0);
					_push(0);
					_t55 = _t55 - 1;
				} while (_t55 != 0);
				_push(_t55);
				_push(__ebx);
				_t73 = __eax;
				_t78 = 0;
				_push(_t75);
				_push(0x4ae369);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				while(1) {
					L0047F8C8( &_v12, _t54, _t55, _t78); // executed
					_t55 = L".tmp";
					E004ADFDC(0, _t54, L".tmp", _v12, _t71, _t73,  &_v8); // executed
					_t30 = CreateDirectoryW(E004064D4(_v8), 0); // executed
					if(_t30 != 0) {
						break;
					}
					_t54 = GetLastError();
					_t78 = _t54 - 0xb7;
					if(_t54 != 0xb7) {
						_push( &_v16);
						L004ABB3C(0x36,  &_v32, _v8);
						_v28 = _v32;
						E0040D15C( &_v36, _t54);
						_v24 = _v36;
						E0048087C(_t54,  &_v40);
						_v20 = _v40;
						L004ABB0C(0x68, 2,  &_v28, 0);
						_t55 = _v16;
						L00411930(_v16, 1);
						E00404A74();
					}
				}
				E00406448(_t73, _v8);
				__eflags = 0;
				_pop(_t63);
				 *[fs:eax] = _t63;
				_push(E004AE370);
				L00406440( &_v40, 3);
				return L00406440( &_v16, 3);
			}

0x004ae274
0x004ae274
0x004ae275
0x004ae277
0x004ae27c
0x004ae27c
0x004ae27e
0x004ae280
0x004ae280
0x004ae283
0x004ae284
0x004ae286
0x004ae288
0x004ae28a
0x004ae28b
0x004ae290
0x004ae293
0x004ae296
0x004ae29d
0x004ae2a5
0x004ae2ac
0x004ae2bc
0x004ae2c3
0x00000000
0x00000000
0x004ae2ca
0x004ae2cc
0x004ae2d2
0x004ae2d7
0x004ae2e0
0x004ae2e8
0x004ae2f4
0x004ae2fc
0x004ae304
0x004ae30c
0x004ae319
0x004ae31e
0x004ae328
0x004ae32d
0x004ae32d
0x004ae2d2
0x004ae33c
0x004ae341
0x004ae343
0x004ae346
0x004ae349
0x004ae356
0x004ae368

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,?,00000000,004AE369,?,00000000,0050B17C,00000003,00000000,00000000,?,004DE8D3,00000000,004DE9FE), ref: 004AE2BC
GetLastError.KERNEL32(00000000,00000000,?,00000000,004AE369,?,00000000,0050B17C,00000003,00000000,00000000,?,004DE8D3,00000000,004DE9FE), ref: 004AE2C5

Strings

.tmp, xrefs: 004AE2A5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: a9183d845f534454eb83feef88359727353d1ec28aec1cef63f69866a668b7bb
Instruction ID: 59cf80837acadacf4dd19d02b3c6e15e9a136b542cc0164b9d731fa9c604ed4c
Opcode Fuzzy Hash: a9183d845f534454eb83feef88359727353d1ec28aec1cef63f69866a668b7bb
Instruction Fuzzy Hash: 8D218B75A002089FDB00EBA5C842ADFB3F9EB59304F50457BF911B7741DB389E058BA9

Uniqueness

Uniqueness Score: -1.00%

Function 004AD01C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60
processCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E004AD01C(void* __eax, WCHAR* __ecx, WCHAR* __edx, void* __eflags, struct _PROCESS_INFORMATION* _a4, struct _STARTUPINFOW* _a8, char _a12, void* _a16, long _a20, int _a24, struct _SECURITY_ATTRIBUTES* _a28, struct _SECURITY_ATTRIBUTES* _a32) {
				int _v8;
				char _v16;
				long _v20;
				int _t27;
				intOrPtr _t42;
				void* _t50;
				void* _t52;
				intOrPtr _t53;

				_t50 = _t52;
				_t53 = _t52 + 0xfffffff0;
				if(E004ACF58(__eax,  &_v16) != 0) {
					_push(_t50);
					_push(0x4ad096);
					_push( *[fs:eax]);
					 *[fs:eax] = _t53;
					_t5 =  &_a12; // 0x4b31e8
					_t27 = CreateProcessW(__edx, __ecx, _a32, _a28, _a24, _a20, _a16,  *_t5, _a8, _a4); // executed
					_v8 = _t27;
					_v20 = GetLastError();
					_pop(_t42);
					 *[fs:eax] = _t42;
					_push(E004AD09D);
					return E004ACF94( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x004ad01d
0x004ad01f
0x004ad037
0x004ad042
0x004ad043
0x004ad048
0x004ad04b
0x004ad056
0x004ad070
0x004ad075
0x004ad07d
0x004ad082
0x004ad085
0x004ad088
0x004ad095
0x004ad039
0x004ad03b
0x004ad0af
0x004ad0af

APIs

CreateProcessW.KERNEL32 ref: 004AD070
GetLastError.KERNEL32(00000000,00000000,?,?,?,004B3204,00000000,1K,?,00000000,00000000,004AD096,?,?,00000000,00000001), ref: 004AD078

Strings

1K, xrefs: 004AD056, 004AD059

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateErrorLastProcess
String ID: 1K
API String ID: 2919029540-3277982518
Opcode ID: 144662c0b0594d9c35e36e100f5b20ad1331b1d9b05d041d054b4059bdf404b0
Instruction ID: 27121663f750f90800333315159ebe3e6f3250123c95a32b13b6f8b2a9e53e98
Opcode Fuzzy Hash: 144662c0b0594d9c35e36e100f5b20ad1331b1d9b05d041d054b4059bdf404b0
Instruction Fuzzy Hash: B4117C72A04208AF8B50CEA9DC81DDF77ECEB8E314B504566F918D3641DA38ED1187A4

Uniqueness

Uniqueness Score: -1.00%

Function 00470BFC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52
threadCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E00470BFC(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr _t25;
				char _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				void* _t32;
				void* _t33;
				intOrPtr _t34;

				_t32 = _t33;
				_t34 = _t33 + 0xfffffff4;
				_v8 = 0;
				_t25 =  *0x503ca4; // 0x0
				_v12 = _t25;
				_t26 =  *0x503cb4; // 0x0
				_v16 = _t26;
				 *0x503ca4 = __eax;
				 *0x503cb4 = 0;
				_push(_t32);
				_push(0x470cae);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				 *0x503cb0 = 1;
				_push(_t32);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				EnumThreadWindows(GetCurrentThreadId(), E00470BAC, 0);
				_t13 =  *0x503cb4; // 0x0
				_v8 = _t13;
				_pop(_t27);
				 *[fs:eax] = _t27;
				_t28 = 0x470c70;
				 *[fs:eax] = _t28;
				_push(E00470CB5);
				 *0x503cb0 = 0;
				_t5 =  &_v16; // 0x4b3357
				 *0x503cb4 =  *_t5;
				_t17 = _v12;
				 *0x503ca4 = _t17;
				return _t17;
			}

0x00470bfd
0x00470bff
0x00470c07
0x00470c0a
0x00470c10
0x00470c13
0x00470c19
0x00470c1c
0x00470c23
0x00470c2f
0x00470c30
0x00470c35
0x00470c38
0x00470c3b
0x00470c44
0x00470c4a
0x00470c4d
0x00470c59
0x00470c5e
0x00470c63
0x00470c68
0x00470c6b
0x00470c8b
0x00470c8e
0x00470c91
0x00470c96
0x00470c9d
0x00470ca0
0x00470ca5
0x00470ca8
0x00470cad

APIs

GetCurrentThreadId.KERNEL32 ref: 00470C53
EnumThreadWindows.USER32(00000000,00470BAC,00000000), ref: 00470C59

Strings

W3K, xrefs: 00470C9D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Thread$CurrentEnumWindows
String ID: W3K
API String ID: 2396873506-2211912719
Opcode ID: 5407122a50f12af186fd797ae979ed9efde204bb6f4d7b2e98164dea3d88b7c9
Instruction ID: 0c64724396f852626b1d1ba3a4eefb00f80bcf4b64300bdf5b79b1880e5323f7
Opcode Fuzzy Hash: 5407122a50f12af186fd797ae979ed9efde204bb6f4d7b2e98164dea3d88b7c9
Instruction Fuzzy Hash: D3119E70A09740EFE31ACF36DD10A4ABBECFB99714F218576E804E3361EB345E089A14

Uniqueness

Uniqueness Score: -1.00%

Function 00480D4C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00480D4C(long __eax, void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				void* _t20;
				intOrPtr _t27;
				long _t33;
				intOrPtr _t36;

				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t33 = __eax;
				_push(_t36);
				_push(0x480de5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t36;
				if( *0x50b1b8 == 0) {
					L0047F740( &_v12);
					E0047E290(_v12,  &_v8);
					E00406854( &_v8, L"shlwapi.dll");
					_t20 = E00413C38(_v8, __ebx, 0x8000); // executed
					_t23 = _t20;
					if(_t20 != 0) {
						 *0x50b1bc = E00409620(_t23, _t33, _t23, L"SHAutoComplete");
					}
					 *0x50b1b8 = 1;
				}
				if( *0x50b1bc != 0) {
					SHAutoComplete(_t33, 1); // executed
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(E00480DEC);
				return L00406440( &_v12, 2);
			}

0x00480d4f
0x00480d51
0x00480d53
0x00480d54
0x00480d55
0x00480d59
0x00480d5a
0x00480d5f
0x00480d62
0x00480d6c
0x00480d71
0x00480d7c
0x00480d89
0x00480d96
0x00480d9b
0x00480d9f
0x00480dac
0x00480dac
0x00480db1
0x00480db1
0x00480dbf
0x00480dc4
0x00480dc4
0x00480dcc
0x00480dcf
0x00480dd2
0x00480de4

APIs

SHAutoComplete.SHLWAPI(00000000,00000001), ref: 00480DC4

Part of subcall function 0047F740: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0047F753

Part of subcall function 00413C38: SetErrorMode.KERNEL32(00008000,?), ref: 00413C42
Part of subcall function 00413C38: LoadLibraryW.KERNEL32(00000000,00000000,00413C8C,?,00000000,00413CAA,?,00008000,?), ref: 00413C71

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Strings

shlwapi.dll, xrefs: 00480D84
SHAutoComplete, xrefs: 00480DA1

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressAutoCompleteDirectoryErrorLibraryLoadModeProcSystem
String ID: SHAutoComplete$shlwapi.dll
API String ID: 395431579-1506664499
Opcode ID: 4217438cb196449aaf692266dfd182b2e53cfb1efeed1fad7fe7980307e832a2
Instruction ID: f9a17cf6751b6d8d0dfc75ccfce423406b49bb0c2e2d158275f503a9d5ed9283
Opcode Fuzzy Hash: 4217438cb196449aaf692266dfd182b2e53cfb1efeed1fad7fe7980307e832a2
Instruction Fuzzy Hash: D301D230614308AFE790FBA1DC92F9E77ECEB45708F50487AE40062691D7B8AD4CCB98

Uniqueness

Uniqueness Score: -1.00%

Function 0040A124, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A124(long __eax, WCHAR* __edx, void* _a4, char _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				WCHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				WCHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = L00403328();
				_t3 =  &_a8; // 0x4b3357
				_t24 = CreateWindowExW(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12,  *_t3, _a4); // executed
				L00403318(_t13);
				return _t24;
			}

0x0040a12b
0x0040a130
0x0040a132
0x0040a13d
0x0040a163
0x0040a16c
0x0040a178

APIs

CreateWindowExW.USER32 ref: 0040A163

Strings

TWindowDisabler-Window, xrefs: 0040A161
W3K, xrefs: 0040A13D, 0040A140

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateWindow
String ID: TWindowDisabler-Window$W3K
API String ID: 716092398-2310209281
Opcode ID: 525154ca484f26252d46408543c51958e5444091af8ab4db31887610460425bf
Instruction ID: f482a91b61e37fa524220f56b4221b3e08f072a29bcffce70241aac4ef41fcfc
Opcode Fuzzy Hash: 525154ca484f26252d46408543c51958e5444091af8ab4db31887610460425bf
Instruction Fuzzy Hash: 9CF097B2600118BF8B40DE9DDC81DDF77ECEB4D265B054129FA0CE7201D634ED1087A4

Uniqueness

Uniqueness Score: -1.00%

Function 0042DA8C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0042DA8C(int _a4) {
				void* __ebx;
				void* __ebp;
				signed int _t2;
				signed int _t3;
				void* _t7;
				int _t8;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t18;

				_t8 = _a4;
				if( *0x50aed8 == 0) {
					 *0x50aeb0 = L0042D96C(0, _t8, L"GetSystemMetrics",  *0x50aeb0, _t17, _t18);
					_t7 =  *0x50aeb0(_t8); // executed
					return _t7;
				}
				_t3 = _t2 | 0xffffffff;
				_t12 = _t8 + 0xffffffb4 - 2;
				__eflags = _t12;
				if(__eflags < 0) {
					_t3 = 0;
				} else {
					if(__eflags == 0) {
						_t8 = 0;
					} else {
						_t13 = _t12 - 1;
						__eflags = _t13;
						if(_t13 == 0) {
							_t8 = 1;
						} else {
							__eflags = _t13 - 0xffffffffffffffff;
							if(_t13 - 0xffffffffffffffff < 0) {
								_t3 = 1;
							}
						}
					}
				}
				__eflags = _t3 - 0xffffffff;
				if(_t3 != 0xffffffff) {
					return _t3;
				} else {
					return GetSystemMetrics(_t8);
				}
			}

0x0042da90
0x0042da9a
0x0042daae
0x0042dab4
0x00000000
0x0042dab4
0x0042dabc
0x0042dac4
0x0042dac4
0x0042dac7
0x0042dadb
0x0042dac9
0x0042dac9
0x0042dadf
0x0042dacb
0x0042dacb
0x0042dacb
0x0042dacc
0x0042dae3
0x0042dace
0x0042dacf
0x0042dad2
0x0042dad4
0x0042dad4
0x0042dad2
0x0042dacc
0x0042dac9
0x0042dae8
0x0042daeb
0x0042daf5
0x0042daed
0x00000000
0x0042daee

APIs

GetSystemMetrics.USER32 ref: 0042DAEE

Part of subcall function 0042D96C: GetProcAddress.KERNEL32(77400000,00000000), ref: 0042DA08

KiUserCallbackDispatcher.NTDLL ref: 0042DAB4

Strings

GetSystemMetrics, xrefs: 0042DA9C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressCallbackDispatcherMetricsProcSystemUser
String ID: GetSystemMetrics
API String ID: 54681038-96882338
Opcode ID: 0a22105e880c12680412c353e7a1e70c8679e61f69015108c203138733f47b24
Instruction ID: 3c8ac70bac4857bcc7f9e7fc69a6e8620fde02ef0d95847c6b6124ab5750cff9
Opcode Fuzzy Hash: 0a22105e880c12680412c353e7a1e70c8679e61f69015108c203138733f47b24
Instruction Fuzzy Hash: 48F03070F2C2A05ACB105A34FC89E27395AA796334FE04737E512962D5C6BD9C49E31E

Uniqueness

Uniqueness Score: -1.00%

Function 004797F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004797F8(void* __eax) {
				struct HICON__* _t5;
				void* _t7;
				void* _t8;
				struct HINSTANCE__* _t11;
				WCHAR** _t12;
				void* _t13;

				_t13 = __eax;
				 *((intOrPtr*)(_t13 + 0xa4)) = LoadCursorW(0, 0x7f00);
				_t8 = 0xffffffea;
				_t12 = 0x503d38;
				do {
					if(_t8 < 0xffffffef || _t8 > 0xfffffff4) {
						if(_t8 != 0xffffffeb) {
							_t11 = 0;
						} else {
							goto L4;
						}
					} else {
						L4:
						_t11 =  *0x508b50; // 0x400000
					}
					_t5 = LoadCursorW(_t11,  *_t12); // executed
					_t7 = L00479988(_t13, _t5, _t8);
					_t8 = _t8 + 1;
					_t12 =  &(_t12[1]);
				} while (_t8 != 0xffffffff);
				return _t7;
			}

0x004797fc
0x0047980a
0x00479810
0x00479815
0x0047981a
0x0047981d
0x00479827
0x00479831
0x00000000
0x00000000
0x00000000
0x00479829
0x00479829
0x00479829
0x00479829
0x00479837
0x00479842
0x00479847
0x00479848
0x0047984b
0x00479854

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 00479805
LoadCursorW.USER32(00000000,00000000), ref: 00479837

Strings

8=P, xrefs: 00479815

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CursorLoad
String ID: 8=P
API String ID: 3238433803-3568989296
Opcode ID: d6daad5523d3a7c520d40e65917cf2ba34bd3de270a223e33dc55c1c351908dc
Instruction ID: 9a11a810e5521d7f9341e0e65e822e2c76b295f3ddaed8bec4abe59de2850128
Opcode Fuzzy Hash: d6daad5523d3a7c520d40e65917cf2ba34bd3de270a223e33dc55c1c351908dc
Instruction Fuzzy Hash: 7EF08261B016041ADA20653E8CD0EBE73989FC3774F25433BF97DCB2D1C6391C0651AA

Uniqueness

Uniqueness Score: -1.00%

Function 004394E8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36
libraryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004394E8(void* __eax, void* __edx) {
				void* __ebx;
				void* __esi;
				intOrPtr _t3;
				void* _t5;
				void* _t7;
				void* _t8;

				_t10 = __edx;
				_t11 = __eax;
				if( *0x50b048 == 0) {
					if( *0x50b044 == 0) {
						 *0x50b044 = LoadLibraryW(L"DWMAPI.DLL");
					}
					_t8 = 0x80004001;
					if( *0x50b044 > 0) {
						_t3 =  *0x50b044; // 0x74480000
						 *0x50b048 = E00409620(0x80004001, _t11, _t3, L"DwmExtendFrameIntoClientArea");
						if( *0x50b048 != 0) {
							_t5 =  *0x50b048(_t11, _t10); // executed
							_t8 = _t5;
						}
					}
				} else {
					_t7 =  *0x50b048(__eax, __edx); // executed
					_t8 = _t7;
				}
				return _t8;
			}

0x004394eb
0x004394ed
0x004394f6
0x0043950b
0x00439517
0x00439517
0x0043951c
0x00439528
0x0043952f
0x0043953a
0x00439546
0x0043954a
0x00439550
0x00439550
0x00439546
0x004394f8
0x004394fa
0x00439500
0x00439500
0x00439557

APIs

LoadLibraryW.KERNEL32(DWMAPI.DLL,?,?,?,00478BCD), ref: 00439512

Strings

DWMAPI.DLL, xrefs: 0043950D
DwmExtendFrameIntoClientArea, xrefs: 0043952A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LibraryLoad
String ID: DWMAPI.DLL$DwmExtendFrameIntoClientArea
API String ID: 1029625771-2956373744
Opcode ID: 0f21f773b1e05f834ecb4a3960990a206a856ebd093fa031fa2f67580f85f27d
Instruction ID: 2533bf740d6d0fef060d160b55d48e6167c81621efa87fb8f56eccf84f4b3c06
Opcode Fuzzy Hash: 0f21f773b1e05f834ecb4a3960990a206a856ebd093fa031fa2f67580f85f27d
Instruction Fuzzy Hash: 36F036B2601310BFE7215B69ACDCB4F3694975C315F10543BAA1A92362D7BC0DCCDB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004DE1CC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004DE1CC() {
				void* _v8;
				void* __ecx;
				void* _t10;
				long _t16;
				void* _t17;

				if( *0x50c05a == 0) {
					_t17 = 0;
				} else {
					_t17 = 2;
				}
				_t10 = E0047FD20(_t17,  *((intOrPtr*)(0x504598 + ( *0x50c059 & 0x000000ff) * 4)), 0x80000002,  &_v8, 1, 0); // executed
				if(_t10 == 0) {
					E0047FC48();
					E0047FC48();
					_t16 = RegCloseKey(_v8); // executed
					return _t16;
				}
				return _t10;
			}

0x004de1d8
0x004de1de
0x004de1da
0x004de1da
0x004de1da
0x004de1fd
0x004de204
0x004de213
0x004de225
0x004de22e
0x00000000
0x004de22e
0x004de236

APIs

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,004DE54B,00000000,004DE566,?,00000005,00000000,00000000,?,004FCCF4), ref: 004DE22E

Strings

RegisteredOrganization, xrefs: 004DE21D
RegisteredOwner, xrefs: 004DE20B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Close
String ID: RegisteredOrganization$RegisteredOwner
API String ID: 3535843008-1113070880
Opcode ID: 9bc07153b2093205bd48c25e6caea6f949c307c74a5f5fae88d46469a52a7934
Instruction ID: 51872a4b968b3c8950a996b6790c7adbb9f0015cbe27227cdba7499fa3368a13
Opcode Fuzzy Hash: 9bc07153b2093205bd48c25e6caea6f949c307c74a5f5fae88d46469a52a7934
Instruction Fuzzy Hash: F0F0F030704148AFE708E296CDA6BAE77A8A702304F60007BF6005F3C1C6789E059B48

Uniqueness

Uniqueness Score: -1.00%

Function 0042E8C0, Relevance: 4.6, APIs: 3, Instructions: 144
registryCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E0042E8C0(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v9;
				void* _v16;
				short* _t64;
				signed int _t67;
				short* _t72;
				signed int _t75;
				short* _t80;
				signed int _t83;
				signed char _t106;
				intOrPtr _t119;
				signed int _t129;
				void* _t134;
				void* _t137;

				_push(__ebx);
				_v8 = 0;
				_t134 = __eax;
				_push(_t137);
				_push(0x42ea71);
				 *[fs:eax] = _t137 + 0xfffffff4;
				E0040649C( &_v8, __edx,  *[fs:eax]);
				_t106 = E0042E720(_v8, __edx);
				if(_t106 == 0) {
					E00406CBC( &_v8, 1, 1);
				}
				_v16 = 0;
				_t129 =  *(_t134 + 0x18) & 0x00000300;
				_t64 = E004064D4(_v8);
				_t67 = RegOpenKeyExW(E0042E8AC(_t134, _t106), _t64, 0, _t129 | 0x00020019,  &_v16); // executed
				_v9 = _t67 == 0;
				if(_v9 == 0) {
					_t72 = E004064D4(_v8);
					_t75 = RegOpenKeyExW(E0042E8AC(_t134, _t106), _t72, 0, _t129 | 0x00020009,  &_v16);
					_v9 = _t75 == 0;
					if(_v9 == 0) {
						_t80 = E004064D4(_v8);
						_t83 = RegOpenKeyExW(E0042E8AC(_t134, _t106), _t80, 0, _t129 | 0x00000001,  &_v16);
						_v9 = _t83 == 0;
						if(_v9 != 0) {
							_t130 = _t129 | 0x00000001;
							 *(_t134 + 0x18) = _t129 | 0x00000001;
							if(((_t83 & 0xffffff00 |  *((intOrPtr*)(_t134 + 4)) != 0x00000000) & _t106) != 0) {
								_push( *((intOrPtr*)(_t134 + 0x10)));
								_push(0x42ea90);
								_push(_v8);
								E004069F8( &_v8, 3, _t130);
							}
							E0042E888(_t134, _v8, _v16);
						}
					} else {
						_t131 = _t129 | 0x00020009;
						 *(_t134 + 0x18) = _t129 | 0x00020009;
						if(((_t75 & 0xffffff00 |  *((intOrPtr*)(_t134 + 4)) != 0x00000000) & _t106) != 0) {
							_push( *((intOrPtr*)(_t134 + 0x10)));
							_push(0x42ea90);
							_push(_v8);
							E004069F8( &_v8, 3, _t131);
						}
						E0042E888(_t134, _v8, _v16);
					}
				} else {
					_t132 = _t129 | 0x00020019;
					 *(_t134 + 0x18) = _t129 | 0x00020019;
					if(((_t67 & 0xffffff00 |  *((intOrPtr*)(_t134 + 4)) != 0x00000000) & _t106) != 0) {
						_push( *((intOrPtr*)(_t134 + 0x10)));
						_push(0x42ea90);
						_push(_v8);
						E004069F8( &_v8, 3, _t132);
					}
					E0042E888(_t134, _v8, _v16);
				}
				_pop(_t119);
				 *[fs:eax] = _t119;
				_push(0x42ea78);
				return L00406438( &_v8);
			}

0x0042e8c6
0x0042e8cb
0x0042e8d0
0x0042e8d4
0x0042e8d5
0x0042e8dd
0x0042e8e5
0x0042e8f2
0x0042e8f6
0x0042e905
0x0042e905
0x0042e90c
0x0042e912
0x0042e929
0x0042e939
0x0042e940
0x0042e948
0x0042e999
0x0042e9a9
0x0042e9b0
0x0042e9b8
0x0042ea04
0x0042ea14
0x0042ea1b
0x0042ea23
0x0042ea25
0x0042ea28
0x0042ea34
0x0042ea36
0x0042ea39
0x0042ea3e
0x0042ea49
0x0042ea49
0x0042ea56
0x0042ea56
0x0042e9ba
0x0042e9ba
0x0042e9c0
0x0042e9cc
0x0042e9ce
0x0042e9d1
0x0042e9d6
0x0042e9e1
0x0042e9e1
0x0042e9ee
0x0042e9ee
0x0042e94a
0x0042e94a
0x0042e950
0x0042e95c
0x0042e95e
0x0042e961
0x0042e966
0x0042e971
0x0042e971
0x0042e97e
0x0042e97e
0x0042ea5d
0x0042ea60
0x0042ea63
0x0042ea70

APIs

RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,?,?,00000000,0042EA71), ref: 0042E939
RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,0042EA71), ref: 0042E9A9
RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?), ref: 0042EA14

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: c6a256ca2b77c0eb849fd58c5bc524bfa4762c6abff35eb9cc59e4513da43c38
Instruction ID: 4836d1a53404c84c73cf0765aeaaeed8c68258d9f2bc58b5e3cafa5e6262cb3c
Opcode Fuzzy Hash: c6a256ca2b77c0eb849fd58c5bc524bfa4762c6abff35eb9cc59e4513da43c38
Instruction Fuzzy Hash: A741B370F00218AFDB11EBA6D842B9EB7FAAF44344F95447AB845E3282C7399F059748

Uniqueness

Uniqueness Score: -1.00%

Function 00426344, Relevance: 4.6, APIs: 3, Instructions: 105
fileCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E00426344(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t29;
				void* _t51;
				void* _t65;
				void* _t66;
				intOrPtr _t70;
				intOrPtr _t72;
				char _t73;
				intOrPtr _t77;
				void* _t89;
				void* _t91;
				void* _t92;
				intOrPtr _t93;

				_t73 = __edx;
				_t66 = __ecx;
				_t91 = _t92;
				_t93 = _t92 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t93 = _t93 + 0xfffffff0;
					_t29 = E004044D0(_t29, _t91);
				}
				_t89 = _t66;
				_v5 = _t73;
				_t65 = _t29;
				_t87 = _a8;
				_push(_t91);
				_push(0x42648c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t93;
				if(_a8 != 0xffff) {
					E0042623C(L0040D55C(_t89, _t87 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t65 + 4)) == 0xffffffff) {
						L0040D814(_t89,  &_v36);
						_v24 = _v36;
						_v20 = 0x11;
						E00410F70(GetLastError(),  &_v40);
						_v16 = _v40;
						_v12 = 0x11;
						_t70 =  *0x504998; // 0x40a7c4
						L00411A28(_t65, _t70, 1, _t87, _t89, 1,  &_v24);
						E00404A74();
					}
				} else {
					_t51 = CreateFileW(E004064D4(_t89), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
					E0042623C(_t51, 0);
					if( *((intOrPtr*)(_t65 + 4)) == 0xffffffff) {
						L0040D814(_t89,  &_v28);
						_v24 = _v28;
						_v20 = 0x11;
						E00410F70(GetLastError(),  &_v32);
						_v16 = _v32;
						_v12 = 0x11;
						_t72 =  *0x505044; // 0x40a7bc
						L00411A28(_t65, _t72, 1, _t87, _t89, 1,  &_v24);
						E00404A74();
					}
				}
				_t27 = _t65 + 8; // 0x4214d0
				E00406448(_t27, _t89);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E00426493);
				return L00406440( &_v40, 4);
			}

0x00426344
0x00426344
0x00426345
0x00426347
0x0042634f
0x00426352
0x00426355
0x00426358
0x0042635d
0x0042635f
0x00426362
0x00426362
0x00426367
0x00426369
0x0042636c
0x0042636e
0x00426373
0x00426374
0x00426379
0x0042637c
0x00426384
0x00426414
0x0042641d
0x00426424
0x0042642c
0x0042642f
0x0042643b
0x00426443
0x00426446
0x00426450
0x0042645d
0x00426462
0x00426462
0x00426386
0x004263a0
0x004263ab
0x004263b4
0x004263bf
0x004263c7
0x004263ca
0x004263d6
0x004263de
0x004263e1
0x004263eb
0x004263f8
0x004263fd
0x004263fd
0x004263b4
0x00426467
0x0042646c
0x00426473
0x00426476
0x00426479
0x0042648b

APIs

CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,0042648C,?,?,004214C8,00000001), ref: 004263A0
GetLastError.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00000000,0042648C,?,?,004214C8,00000001), ref: 004263CE

Part of subcall function 0040D55C: CreateFileW.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,?,?,004214C8,0042640E,00000000,0042648C,?,?,004214C8), ref: 0040D5AA

Part of subcall function 0040D814: GetFullPathNameW.KERNEL32(00000000,00000104,?,?,?,004214C8,00426429,00000000,0042648C,?,?,004214C8,00000001), ref: 0040D833

GetLastError.KERNEL32(00000000,0042648C,?,?,004214C8,00000001), ref: 00426433

Part of subcall function 00410F70: FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,004214C8,00426440,00000000,0042648C,?,?,004214C8,00000001), ref: 00410F8F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateErrorFileLast$FormatFullMessageNamePath
String ID:
API String ID: 503785936-0
Opcode ID: 4ebafb9061733ac4e4a1bd852e14f30d216939e702cf820ba28c3b888fade683
Instruction ID: 207c32289ed3582f34b3c45b8b5ed7144cd3c487ec8e13a5d1f2876b7d7034a6
Opcode Fuzzy Hash: 4ebafb9061733ac4e4a1bd852e14f30d216939e702cf820ba28c3b888fade683
Instruction Fuzzy Hash: E4318270B002189FDB10EFA98C42ADEB7F0AB48318F51816AF914A73C2D7795D458AAD

Uniqueness

Uniqueness Score: -1.00%

Function 0041253C, Relevance: 4.6, APIs: 3, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E0041253C(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				char _v8;
				intOrPtr _v12;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t28;
				int _t39;
				int _t51;
				intOrPtr _t59;
				intOrPtr _t60;
				void* _t63;
				void* _t64;
				intOrPtr _t65;

				_t63 = _t64;
				_t65 = _t64 + 0xffffffe8;
				_v8 = 0;
				_push(_t63);
				_push(0x412612);
				 *[fs:eax] = _t65;
				_v12 = 0xffffffff;
				E0040649C( &_v8, __eax,  *[fs:eax]);
				E00406EB0( &_v8, __esi);
				_t28 = GetFileVersionInfoSizeW(E004064D4(_v8),  &_v16); // executed
				_t51 = _t28;
				if(_t51 == 0) {
					_pop(_t59);
					 *[fs:eax] = _t59;
					_push(E00412619);
					return L00406438( &_v8);
				} else {
					_v20 = E00403018(_t51);
					_push(_t63);
					_push(0x4125f5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t65;
					_t39 = GetFileVersionInfoW(E004064D4(_v8), _v16, _t51, _v20); // executed
					if(_t39 != 0 && VerQueryValueW(_v20, E00412624,  &_v24,  &_v28) != 0) {
						_v12 =  *((intOrPtr*)(_v24 + 8));
					}
					_pop(_t60);
					 *[fs:eax] = _t60;
					_push(0x4125fc);
					return E00403034(_v20);
				}
			}

0x0041253d
0x0041253f
0x00412545
0x0041254c
0x0041254d
0x00412555
0x00412558
0x00412564
0x0041256c
0x0041257e
0x00412583
0x00412587
0x004125fe
0x00412601
0x00412604
0x00412611
0x00412589
0x00412590
0x00412595
0x00412596
0x0041259b
0x0041259e
0x004125b3
0x004125ba
0x004125dc
0x004125dc
0x004125e1
0x004125e4
0x004125e7
0x004125f4
0x004125f4

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00412612), ref: 0041257E
GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,004125F5,?,00000000,?,00000000,00412612), ref: 004125B3
VerQueryValueW.VERSION(?,00412624,?,?,00000000,?,00000000,?,00000000,004125F5,?,00000000,?,00000000,00412612), ref: 004125CD

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue
String ID:
API String ID: 2179348866-0
Opcode ID: 8c5b856bdecb927ff9b1633c14641042daf61aaa873bbbc593e755ba72af7f68
Instruction ID: 8597d6c3fb7c4a3ec38beb6f047540a6cae548e5be3745bac87735c7989b36e7
Opcode Fuzzy Hash: 8c5b856bdecb927ff9b1633c14641042daf61aaa873bbbc593e755ba72af7f68
Instruction Fuzzy Hash: B9215671A10609AFDB01EFA5CD9189EB7FDEB483047514476B400E3691D778EE54D728

Uniqueness

Uniqueness Score: -1.00%

Function 004ACCD8, Relevance: 4.6, APIs: 3, Instructions: 76
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E004ACCD8(void* __eax, void* __edx) {
				void* _v8;
				signed int _v9;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t22;
				intOrPtr* _t23;
				int _t32;
				int _t43;
				intOrPtr _t51;
				short* _t54;
				void* _t60;
				void* _t64;
				void* _t66;
				intOrPtr _t67;

				_t64 = _t66;
				_t67 = _t66 + 0xffffffe8;
				_v8 = __edx;
				_t60 = __eax;
				_v9 = 0;
				_t54 = E004064D4(__eax);
				_t22 = GetFileVersionInfoSizeW(_t54,  &_v16); // executed
				_t43 = _t22;
				if(_t43 <= 0) {
					_t23 =  *0x505038; // 0x502914
					if( *_t23 != 1) {
						_v9 = E004ACAFC(_t60, _v8);
					}
					return _v9 & 0x000000ff;
				} else {
					_v20 = E00403018(_t43);
					_push(_t64);
					_push(0x4acd73);
					_push( *[fs:eax]);
					 *[fs:eax] = _t67;
					_t32 = GetFileVersionInfoW(_t54, _v16, _t43, _v20); // executed
					if(_t32 != 0 && VerQueryValueW(_v20, E004ACD9C,  &_v24,  &_v28) != 0) {
						memcpy(_v8, _v24, 0xd << 2);
						_v9 = 1;
					}
					_pop(_t51);
					 *[fs:eax] = _t51;
					_push(E004ACD91);
					return E00403034(_v20);
				}
			}

0x004accd9
0x004accdb
0x004acce1
0x004acce4
0x004acce6
0x004accf5
0x004accf8
0x004accfd
0x004acd01
0x004acd7a
0x004acd82
0x004acd8e
0x004acd8e
0x004acd9b
0x004acd03
0x004acd0a
0x004acd0f
0x004acd10
0x004acd15
0x004acd18
0x004acd25
0x004acd2c
0x004acd57
0x004acd59
0x004acd59
0x004acd5f
0x004acd62
0x004acd65
0x004acd72
0x004acd72

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,?,?,?), ref: 004ACCF8
GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,004ACD73,?,00000000,?,?,?,?), ref: 004ACD25
VerQueryValueW.VERSION(?,004ACD9C,?,?,00000000,?,00000000,?,00000000,004ACD73,?,00000000,?,?,?,?), ref: 004ACD3F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue
String ID:
API String ID: 2179348866-0
Opcode ID: bef84ca1fdb68ace35b2475b7fe7e5d1a8b99fc2633aefe85f8831ca9cab25bc
Instruction ID: 7bcec5a31399786b62bbc89f378cb89d298648ad0954409e3809339a02107faa
Opcode Fuzzy Hash: bef84ca1fdb68ace35b2475b7fe7e5d1a8b99fc2633aefe85f8831ca9cab25bc
Instruction Fuzzy Hash: FA219271A00108AFDB01DAA9CC819BFBBFCEB5A340F1544BAF904E3391D6789E048769

Uniqueness

Uniqueness Score: -1.00%

Function 0041253A, Relevance: 4.6, APIs: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E0041253A(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				char _v8;
				intOrPtr _v12;
				int _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _t28;
				int _t39;
				int _t51;
				intOrPtr _t59;
				intOrPtr _t60;
				void* _t63;
				void* _t64;
				intOrPtr _t65;

				_t63 = _t64;
				_t65 = _t64 + 0xffffffe8;
				_v8 = 0;
				_push(_t63);
				_push(0x412612);
				 *[fs:eax] = _t65;
				_v12 = 0xffffffff;
				E0040649C( &_v8, __eax,  *[fs:eax]);
				E00406EB0( &_v8, __esi);
				_t28 = GetFileVersionInfoSizeW(E004064D4(_v8),  &_v16); // executed
				_t51 = _t28;
				if(_t51 == 0) {
					_pop(_t59);
					 *[fs:eax] = _t59;
					_push(E00412619);
					return L00406438( &_v8);
				} else {
					_v20 = E00403018(_t51);
					_push(_t63);
					_push(0x4125f5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t65;
					_t39 = GetFileVersionInfoW(E004064D4(_v8), _v16, _t51, _v20); // executed
					if(_t39 != 0 && VerQueryValueW(_v20, E00412624,  &_v24,  &_v28) != 0) {
						_v12 =  *((intOrPtr*)(_v24 + 8));
					}
					_pop(_t60);
					 *[fs:eax] = _t60;
					_push(0x4125fc);
					return E00403034(_v20);
				}
			}

APIs

GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00412612), ref: 0041257E
GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,004125F5,?,00000000,?,00000000,00412612), ref: 004125B3
VerQueryValueW.VERSION(?,00412624,?,?,00000000,?,00000000,?,00000000,004125F5,?,00000000,?,00000000,00412612), ref: 004125CD

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileInfoVersion$QuerySizeValue
String ID:
API String ID: 2179348866-0
Opcode ID: 8b676351b30771217cdecde60571bfffc2e8dd4fac721b99b12144ed8980dad8
Instruction ID: 78b29c9523cf09725b32f4a98304c5efa716b0c12bf15eab49a05554d671a726
Opcode Fuzzy Hash: 8b676351b30771217cdecde60571bfffc2e8dd4fac721b99b12144ed8980dad8
Instruction Fuzzy Hash: D0216671A10209BFCB00DFA5CD918AFB7FDEB08304B514476B500E3291D778EE509718

Uniqueness

Uniqueness Score: -1.00%

Function 00470BAC, Relevance: 4.5, APIs: 3, Instructions: 27
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00470BAC(void* __edx, struct HWND__* _a4) {
				signed int _t3;
				intOrPtr* _t6;
				struct HWND__* _t7;
				intOrPtr _t9;
				void* _t10;

				_t7 = _a4;
				_t10 = _t7 -  *0x503ca4; // 0x0
				if(_t10 != 0) {
					_t3 = IsWindowVisible(_t7);
					if(_t3 != 0) {
						_t3 = IsWindowEnabled(_t7);
						if(_t3 != 0) {
							_t6 = E00403018(8);
							_t9 =  *0x503cb4; // 0x0
							 *_t6 = _t9;
							 *(_t6 + 4) = _t7;
							 *0x503cb4 = _t6;
							_t3 = EnableWindow(_t7, 0); // executed
						}
					}
				}
				return _t3 | 0xffffffff;
			}

0x00470bb0
0x00470bb3
0x00470bb9
0x00470bbc
0x00470bc3
0x00470bc6
0x00470bcd
0x00470bd4
0x00470bd9
0x00470bdf
0x00470be1
0x00470be4
0x00470bec
0x00470bec
0x00470bcd
0x00470bc3
0x00470bf6

APIs

IsWindowVisible.USER32(?), ref: 00470BBC
IsWindowEnabled.USER32(?), ref: 00470BC6
EnableWindow.USER32(?,00000000), ref: 00470BEC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$EnableEnabledVisible
String ID:
API String ID: 3234591441-0
Opcode ID: d46501bebeafc00ff47df9b4d363ff1e99f8e84b38ac06fc1bffa94e40175278
Instruction ID: 80d53781af6986638e65c2b265dd878f3218a2623050f52a722c61257d06fa87
Opcode Fuzzy Hash: d46501bebeafc00ff47df9b4d363ff1e99f8e84b38ac06fc1bffa94e40175278
Instruction Fuzzy Hash: 26E0E5701452005AE710AF7BDDC2A1AB79CBF54354F50892AB848A73D3DE79FD045664

Uniqueness

Uniqueness Score: -1.00%

Function 004CA018, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 258
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E004CA018(void* __eax, void* __ebx, signed int __ecx, char __edx, void* __edi, void* __esi, void* __eflags, char _a4) {
				signed int _v8;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				signed int _t68;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				void* _t74;
				signed int _t76;
				intOrPtr _t77;
				signed int _t86;
				signed int _t88;
				signed int _t93;
				signed int _t103;
				int _t106;
				intOrPtr _t107;
				intOrPtr _t110;
				intOrPtr _t119;
				signed int _t122;
				signed int _t124;
				signed char _t125;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				signed int _t130;
				intOrPtr _t131;
				signed int _t136;
				intOrPtr _t137;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				intOrPtr _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t170;
				void* _t184;
				signed int _t185;
				intOrPtr _t193;

				_t190 = __esi;
				_t189 = __edi;
				_t150 = __ecx;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__esi);
				_v14 = __ecx;
				_v13 = __edx;
				_t148 = __eax;
				_push(_t193);
				_push(0x4ca31c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t193;
				_v15 = 0;
				E0045B0C8(__eax,  &_v8, __eflags);
				L004C3B78( &_v8, _t148, __edi, __esi);
				E0045B100(_t148, _t148, _t150, _v8, __esi);
				_t68 = _v8;
				if(_t68 != 0) {
					_t68 =  *((intOrPtr*)(_t68 - 4));
				}
				if(_t68 <= 0xf0) {
					_t69 = _v8;
					__eflags = _t69;
					if(_t69 != 0) {
						_t142 = _t69 - 4;
						__eflags = _t142;
						_t69 =  *_t142;
					}
					__eflags = _t69 - 2;
					if(_t69 < 2) {
						_t70 = 0;
						__eflags = 0;
					} else {
						_t141 = _v8;
						__eflags =  *_t141 - 0x5c;
						_t70 = _t141 & 0xffffff00 |  *_t141 == 0x0000005c;
					}
					__eflags = _t70;
					if(_t70 == 0) {
						_t71 = 0;
						__eflags = 0;
					} else {
						_t140 = _v8;
						__eflags =  *((short*)(_t140 + 2)) - 0x5c;
						_t71 = _t140 & 0xffffff00 |  *((short*)(_t140 + 2)) == 0x0000005c;
					}
					_t149 = _t71;
					__eflags = _t149;
					if(_t149 == 0) {
						L15:
						__eflags = _t149;
						if(_t149 != 0) {
							_t190 = _v8 + 4;
							_t74 = E0047E9F8(_t190, 0x5c);
							__eflags = _t190 - _t74;
							if(_t190 < _t74) {
								goto L40;
							} else {
								_t119 =  *0x504e48; // 0x50b83c
								_t33 = _t119 + 0x19c; // 0x25843fc
								L004E11BC( *_t33, _t149, 2, 0, _t189, _t190, 1, 1, 0);
							}
						} else {
							__eflags = _v14;
							if(_v14 != 0) {
								_t184 = 3;
							} else {
								_t184 = 4;
							}
							_t122 = _v8;
							__eflags = _t122;
							if(_t122 != 0) {
								_t136 = _t122 - 4;
								__eflags = _t136;
								_t122 =  *_t136;
							}
							__eflags = _t184 - _t122;
							if(_t184 <= _t122) {
								_t185 =  *_v8 & 0x0000ffff;
								_t124 = _t185;
								_t150 = _t185 + 0xffffff9f - 0x1a;
								__eflags = _t185 + 0xffffff9f - 0x1a;
								if(_t185 + 0xffffff9f - 0x1a < 0) {
									_t124 = _t185 & 0x0000ffdf;
									__eflags = _t124;
								}
								_t190 = 0x4ca330;
								__eflags = _t124 - 0x100;
								if(__eflags >= 0) {
									L27:
									_t125 = 0;
								} else {
									asm("bt [esi], eax");
									if(__eflags < 0) {
										_t125 = 1;
									} else {
										goto L27;
									}
								}
								_t126 = _t125 ^ 0x00000001;
								__eflags = _t126;
							} else {
								_t126 = 1;
							}
							__eflags = _t126;
							if(_t126 == 0) {
								_t127 = _v8;
								__eflags =  *((short*)(_t127 + 2)) - 0x3a;
								_t25 =  *((short*)(_t127 + 2)) != 0x3a;
								__eflags = _t25;
								_t128 = _t127 & 0xffffff00 | _t25;
							} else {
								_t128 = 1;
							}
							__eflags = _t128;
							if(_t128 == 0) {
								_t129 = _v8;
								__eflags =  *((short*)(_t129 + 4)) - 0x5c;
								_t29 =  *((short*)(_t129 + 4)) != 0x5c;
								__eflags = _t29;
								_t130 = _t129 & 0xffffff00 | _t29;
							} else {
								_t130 = 1;
							}
							__eflags = _t130;
							if(_t130 == 0) {
								L40:
								_t76 = L004C3CC0(_v8);
								__eflags = _t76;
								if(_t76 != 0) {
									L43:
									_t77 =  *0x504e48; // 0x50b83c
									_t37 = _t77 + 0x18c; // 0x260afec
									L004E11BC( *_t37, _t149, 2, 0, _t189, _t190, 1, 1, 0);
								} else {
									_t86 = L004C3CE8(_v8);
									__eflags = _t86;
									if(_t86 != 0) {
										goto L43;
									} else {
										_t88 = L004C3D28(_v8, _t150);
										__eflags = _t88;
										if(_t88 == 0) {
											E00406BEC(_v8, _t149, 3, _t189, _t190,  &_v20);
											_t93 = E0047E870(L"/:*?\"<>|", _v20);
											__eflags = _t93;
											if(_t93 == 0) {
												E0047E794(_v8, 0x7fffffff,  &_v36);
												E0047E290(_v36,  &_v32);
												E0047EA84(_v32, 0x7fffffff,  &_v12, __eflags);
												E004C9FAC(_v12, _t189, _t190); // executed
												_t103 = E0047EB68(__eflags);
												__eflags = _t103;
												if(_t103 != 0) {
													__eflags = _t149;
													if(_t149 != 0) {
														L52:
														_v15 = 1;
													} else {
														__eflags = _a4;
														if(_a4 != 0) {
															goto L52;
														} else {
															_t106 = GetDriveTypeW(E004064D4(_v12));
															__eflags = _t106 - 4;
															if(_t106 != 4) {
																goto L52;
															} else {
																_t107 =  *0x504e48; // 0x50b83c
																_t56 = _t107 + 0x68; // 0x2619574
																L004E11BC( *_t56, _t149, 2, 0, _t189, _t190, 1, 1, 0);
															}
														}
													}
												} else {
													_t110 =  *0x504e48; // 0x50b83c
													_t53 = _t110 + 0x190; // 0x24e695c
													L004E11BC( *_t53, _t149, 2, 0, _t189, _t190, 1, 1, 0);
												}
											} else {
												L004C3DAC(L"/:*?\"<>|", _t149,  &_v28, _t189, _t190);
												L004ABB3C(7,  &_v24, _v28);
												L004E11BC(_v24, _t149, 2, 0, _t189, _t190, 1, 1, 0);
											}
										} else {
											goto L43;
										}
									}
								}
							} else {
								_t131 =  *0x504e48; // 0x50b83c
								_t30 = _t131 + 0x19c; // 0x25843fc
								L004E11BC( *_t30, _t149, 2, 0, _t189, _t190, 1, 1, 0);
							}
						}
					} else {
						__eflags = _v13;
						if(_v13 != 0) {
							goto L15;
						} else {
							_t137 =  *0x504e48; // 0x50b83c
							_t18 = _t137 + 0x6c; // 0x25f5644
							L004E11BC( *_t18, _t149, 2, 0, _t189, _t190, 1, 1, 0);
						}
					}
				} else {
					_t143 =  *0x504e48; // 0x50b83c
					_t8 = _t143 + 0xb4; // 0x25fc5cc
					L004E11BC( *_t8, _t148, 2, 0, _t189, _t190, 1, 1, 0);
				}
				_pop(_t170);
				 *[fs:eax] = _t170;
				_push(0x4ca323);
				L00406440( &_v36, 5);
				return L00406440( &_v12, 2);
			}

0x004ca018
0x004ca018
0x004ca018
0x004ca01b
0x004ca01d
0x004ca01f
0x004ca021
0x004ca023
0x004ca025
0x004ca027
0x004ca029
0x004ca02c
0x004ca02d
0x004ca030
0x004ca033
0x004ca037
0x004ca038
0x004ca03d
0x004ca040
0x004ca043
0x004ca04c
0x004ca054
0x004ca05e
0x004ca063
0x004ca068
0x004ca06d
0x004ca06d
0x004ca074
0x004ca095
0x004ca098
0x004ca09a
0x004ca09c
0x004ca09c
0x004ca09f
0x004ca09f
0x004ca0a1
0x004ca0a4
0x004ca0b2
0x004ca0b2
0x004ca0a6
0x004ca0a6
0x004ca0a9
0x004ca0ad
0x004ca0ad
0x004ca0b4
0x004ca0b6
0x004ca0c5
0x004ca0c5
0x004ca0b8
0x004ca0b8
0x004ca0bb
0x004ca0c0
0x004ca0c0
0x004ca0c7
0x004ca0c9
0x004ca0cb
0x004ca0ef
0x004ca0ef
0x004ca0f1
0x004ca19d
0x004ca1a6
0x004ca1ab
0x004ca1ad
0x00000000
0x004ca1af
0x004ca1b5
0x004ca1ba
0x004ca1c4
0x004ca1c4
0x004ca0f7
0x004ca0f7
0x004ca0fb
0x004ca104
0x004ca0fd
0x004ca0fd
0x004ca0fd
0x004ca109
0x004ca10c
0x004ca10e
0x004ca110
0x004ca110
0x004ca113
0x004ca113
0x004ca115
0x004ca117
0x004ca120
0x004ca123
0x004ca12a
0x004ca12a
0x004ca12e
0x004ca132
0x004ca132
0x004ca132
0x004ca136
0x004ca13b
0x004ca13f
0x004ca149
0x004ca149
0x004ca141
0x004ca144
0x004ca147
0x004ca14d
0x00000000
0x00000000
0x00000000
0x004ca147
0x004ca14f
0x004ca14f
0x004ca119
0x004ca119
0x004ca119
0x004ca151
0x004ca153
0x004ca159
0x004ca15c
0x004ca161
0x004ca161
0x004ca161
0x004ca155
0x004ca155
0x004ca155
0x004ca164
0x004ca166
0x004ca16c
0x004ca16f
0x004ca174
0x004ca174
0x004ca174
0x004ca168
0x004ca168
0x004ca168
0x004ca177
0x004ca179
0x004ca1ce
0x004ca1d1
0x004ca1d6
0x004ca1d8
0x004ca1f2
0x004ca1f8
0x004ca1fd
0x004ca207
0x004ca1da
0x004ca1dd
0x004ca1e2
0x004ca1e4
0x00000000
0x004ca1e6
0x004ca1e9
0x004ca1ee
0x004ca1f0
0x004ca222
0x004ca22f
0x004ca234
0x004ca236
0x004ca26f
0x004ca27a
0x004ca285
0x004ca28d
0x004ca295
0x004ca29a
0x004ca29c
0x004ca2ba
0x004ca2bc
0x004ca2f0
0x004ca2f0
0x004ca2be
0x004ca2be
0x004ca2c2
0x00000000
0x004ca2c4
0x004ca2cd
0x004ca2d2
0x004ca2d5
0x00000000
0x004ca2d7
0x004ca2dd
0x004ca2e2
0x004ca2e9
0x004ca2e9
0x004ca2d5
0x004ca2c2
0x004ca29e
0x004ca2a4
0x004ca2a9
0x004ca2b3
0x004ca2b3
0x004ca238
0x004ca246
0x004ca253
0x004ca25f
0x004ca25f
0x00000000
0x00000000
0x00000000
0x004ca1f0
0x004ca1e4
0x004ca17b
0x004ca181
0x004ca186
0x004ca190
0x004ca190
0x004ca179
0x004ca0cd
0x004ca0cd
0x004ca0d1
0x00000000
0x004ca0d3
0x004ca0d9
0x004ca0de
0x004ca0e5
0x004ca0e5
0x004ca0d1
0x004ca076
0x004ca07c
0x004ca081
0x004ca08b
0x004ca08b
0x004ca2f6
0x004ca2f9
0x004ca2fc
0x004ca309
0x004ca31b

Strings

/:*?"<>|, xrefs: 004CA22A, 004CA241

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID: /:*?"<>|
API String ID: 0-4078764451
Opcode ID: 43a705417e1ef5f5df41a7b2df8927f8e24d3e042aa1759931d9027a5f918944
Instruction ID: 78e3d31ff2c7673dd9f12dc5035f4cff248215a6f13dd27949481a84fa5360e9
Opcode Fuzzy Hash: 43a705417e1ef5f5df41a7b2df8927f8e24d3e042aa1759931d9027a5f918944
Instruction Fuzzy Hash: F791A43C7002589BDB50EB65C942FEE73A1AB4530CF1880AAF900AB392D7BDDD55974A

Uniqueness

Uniqueness Score: -1.00%

Function 004C7728, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E004C7728(intOrPtr __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, signed int _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v13;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void* _t109;
				intOrPtr* _t110;
				intOrPtr _t117;
				intOrPtr* _t163;
				intOrPtr _t165;
				char* _t174;
				intOrPtr* _t175;
				intOrPtr _t178;
				intOrPtr* _t182;
				signed int _t185;
				intOrPtr* _t193;
				intOrPtr _t197;
				void* _t212;
				intOrPtr _t221;
				intOrPtr _t229;
				intOrPtr _t235;
				intOrPtr _t249;
				void* _t253;
				void* _t255;
				void* _t256;
				intOrPtr _t257;

				_t264 = __fp0;
				_t251 = __edi;
				_t207 = __ecx;
				_t255 = _t256;
				_t257 = _t256 + 0xffffffe0;
				_push(__ebx);
				_push(__esi);
				_v36 = 0;
				_v28 = 0;
				_v32 = 0;
				_t253 = __ecx;
				_t204 = __edx;
				_v8 = __eax;
				_push(_t255);
				_push(0x4c7a77);
				 *[fs:eax] = _t257;
				E00406448(_a4, 0,  *[fs:eax]);
				 *(_v8 + 0x512) = 0;
				E0045B010( *((intOrPtr*)(_v8 + 0x48c)), 0);
				E0045B010( *((intOrPtr*)(_v8 + 0x490)), 0);
				E0045B010( *((intOrPtr*)(_v8 + 0x4c0)), 0);
				E0045B010( *((intOrPtr*)(_v8 + 0x4c4)), 0);
				E0045B010( *((intOrPtr*)(_v8 + 0x4c8)), 0);
				_t109 = E004DFBB0(__edx, _t253, __edi, __fp0); // executed
				if(_t109 != 0) {
					_t110 =  *0x504b88; // 0x50c0a4
					__eflags =  *_t110;
					if(__eflags == 0) {
						goto L7;
					} else {
						_t163 =  *0x504b88; // 0x50c0a4
						_t165 = E004FA028( *_t163, "PrepareToInstall", __eflags);
						__eflags = _t165;
						if(_t165 == 0) {
							goto L7;
						} else {
							E004C88C0(_v8, _t204, 0xb, __edi, _t253, __fp0); // executed
							E0045B010( *((intOrPtr*)(_v8 + 0x390)), 0);
							E0045B010( *((intOrPtr*)(_v8 + 0x38c)), 0);
							_t174 =  *0x504cac; // 0x50c057
							__eflags =  *_t174 - 1;
							if( *_t174 == 1) {
								_t193 =  *0x504e38; // 0x50b17c
								SetActiveWindow( *( *_t193 + 0x170));
								_t197 =  *0x50bcd4; // 0x3596e80
								L00477FB4(_t197);
							}
							_t175 =  *0x50bcd4; // 0x3596e80
							 *((intOrPtr*)( *_t175 + 0x8c))();
							_t178 = E0048148C(_t204, 1, _t251, _t253); // executed
							_v12 = _t178;
							_push(_t255);
							_push( *[fs:eax]);
							 *[fs:eax] = _t257;
							_v13 = 0;
							_v24 =  &_v13;
							_v20 = 5;
							_t182 =  *0x504b88; // 0x50c0a4
							L004FA2D4( *_t182,  &_v24, "PrepareToInstall", __eflags, _t264, _a4, 0, 1, 0); // executed
							_t185 = _a4;
							__eflags =  *_t185;
							 *(_v8 + 0x512) = (_t185 & 0xffffff00 |  *_t185 != 0x00000000) & _v13;
							__eflags = 0;
							_pop(_t249);
							_t212 = 0x4c78de;
							 *[fs:eax] = _t249;
							_push(0x4c78e5);
							E00404098(_v12);
							return E004C872C(_v8, _t212, __eflags, _t264);
						}
					}
				} else {
					L004C3AE0(0x80, _a4);
					 *(_v8 + 0x512) = 1;
					L7:
					if( *_a4 != 0) {
						if( *(_v8 + 0x512) == 0) {
							_push( *_a4);
							_push(0x4c7ab4);
							_push(0x4c7ab4);
							_push(0x4c7ab4);
							_t117 =  *0x504e48; // 0x50b83c
							_t54 = _t117 + 0x64; // 0x24edf44
							_push( *_t54);
							E004069F8( &_v36, 5, _t251);
							E0045B100( *((intOrPtr*)(_v8 + 0x490)), _t204, _t207, _v36, _t253);
						} else {
							_push( *_a4);
							_push(0x4c7ab4);
							_push(0x4c7ab4);
							_push(0x4c7ab4);
							L004C3AE0(0x58,  &_v32);
							_push(_v32);
							_push(0x4c7ab4);
							E004069F8( &_v28, 6, _t251);
							E0045B100( *((intOrPtr*)(_v8 + 0x490)), _t204, _t207, _v28, _t253);
						}
						L004C3E5C( *((intOrPtr*)(_v8 + 0x490)));
						E0045B010( *((intOrPtr*)(_v8 + 0x48c)), 1);
						E0045B010( *((intOrPtr*)(_v8 + 0x490)), 1);
						if( *(_v8 + 0x512) != 0) {
							_t206 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x490)) + 0x44)) +  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x490)) + 0x4c));
							E0045A724( *((intOrPtr*)(_v8 + 0x4c0)),  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x490)) + 0x44)) +  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x490)) + 0x4c)));
							_t229 =  *0x504e48; // 0x50b83c
							_t74 = _t229 + 0x370; // 0x260b2bc
							E0045B100( *((intOrPtr*)(_v8 + 0x4c0)),  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x490)) + 0x44)) +  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x490)) + 0x4c)), _t207,  *_t74, _t253);
							E0045B010( *((intOrPtr*)(_v8 + 0x4c0)), 1);
							E0045A724( *((intOrPtr*)(_v8 + 0x4c4)), L004FB18C(_v8, 0x16) + _t206);
							_t235 =  *0x504e48; // 0x50b83c
							_t82 = _t235 + 0x1cc; // 0x25fc7ac
							E0045B100( *((intOrPtr*)(_v8 + 0x4c4)), _t206, _t207,  *_t82, _t253);
							E0045B010( *((intOrPtr*)(_v8 + 0x4c4)), 1);
						}
					}
					_pop(_t221);
					 *[fs:eax] = _t221;
					_push(0x4c7a7e);
					return L00406440( &_v36, 3);
				}
			}

0x004c7728
0x004c7728
0x004c7728
0x004c7729
0x004c772b
0x004c772e
0x004c772f
0x004c7732
0x004c7735
0x004c7738
0x004c773b
0x004c773d
0x004c773f
0x004c7744
0x004c7745
0x004c774d
0x004c7755
0x004c775d
0x004c776f
0x004c777f
0x004c778f
0x004c779f
0x004c77af
0x004c77b8
0x004c77bf
0x004c77da
0x004c77df
0x004c77e2
0x00000000
0x004c77e8
0x004c77e8
0x004c77f4
0x004c77f9
0x004c77fb
0x00000000
0x004c7801
0x004c7809
0x004c7819
0x004c7829
0x004c782e
0x004c7833
0x004c7836
0x004c7838
0x004c7846
0x004c784b
0x004c7850
0x004c7850
0x004c7855
0x004c785c
0x004c7869
0x004c786e
0x004c7873
0x004c7879
0x004c787c
0x004c787f
0x004c7890
0x004c7893
0x004c789a
0x004c78a6
0x004c78ab
0x004c78ae
0x004c78ba
0x004c78c0
0x004c78c2
0x004c78c4
0x004c78c5
0x004c78c8
0x004c78d0
0x004c78dd
0x004c78dd
0x004c77fb
0x004c77c1
0x004c77c6
0x004c77ce
0x004c78f1
0x004c78f7
0x004c7907
0x004c7952
0x004c7954
0x004c7959
0x004c795e
0x004c7963
0x004c7968
0x004c7968
0x004c7973
0x004c7984
0x004c7909
0x004c790c
0x004c790e
0x004c7913
0x004c7918
0x004c7922
0x004c7927
0x004c792a
0x004c7937
0x004c7948
0x004c7948
0x004c7995
0x004c79a5
0x004c79b5
0x004c79c4
0x004c79d6
0x004c79e4
0x004c79e9
0x004c79ef
0x004c79fe
0x004c7a0e
0x004c7a2d
0x004c7a32
0x004c7a38
0x004c7a47
0x004c7a57
0x004c7a57
0x004c79c4
0x004c7a5e
0x004c7a61
0x004c7a64
0x004c7a76
0x004c7a76

APIs

SetActiveWindow.USER32(?), ref: 004C7846

Strings

PrepareToInstall, xrefs: 004C77EF, 004C78A1

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ActiveWindow
String ID: PrepareToInstall
API String ID: 2558294473-1101760603
Opcode ID: 0cba9332a025e9fb48736dabae42d0135bc43bcb832068f79a5d48e6fbdf4250
Instruction ID: d6db82061a44e8fb343ba6e2a1c948113361bd64f80789b2b89611aa4848390e
Opcode Fuzzy Hash: 0cba9332a025e9fb48736dabae42d0135bc43bcb832068f79a5d48e6fbdf4250
Instruction Fuzzy Hash: D2A1F978604208DFDB40EFA9C985F9E77F1FB48304F1540AAE9049B352C739AE05AB98

Uniqueness

Uniqueness Score: -1.00%

Function 0042EB8C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0042EB8C(void* __eax, char* __ecx, char __edx, char* _a4, int _a8) {
				int _v8;
				char _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t18;
				void* _t25;
				intOrPtr _t28;
				char _t33;

				_t32 = __ecx;
				_t33 = __edx;
				_t25 = __eax;
				_v8 = 0;
				_t18 = RegQueryValueExW( *(_t25 + 4), E004064D4(__edx), 0,  &_v8, __ecx,  &_a8); // executed
				if(_t18 != 0) {
					_v16 = _t33;
					_v12 = 0x11;
					_t28 =  *0x505064; // 0x40a834
					L00411A28(_t25, _t28, 1, _t32, _t33, 0,  &_v16);
					E00404A74();
				}
				 *_a4 = E0042E794(_v8);
				return _a8;
			}

0x0042eb95
0x0042eb97
0x0042eb99
0x0042eb9d
0x0042ebb7
0x0042ebbe
0x0042ebc0
0x0042ebc3
0x0042ebcd
0x0042ebda
0x0042ebdf
0x0042ebdf
0x0042ebf2
0x0042ebfc

APIs

RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?), ref: 0042EBB7

Strings

dB, xrefs: 0042EBD5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: QueryValue
String ID: dB
API String ID: 3660427363-590823066
Opcode ID: 956139e0bcacbd0758f03474c05633ec487da009122d916111bd4678b6b15441
Instruction ID: 5c887d05631a9ac41c9f00d23c65e0dd69f09361cc4cd1948589aa337c31ba86
Opcode Fuzzy Hash: 956139e0bcacbd0758f03474c05633ec487da009122d916111bd4678b6b15441
Instruction Fuzzy Hash: 95017175B00208ABCB00DF9ADC819DEB7ACEB49314F008166BA14DB241D6349E04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004DE118, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41
registryCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E004DE118(void* __eax, void* __edx, void* __eflags) {
				void* _v8;
				void* __ecx;
				void* _t7;
				long _t13;
				void* _t17;
				void* _t26;

				_t26 = _t17;
				_t7 = E0047FD20(__eax, L"Software\\Microsoft\\Windows\\CurrentVersion", 0x80000002,  &_v8, 1, 0); // executed
				if(_t7 != 0) {
					return E00406448(_t26, 0);
				}
				if(E0047FC48() == 0) {
					E00406448(_t26, 0);
				}
				_t13 = RegCloseKey(_v8); // executed
				return _t13;
			}

0x004de11f
0x004de139
0x004de140
0x00000000
0x004de16a
0x004de150
0x004de156
0x004de156
0x004de15f
0x00000000

APIs

Part of subcall function 0047FD20: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,?,?,?,?,004DE361,00000000,004DE566,?,00000005,00000000,00000000), ref: 004DE15F

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 004DE12D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseOpen
String ID: Software\Microsoft\Windows\CurrentVersion
API String ID: 47109696-1019749484
Opcode ID: 40eaa714a09d6aa2c46a542be27fb984c7d58689b4ee053f27923cefaaf54fb1
Instruction ID: 83b4fab351944d4948ac6edfbad87f9e26a75af5648e35d8e82f5e6684b56936
Opcode Fuzzy Hash: 40eaa714a09d6aa2c46a542be27fb984c7d58689b4ee053f27923cefaaf54fb1
Instruction Fuzzy Hash: 2AF0AE31700218ABE714B56B5D52BAF929DDBC4758F10403FB905DB385D979DD01036D

Uniqueness

Uniqueness Score: -1.00%

Function 0042EA94, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
registryCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E0042EA94(void* __eax, char* __ecx, void* __edx, void* __fp0) {
				long _t14;
				signed int _t18;
				void* _t26;
				char* _t27;
				intOrPtr* _t28;

				_push(__ecx);
				_t27 = __ecx;
				_t26 = __eax;
				L00403540(__ecx, 8);
				_t14 = RegQueryValueExW( *(_t26 + 4), E004064D4(__edx), 0, _t28 + 8, 0, _t27 + 4); // executed
				 *_t27 = E0042E794( *_t28);
				return _t18 & 0xffffff00 | _t14 == 0x00000000;
			}

0x0042ea98
0x0042ea99
0x0042ea9d
0x0042eaa8
0x0042eac6
0x0042ead8
0x0042eae2

APIs

RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,?,?,MS Shell Dlg 2,?,MS Shell Dlg 2,?,0042EAF8), ref: 0042EAC6

Strings

MS Shell Dlg 2, xrefs: 0042EA95, 0042EA97

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: QueryValue
String ID: MS Shell Dlg 2
API String ID: 3660427363-3198668166
Opcode ID: 40a7df6b1877300fbe6f727ca26aad6b5d6b094b76c2ac120af44f21f87671ee
Instruction ID: 237bdefa9337fd205bb120acb75056f6f03b30abdaa8b8f0a3c36c1784ac65f3
Opcode Fuzzy Hash: 40a7df6b1877300fbe6f727ca26aad6b5d6b094b76c2ac120af44f21f87671ee
Instruction Fuzzy Hash: 60F030763092547BD704EA6E9C81FABBBDCDB88755F01803EBA48C7681DA34DD058379

Uniqueness

Uniqueness Score: -1.00%

Function 0047FD20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047FD20(void* __eax, short* __ecx, void* __edx, void** _a4, int _a8, int _a12) {
				long _t7;
				short* _t8;
				void* _t9;
				int _t10;

				_t9 = __edx;
				_t8 = __ecx;
				_t10 = _a8;
				if(__eax == 2) {
					_t10 = _t10 | 0x00000100;
				}
				_t7 = RegOpenKeyExW(_t9, _t8, _a12, _t10, _a4); // executed
				return _t7;
			}

0x0047fd20
0x0047fd20
0x0047fd24
0x0047fd29
0x0047fd2b
0x0047fd2b
0x0047fd3c
0x0047fd43

APIs

RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

Strings

Control Panel\Desktop\ResourceLocale, xrefs: 0047FD3A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Open
String ID: Control Panel\Desktop\ResourceLocale
API String ID: 71445658-1109908249
Opcode ID: e415bd2220768e8af6e5cac5480c8a33a3be2fcb2cc2fd5fa2f53e739a7e44d1
Instruction ID: fd9ded6d5f70eb0e81e331f2c2859044cc9f18ec4a999d0d4e7199f5a9835539
Opcode Fuzzy Hash: e415bd2220768e8af6e5cac5480c8a33a3be2fcb2cc2fd5fa2f53e739a7e44d1
Instruction Fuzzy Hash: BCD0C97295022DBBDB109A89DC81DFBB79DDB19360F40842AFE0897241C2B8FC518BF4

Uniqueness

Uniqueness Score: -1.00%

Function 00425C80, Relevance: 3.1, APIs: 2, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00425C80(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				int _t28;
				int _t29;
				short* _t31;
				int _t45;
				int _t46;
				short* _t48;
				int _t57;
				int _t60;
				intOrPtr _t70;
				void* _t87;
				int _t88;
				int _t90;
				intOrPtr _t94;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t87 = __ecx;
				_push(_t94);
				_push(0x425ddb);
				_push( *[fs:edx]);
				 *[fs:edx] = _t94;
				if( *((char*)(__eax + 0x2a)) == 0) {
					E0040649C( &_v16, __edx);
					E0040649C( &_v20, _t87);
					_t28 = _v16;
					if(_t28 != 0 &&  *((short*)(_t28 - 0xa)) != 2) {
						_t28 = L00405468( &_v16);
					}
					_t57 = _t28;
					if(_t57 != 0) {
						_t57 =  *(_t57 - 4);
					}
					_t29 = _v20;
					if(_t29 != 0 &&  *((short*)(_t29 - 0xa)) != 2) {
						_t29 = L00405468( &_v20);
					}
					_t88 = _t29;
					if(_t88 != 0) {
						_t88 =  *(_t88 - 4);
					}
					_t31 = E004064D4(_v20);
					CompareStringW(0x400, 1, E004064D4(_v16), _t57, _t31, _t88); // executed
				} else {
					E0040649C( &_v8, __edx);
					E0040649C( &_v12, _t87);
					_t45 = _v8;
					if(_t45 != 0 &&  *((short*)(_t45 - 0xa)) != 2) {
						_t45 = L00405468( &_v8);
					}
					_t60 = _t45;
					if(_t60 != 0) {
						_t60 =  *(_t60 - 4);
					}
					_t46 = _v12;
					if(_t46 != 0 &&  *((short*)(_t46 - 0xa)) != 2) {
						_t46 = L00405468( &_v12);
					}
					_t90 = _t46;
					if(_t90 != 0) {
						_t90 =  *(_t90 - 4);
					}
					_t48 = E004064D4(_v12);
					CompareStringW(0x400, 0, E004064D4(_v8), _t60, _t48, _t90);
				}
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(0x425de2);
				return L00406440( &_v20, 4);
			}

0x00425c83
0x00425c85
0x00425c87
0x00425c89
0x00425c8d
0x00425c93
0x00425c94
0x00425c99
0x00425c9c
0x00425ca3
0x00425d3c
0x00425d46
0x00425d4b
0x00425d50
0x00425d63
0x00425d63
0x00425d68
0x00425d6c
0x00425d71
0x00425d71
0x00425d73
0x00425d78
0x00425d8b
0x00425d8b
0x00425d90
0x00425d94
0x00425d99
0x00425d99
0x00425d9f
0x00425db6
0x00425ca9
0x00425cae
0x00425cb8
0x00425cbd
0x00425cc2
0x00425cd5
0x00425cd5
0x00425cda
0x00425cde
0x00425ce3
0x00425ce3
0x00425ce5
0x00425cea
0x00425cfd
0x00425cfd
0x00425d02
0x00425d06
0x00425d0b
0x00425d0b
0x00425d11
0x00425d28
0x00425d30
0x00425dc2
0x00425dc5
0x00425dc8
0x00425dda

APIs

CompareStringW.KERNEL32(00000400,00000000,00000000,?,00000000,?), ref: 00425D28
CompareStringW.KERNEL32(00000400,00000001,00000000,?,00000000,?), ref: 00425DB6

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CompareString
String ID:
API String ID: 1825529933-0
Opcode ID: 2e8860ad94cbe6b06da031b23563a88317132d7d40d73736365a3b8ad21801ab
Instruction ID: d886172ca38c2f35932a46a5eb0f5a325f8bc4ae031ddc8a8be8c980502e7438
Opcode Fuzzy Hash: 2e8860ad94cbe6b06da031b23563a88317132d7d40d73736365a3b8ad21801ab
Instruction Fuzzy Hash: 7A41CD30B00A25ABDB21DE75E886BAF73E9AF44704F918076E900B7385D678ED418A5C

Uniqueness

Uniqueness Score: -1.00%

Function 0047FAFC, Relevance: 3.1, APIs: 2, Instructions: 113
registryCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E0047FAFC(void* __eax, void* __ebx, intOrPtr __ecx, short* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				short* _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				long _t46;
				signed int _t58;
				char _t66;
				intOrPtr _t82;
				void* _t88;
				signed int _t94;
				void* _t97;

				_push(__esi);
				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t88 = __eax;
				_push(_t97);
				_push(0x47fc34);
				_push( *[fs:eax]);
				 *[fs:eax] = _t97 + 0xffffffec;
				while(1) {
					_v24 = 0;
					_t46 = RegQueryValueExW(_t88, _v12, 0,  &_v20, 0,  &_v24); // executed
					if(_t46 != 0 || _v20 != _a8 && _v20 != _a4) {
						break;
					}
					if(_v24 != 0) {
						__eflags = _v24 - 0x70000000;
						if(__eflags >= 0) {
							L00411924();
						}
						_t80 = _v24 + 1 >> 1;
						E00406584( &_v8, _v24 + 1 >> 1, 0, __eflags);
						_t58 = RegQueryValueExW(_t88, _v12, 0,  &_v20, E00406EB8( &_v8, _v24 + 1 >> 1),  &_v24); // executed
						__eflags = _t58 - 0xea;
						if(_t58 == 0xea) {
							continue;
						} else {
							__eflags = _t58;
							if(_t58 != 0) {
								break;
							}
							__eflags = _v20 - _a8;
							if(_v20 == _a8) {
								L12:
								_t94 = _v24 >> 1;
								while(1) {
									__eflags = _t94;
									if(_t94 == 0) {
										break;
									}
									_t66 = _v8;
									__eflags =  *((short*)(_t66 + _t94 * 2 - 2));
									if( *((short*)(_t66 + _t94 * 2 - 2)) == 0) {
										_t94 = _t94 - 1;
										__eflags = _t94;
										continue;
									}
									break;
								}
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t94;
									if(_t94 != 0) {
										_t94 = _t94 + 1;
										__eflags = _t94;
									}
								}
								E004067BC( &_v8, _t80, _t94);
								__eflags = _v20 - 7;
								if(_v20 == 7) {
									__eflags = _t94;
									if(_t94 != 0) {
										 *((short*)(E00406EB8( &_v8, _t94) + _t94 * 2 - 2)) = 0;
									}
								}
								E00406448(_v16, _v8);
								break;
							}
							__eflags = _v20 - _a4;
							if(_v20 != _a4) {
								break;
							}
							goto L12;
						}
					} else {
						E00406448(_v16, 0);
						break;
					}
				}
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push(0x47fc3b);
				return L00406438( &_v8);
			}

0x0047fb03
0x0047fb07
0x0047fb0a
0x0047fb0d
0x0047fb10
0x0047fb14
0x0047fb15
0x0047fb1a
0x0047fb1d
0x0047fb22
0x0047fb24
0x0047fb38
0x0047fb3f
0x00000000
0x00000000
0x0047fb5d
0x0047fb70
0x0047fb77
0x0047fb79
0x0047fb79
0x0047fb87
0x0047fb8b
0x0047fba8
0x0047fbad
0x0047fbb2
0x00000000
0x0047fbb8
0x0047fbb8
0x0047fbba
0x00000000
0x00000000
0x0047fbbf
0x0047fbc2
0x0047fbcc
0x0047fbcf
0x0047fbd4
0x0047fbd4
0x0047fbd6
0x00000000
0x00000000
0x0047fbd8
0x0047fbdb
0x0047fbe1
0x0047fbd3
0x0047fbd3
0x00000000
0x0047fbd3
0x00000000
0x0047fbe1
0x0047fbe3
0x0047fbe7
0x0047fbe9
0x0047fbeb
0x0047fbed
0x0047fbed
0x0047fbed
0x0047fbeb
0x0047fbf3
0x0047fbf8
0x0047fbfc
0x0047fbfe
0x0047fc00
0x0047fc0a
0x0047fc0a
0x0047fc00
0x0047fc17
0x00000000
0x0047fc1c
0x0047fbc7
0x0047fbca
0x00000000
0x00000000
0x00000000
0x0047fbca
0x0047fb5f
0x0047fb64
0x00000000
0x0047fb69
0x0047fb5d
0x0047fc20
0x0047fc23
0x0047fc26
0x0047fc33

APIs

RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,?,00000000,0047FC34,?,004E0678,00000000,00000000), ref: 0047FB38
RegQueryValueExW.ADVAPI32(00000001,?,00000000,00000000,00000000,70000000,00000001,?,00000000,00000000,00000000,?,00000000,0047FC34,?,004E0678), ref: 0047FBA8

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3952c222326fdbd1c849a4e9494737835ba4abaf571a385d1af7d3bd6b945def
Instruction ID: 7a36ed184defeb1ce017c9a4bd8613152d0ff6d7255023b2078b31953f174b5a
Opcode Fuzzy Hash: 3952c222326fdbd1c849a4e9494737835ba4abaf571a385d1af7d3bd6b945def
Instruction Fuzzy Hash: 9E414E71900119AFDB11DB95C991AEFB3B8FB04704F51847AE805F7280D738AE499BAA

Uniqueness

Uniqueness Score: -1.00%

Function 0047C4DC, Relevance: 3.1, APIs: 2, Instructions: 102
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0047C4DC(intOrPtr __eax, void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				char _t36;
				intOrPtr _t47;
				intOrPtr _t49;
				void* _t69;
				intOrPtr _t71;
				struct HWND__* _t72;
				intOrPtr _t85;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr _t88;
				intOrPtr _t90;
				void* _t94;
				void* _t95;
				intOrPtr _t96;

				_t94 = _t95;
				_t96 = _t95 + 0xfffffff4;
				_v12 = __ecx;
				_t69 = __edx;
				_v8 = __eax;
				if( *((intOrPtr*)(_v8 + 0x40)) != 0) {
					L2:
					_t36 = 0;
				} else {
					_t90 =  *0x46f668; // 0x46f6c0
					if(E004042C0(__edx, _t90) != 0) {
						_t36 = 1;
					} else {
						goto L2;
					}
				}
				 *((char*)(_v8 + 0xcd)) = _t36;
				_v16 = 0;
				 *[fs:edx] = _t96;
				_v16 =  *((intOrPtr*)(_t69 - 0xc))( *[fs:edx], 0x47c61c, _t94);
				 *_v12 = _v16;
				 *[fs:eax] = _t96;
				 *((intOrPtr*)( *_v16 + 0x2c))( *[fs:eax], 0x47c55f, _t94);
				_pop(_t85);
				 *[fs:eax] = _t85;
				if( *((intOrPtr*)(_v8 + 0x40)) == 0) {
					_t88 =  *0x46f668; // 0x46f6c0
					if(E00404238(_v16, _t88) != 0) {
						_t71 = _v16;
						L004639EC(_t71);
						 *((intOrPtr*)(_v8 + 0x40)) = _t71;
						if( *(_v8 + 0xcf) != 0) {
							_t72 =  *(_v8 + 0x170);
							SetWindowLongW(_t72, 0xffffffec, GetWindowLongW(_t72, 0xffffffec) | 0x08000000);
						}
						E00470AAC( *(_v8 + 0x170),  *(_v8 + 0xcf) & 0x000000ff ^ 0x00000001,  *(_v8 + 0xcf) & 0x000000ff ^ 0x00000001);
					}
				}
				_pop(_t86);
				 *[fs:eax] = _t86;
				_push(E0047C623);
				_t47 = _v8;
				if( *((intOrPtr*)(_t47 + 0x40)) == 0) {
					_t87 =  *0x46f668; // 0x46f6c0
					_t47 = E00404238(_v16, _t87);
					if(_t47 != 0) {
						_t49 = _v16;
						 *((char*)(_t49 + 0x360)) = 0;
						return _t49;
					}
				}
				return _t47;
			}

0x0047c4dd
0x0047c4df
0x0047c4e5
0x0047c4e8
0x0047c4ea
0x0047c4f4
0x0047c507
0x0047c507
0x0047c4f6
0x0047c4f6
0x0047c505
0x0047c50b
0x00000000
0x00000000
0x00000000
0x0047c505
0x0047c510
0x0047c518
0x0047c526
0x0047c52e
0x0047c537
0x0047c544
0x0047c552
0x0047c557
0x0047c55a
0x0047c57c
0x0047c581
0x0047c58e
0x0047c590
0x0047c595
0x0047c59d
0x0047c5aa
0x0047c5b1
0x0047c5c6
0x0047c5c6
0x0047c5e4
0x0047c5e4
0x0047c58e
0x0047c5eb
0x0047c5ee
0x0047c5f1
0x0047c5f6
0x0047c5fd
0x0047c602
0x0047c608
0x0047c60f
0x0047c611
0x0047c614
0x00000000
0x0047c614
0x0047c60f
0x0047c61b

APIs

GetWindowLongW.USER32(?,000000EC), ref: 0047C5B8
SetWindowLongW.USER32 ref: 0047C5C6

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 9468270469e0feec7c86800f3f050b332eeb819bcdde524564b8ce0ee2a1d03e
Instruction ID: 0544ea898a551e1a11e9400c7a2959c2b0bb2bd8ff33ff6c69717cd66fc96442
Opcode Fuzzy Hash: 9468270469e0feec7c86800f3f050b332eeb819bcdde524564b8ce0ee2a1d03e
Instruction Fuzzy Hash: F3413E70A04204EFDB10DF69C980A99B7F5EB49314F2186FAF8149B3A2D739AE41CB14

Uniqueness

Uniqueness Score: -1.00%

Function 00475CD8, Relevance: 3.1, APIs: 2, Instructions: 83
threadCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E00475CD8(signed int __eax, void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _t64;
				signed int _t78;
				void* _t87;
				void* _t89;
				intOrPtr _t95;
				void* _t101;
				void* _t103;
				intOrPtr _t104;

				_t87 = __ecx;
				_t101 = _t103;
				_t104 = _t103 + 0xffffffe8;
				_v8 = __eax;
				if( *((intOrPtr*)(_v8 + 0x24c)) == 0) {
					L9:
					return E0045FFF8(_v8, _t87);
				} else {
					if( *((intOrPtr*)(_v8 + 0x334)) == 0) {
						L8:
						_v24 =  *((intOrPtr*)(_v8 + 0x24c));
						_v20 = _v8 & 0xffffff00 | ( *(_v8 + 0x55) & 0x00000020) != 0x00000000;
						EnumThreadWindows(GetCurrentThreadId(), 0x475c94,  &_v24); // executed
						goto L9;
					} else {
						_v16 = E00474CDC(_v8);
						_t64 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x334)) + 8)) - 1;
						if(_t64 < 0) {
							goto L8;
						} else {
							_v28 = _t64 + 1;
							_v12 = 0;
							if(( *(_v8 + 0x55) & 0x00000020) != 0) {
								E00464FD8(L00423514( *((intOrPtr*)(_v8 + 0x334)), _v12), _t87, 1);
							}
							_push(_t101);
							_push( *[fs:eax]);
							 *[fs:eax] = _t104;
							L004233BC(_v16, L00423514( *((intOrPtr*)(_v8 + 0x334)), _v12));
							 *((intOrPtr*)( *((intOrPtr*)(L00423514( *((intOrPtr*)(_v8 + 0x334)), _v12))) + 0xb0))();
							_pop(_t95);
							_t89 = 0x475dbe;
							 *[fs:eax] = _t95;
							_push(0x475dc5);
							_t78 = _v8;
							if(( *(_t78 + 0x55) & 0x00000020) != 0) {
								return E00464FD8(L00423514( *((intOrPtr*)(_v8 + 0x334)), _v12), _t89, 0);
							}
							return _t78;
						}
					}
				}
			}

0x00475cd8
0x00475cd9
0x00475cdb
0x00475cde
0x00475ceb
0x00475dfe
0x00475e09
0x00475cf1
0x00475cfb
0x00475dd1
0x00475dda
0x00475de7
0x00475df9
0x00000000
0x00475d01
0x00475d09
0x00475d18
0x00475d1b
0x00000000
0x00475d21
0x00475d22
0x00475d25
0x00475d33
0x00475d48
0x00475d48
0x00475d4f
0x00475d55
0x00475d58
0x00475d71
0x00475d89
0x00475d91
0x00475d93
0x00475d94
0x00475d97
0x00475d9c
0x00475da3
0x00000000
0x00475db8
0x00475dbd
0x00475dbd
0x00475d1b
0x00475cfb

APIs

GetCurrentThreadId.KERNEL32 ref: 00475DF3
EnumThreadWindows.USER32(00000000,Function_00075C94,?), ref: 00475DF9

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Thread$CurrentEnumWindows
String ID:
API String ID: 2396873506-0
Opcode ID: e1ba568b4748bd54d9dae6f77191e13192941e663547b1c7dc0192042840e0fd
Instruction ID: 78db1d5ca89ed4e75a1ec47d96514c47f4be6606423ec87fed2eb823eea2cc00
Opcode Fuzzy Hash: e1ba568b4748bd54d9dae6f77191e13192941e663547b1c7dc0192042840e0fd
Instruction Fuzzy Hash: AE31EC34A01648DFCB51DF99C589B9DB7F5EF44304F6580AAA808AB362D778AF40DB44

Uniqueness

Uniqueness Score: -1.00%

Function 004485C8, Relevance: 3.1, APIs: 2, Instructions: 75
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004485C8(intOrPtr* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t29;
				void* _t34;
				intOrPtr* _t48;
				void* _t49;
				void* _t53;
				int _t63;
				int _t64;

				_t53 = __edx;
				_t49 = __ecx;
				_t48 = __eax;
				_t64 =  *(__eax + 0x48);
				_t63 =  *(__eax + 0x4c);
				E0045F97C(__eax, __eax, _t63, _t64); // executed
				SetWindowPos(L00463A10(_t48), 0,  *(_t48 + 0x40),  *(_t48 + 0x44), _t64, _t63, 0x14);
				if( *(_t48 + 0x294) != 0) {
					SendMessageW(L00463A10(_t48), 0x192, 1, _t48 + 0x294);
				}
				L00447DCC(_t48, _t49, _t53);
				_t28 =  *((intOrPtr*)(_t48 + 0x2a4));
				if( *((intOrPtr*)(_t48 + 0x2a4)) != 0) {
					L004492D8(_t48, _t28);
				}
				_t29 =  *((intOrPtr*)(_t48 + 0x28c));
				if(_t29 != 0xffffffff ||  *((intOrPtr*)(_t48 + 0x298)) != 0) {
					if(( *(_t48 + 0x290) & 0x000000ff) + 0xfd - 2 < 0) {
						E00449168(_t48, _t48, _t29, _t63, _t64);
					}
					if( *((intOrPtr*)(_t48 + 0x298)) != 0) {
						 *((intOrPtr*)( *_t48 + 0x114))();
						 *((intOrPtr*)(_t48 + 0x298)) = 0;
						E00404098( *((intOrPtr*)(_t48 + 0x298)));
					}
					E00448344(_t48,  *((intOrPtr*)(_t48 + 0x29c)));
					_t34 =  *((intOrPtr*)( *_t48 + 0xe0))();
					 *((intOrPtr*)(_t48 + 0x28c)) = 0xffffffff;
					return _t34;
				}
				return _t29;
			}

0x004485c8
0x004485c8
0x004485cb
0x004485cd
0x004485d0
0x004485d5
0x004485f0
0x004485fc
0x00448614
0x00448614
0x0044861b
0x00448620
0x00448628
0x0044862e
0x0044862e
0x00448633
0x0044863c
0x00448654
0x0044865a
0x0044865a
0x00448667
0x0044866f
0x0044867f
0x00448683
0x00448683
0x00448690
0x0044869f
0x004486a5
0x00000000
0x004486a5
0x004486b2

APIs

Part of subcall function 0045F97C: GetClassInfoW.USER32 ref: 0045FA4C
Part of subcall function 0045F97C: UnregisterClassW.USER32 ref: 0045FA77
Part of subcall function 0045F97C: RegisterClassW.USER32 ref: 0045FA96
Part of subcall function 0045F97C: GetWindowLongW.USER32(00000000,000000F0), ref: 0045FAD2
Part of subcall function 0045F97C: GetWindowLongW.USER32(00000000,000000F4), ref: 0045FAE7
Part of subcall function 0045F97C: SetWindowLongW.USER32 ref: 0045FAFA

SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000014,?,?,?,004A676A,00000000,004A6781), ref: 004485F0
SendMessageW.USER32(00000000,00000192,00000001,00000000), ref: 00448614

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$ClassLong$InfoMessageRegisterSendUnregister
String ID:
API String ID: 3941102255-0
Opcode ID: 358f188d36b6f72e2e7aa43ad1287d7a82b1ea6f1be18e7a88afee833773360f
Instruction ID: fc004faba9f57c35fca83aea12363dfc2cc44bc3ef427258b11d0ab13290aa04
Opcode Fuzzy Hash: 358f188d36b6f72e2e7aa43ad1287d7a82b1ea6f1be18e7a88afee833773360f
Instruction Fuzzy Hash: 33210C703002015BEB40AE69C8C9B9A33A9AF46314F1845BEBD19DF397DA79DC058B69

Uniqueness

Uniqueness Score: -1.00%

Function 004FB0AC, Relevance: 3.1, APIs: 2, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004FB0AC(intOrPtr* __eax, void* __eflags, void* __fp0) {
				int _v36;
				int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t24;
				int _t30;
				int _t33;
				intOrPtr* _t44;
				intOrPtr _t46;
				intOrPtr _t52;
				void* _t59;
				void* _t62;
				int _t65;
				void* _t67;

				_t67 = __eflags;
				_t44 = __eax;
				_t46 =  *0x504bd4; // 0x50bf3c
				_t1 = _t46 + 0x2c; // 0x8
				_t52 =  *0x504bd4; // 0x50bf3c
				_t2 = _t52 + 8; // 0x25c9dfc
				E004FAA04( *((intOrPtr*)(__eax + 0x64)), __eax,  *_t1,  *_t2, _t59, _t62, __fp0, 8, 0);
				_t4 = _t44 + 0x37c; // 0x37c
				_t5 = _t44 + 0x378; // 0x378
				E004FAAD8( *((intOrPtr*)(_t44 + 0x64)), _t44, _t4, _t5, _t59, _t62, _t67);
				_t24 =  *(_t44 + 0x378);
				if(_t24 != 6) {
					L2:
					E004FAC60(_t44, 6, _t24, _t69, 0xd,  *(_t44 + 0x37c));
					 *((intOrPtr*)( *_t44 + 0x44))();
					_t65 = _v40;
					_t30 = MulDiv(_t65,  *(_t44 + 0x378), 6);
					_t33 = MulDiv(_v36,  *(_t44 + 0x37c), 0xd);
					E004730DC(_t44);
					return  *((intOrPtr*)( *_t44 + 0x88))(E004730FC(_t44), _t33 +  *((intOrPtr*)(_t44 + 0x4c)) - _v36, _t30 +  *((intOrPtr*)(_t44 + 0x48)) - _t65);
				}
				_t69 =  *(_t44 + 0x37c) - 0xd;
				if( *(_t44 + 0x37c) != 0xd) {
					goto L2;
				}
				return _t24;
			}

0x004fb0ac
0x004fb0b3
0x004fb0b9
0x004fb0bf
0x004fb0c2
0x004fb0c8
0x004fb0ce
0x004fb0d3
0x004fb0d9
0x004fb0e2
0x004fb0e7
0x004fb0f0
0x004fb0fb
0x004fb10d
0x004fb118
0x004fb124
0x004fb129
0x004fb13e
0x004fb161
0x00000000
0x004fb16d
0x004fb0f2
0x004fb0f9
0x00000000
0x00000000
0x004fb17a

APIs

Part of subcall function 004FAAD8: GetDC.USER32(00000000), ref: 004FAAE9
Part of subcall function 004FAAD8: SelectObject.GDI32(00000000,00000000), ref: 004FAB0B
Part of subcall function 004FAAD8: GetTextExtentPointW.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,004FB0E7), ref: 004FAB1F
Part of subcall function 004FAAD8: GetTextMetricsW.GDI32(00000000,?,00000000,00000000,00000000,004FAB64,?,00000000,?,?,00000000), ref: 004FAB41
Part of subcall function 004FAAD8: ReleaseDC.USER32 ref: 004FAB5E

MulDiv.KERNEL32(?,?,00000006), ref: 004FB129
MulDiv.KERNEL32(?,?,0000000D), ref: 004FB13E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Text$ExtentMetricsObjectPointReleaseSelect
String ID:
API String ID: 844173074-0
Opcode ID: c13218de36478451debd82be05b67707a097a1b08b5da345554bf9a4a745a886
Instruction ID: 2f44681a457c6414d6ab08c1d6e70eaf567b920507f39177db822d0e48a3e07d
Opcode Fuzzy Hash: c13218de36478451debd82be05b67707a097a1b08b5da345554bf9a4a745a886
Instruction Fuzzy Hash: A52145713002009FD750EE28C885B6673E9EB89204F1481B9FE18CF39ADA35ED088BA4

Uniqueness

Uniqueness Score: -1.00%

Function 004AD4B8, Relevance: 3.0, APIs: 2, Instructions: 48
fileCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E004AD4B8(void* __eax, void* __ecx, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				WCHAR* _t12;
				int _t15;
				intOrPtr _t30;
				void* _t38;
				void* _t40;
				intOrPtr _t41;

				_t38 = _t40;
				_t41 = _t40 + 0xfffffff0;
				if(E004ACF58(__eax,  &_v16) != 0) {
					_push(_t38);
					_push(0x4ad520);
					_push( *[fs:eax]);
					 *[fs:eax] = _t41;
					_t12 = E004064D4(__ecx);
					_t15 = MoveFileW(E004064D4(__edx), _t12); // executed
					_v8 = _t15;
					_v20 = GetLastError();
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(0x4ad527);
					return E004ACF94( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x004ad4b9
0x004ad4bb
0x004ad4d3
0x004ad4de
0x004ad4df
0x004ad4e4
0x004ad4e7
0x004ad4ec
0x004ad4fa
0x004ad4ff
0x004ad507
0x004ad50c
0x004ad50f
0x004ad512
0x004ad51f
0x004ad4d5
0x004ad4d7
0x004ad539
0x004ad539

APIs

MoveFileW.KERNEL32(00000000,00000000), ref: 004AD4FA
GetLastError.KERNEL32(00000000,00000000,00000000,004AD520), ref: 004AD502

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFileLastMove
String ID:
API String ID: 55378915-0
Opcode ID: 40dcd38b6126bba2bdf28cbbf49bf5d0dfe94b76dc1c8009f26cad7e8743dce4
Instruction ID: b3bac48d4572646c71f9298e72213bb2c6d0f1a99259b82d27b7b90f86b4c5ed
Opcode Fuzzy Hash: 40dcd38b6126bba2bdf28cbbf49bf5d0dfe94b76dc1c8009f26cad7e8743dce4
Instruction Fuzzy Hash: 23018671E04308BFCB11EF7A9C4249EB7E8DB5E718751457BF809E3681EA385D10459C

Uniqueness

Uniqueness Score: -1.00%

Function 004ACFA4, Relevance: 3.0, APIs: 2, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E004ACFA4(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E004ACF58(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4ad003);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = CreateDirectoryW(E004064D4(__edx), 0); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x4ad00a);
					return E004ACF94( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x004acfa5
0x004acfa7
0x004acfbc
0x004acfc7
0x004acfc8
0x004acfcd
0x004acfd0
0x004acfdd
0x004acfe2
0x004acfea
0x004acfef
0x004acff2
0x004acff5
0x004ad002
0x004acfbe
0x004acfc0
0x004ad01b
0x004ad01b

APIs

CreateDirectoryW.KERNEL32(00000000,00000000,00000000,004AD003), ref: 004ACFDD
GetLastError.KERNEL32(00000000,00000000,00000000,004AD003), ref: 004ACFE5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: afdc86d441679bcb250b81918ffd40fa8a6a85cb49793413baf7553182217538
Instruction ID: 78a90aed5d61c595d9e7cc36cabfc332a8f811876a5a55e0602512ffd90581c8
Opcode Fuzzy Hash: afdc86d441679bcb250b81918ffd40fa8a6a85cb49793413baf7553182217538
Instruction Fuzzy Hash: 12F0C831E08208BFDB11DF759C4159EB7E8DB0A318F5145B7F805E3681EA394E015698

Uniqueness

Uniqueness Score: -1.00%

Function 004AD13C, Relevance: 3.0, APIs: 2, Instructions: 42
fileCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E004AD13C(void* __eax, void* __edx, void* __eflags) {
				int _v8;
				char _v16;
				long _v20;
				int _t13;
				intOrPtr _t27;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff0;
				if(E004ACF58(__eax,  &_v16) != 0) {
					_push(_t32);
					_push(0x4ad199);
					_push( *[fs:eax]);
					 *[fs:eax] = _t35;
					_t13 = DeleteFileW(E004064D4(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x4ad1a0);
					return E004ACF94( &_v16);
				} else {
					_v8 = 0;
					return _v8;
				}
			}

0x004ad13d
0x004ad13f
0x004ad154
0x004ad15f
0x004ad160
0x004ad165
0x004ad168
0x004ad173
0x004ad178
0x004ad180
0x004ad185
0x004ad188
0x004ad18b
0x004ad198
0x004ad156
0x004ad158
0x004ad1b1
0x004ad1b1

APIs

DeleteFileW.KERNEL32(00000000,00000000,004AD199,?,?,?,?,?,?,?,?,?,?,004B6184,00000000,004B62D8), ref: 004AD173
GetLastError.KERNEL32(00000000,00000000,004AD199,?,?,?,?,?,?,?,?,?,?,004B6184,00000000,004B62D8), ref: 004AD17B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID:
API String ID: 2018770650-0
Opcode ID: cf486897cdc29d7dbafe9199a7be2925484470d9f2f790779282f9fd39646811
Instruction ID: fada9f75f5d46744ff166ff1eb3387bf1aa3b7e01ab9fd3244394715a0c2f296
Opcode Fuzzy Hash: cf486897cdc29d7dbafe9199a7be2925484470d9f2f790779282f9fd39646811
Instruction Fuzzy Hash: 7EF0C831E04308AFDB01EB759C4149DB3E8DB4A71479149BBF805E3781EA3C5D104698

Uniqueness

Uniqueness Score: -1.00%

Function 004AD314, Relevance: 3.0, APIs: 2, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E004AD314(void* __eax, void* __edx, void* __eflags) {
				long _v8;
				char _v16;
				long _v20;
				long _t13;
				intOrPtr _t26;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = _t33;
				_t34 = _t33 + 0xfffffff0;
				if(E004ACF58(__eax,  &_v16) != 0) {
					_push(_t31);
					_push(0x4ad373);
					_push( *[fs:eax]);
					 *[fs:eax] = _t34;
					_t13 = GetFileAttributesW(E004064D4(__edx)); // executed
					_v8 = _t13;
					_v20 = GetLastError();
					_pop(_t26);
					 *[fs:eax] = _t26;
					_push(0x4ad37a);
					return E004ACF94( &_v16);
				} else {
					_v8 = 0xffffffff;
					return _v8;
				}
			}

0x004ad315
0x004ad317
0x004ad32c
0x004ad339
0x004ad33a
0x004ad33f
0x004ad342
0x004ad34d
0x004ad352
0x004ad35a
0x004ad35f
0x004ad362
0x004ad365
0x004ad372
0x004ad32e
0x004ad32e
0x004ad38b
0x004ad38b

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,004AD373,?,?), ref: 004AD34D
GetLastError.KERNEL32(00000000,00000000,004AD373,?,?), ref: 004AD355

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID:
API String ID: 1799206407-0
Opcode ID: 275f88bdd7697618bd3ed83563a243da64947c3c8e173cffa3e20aff4ac8fdad
Instruction ID: f24b8212ab7aa78279da42d795c508f07b68c2eece6d8624d4bc7f242ece3848
Opcode Fuzzy Hash: 275f88bdd7697618bd3ed83563a243da64947c3c8e173cffa3e20aff4ac8fdad
Instruction Fuzzy Hash: 55F0A471E04608AFCF11DF759C4149DB3A8EB0A32475146B7B815A3AC1EA385E008699

Uniqueness

Uniqueness Score: -1.00%

Function 00409620, Relevance: 3.0, APIs: 2, Instructions: 39
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00409620(void* __ebx, void* __esi, struct HINSTANCE__* _a4, CHAR* _a8) {
				char _v8;
				CHAR* _t19;
				intOrPtr _t26;
				struct HINSTANCE__* _t28;
				intOrPtr _t31;

				_push(0);
				_t19 = _a8;
				_t28 = _a4;
				_push(_t31);
				_push(0x409683);
				_push( *[fs:eax]);
				 *[fs:eax] = _t31;
				if(_t19 >> 0x10 != 0) {
					L004055A4( &_v8, 0, _t19);
					GetProcAddress(_t28, L00405A4C(_v8)); // executed
				} else {
					GetProcAddress(_t28, _t19);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(0x40968a);
				return L0040527C( &_v8);
			}

0x00409623
0x00409627
0x0040962a
0x0040962f
0x00409630
0x00409635
0x00409638
0x00409640
0x00409657
0x00409666
0x00409642
0x00409644
0x00409649
0x0040966f
0x00409672
0x00409675
0x00409682

APIs

GetProcAddress.KERNEL32(?,?), ref: 00409644
GetProcAddress.KERNEL32(?,00000000), ref: 00409666

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: d61bc043881c8c6bfe79b771c95475ab84ff338248c778fc4aa88fc9623a2036
Instruction ID: c89d22e9b9c93429c76f39329f2b2da4a35d652da9e9d6d2370a618858152621
Opcode Fuzzy Hash: d61bc043881c8c6bfe79b771c95475ab84ff338248c778fc4aa88fc9623a2036
Instruction Fuzzy Hash: 76F09630304608BFD701DA65CC52E6F779CDB8D714F910877F800B72C2D6796E008968

Uniqueness

Uniqueness Score: -1.00%

Function 00413C38, Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00413C38(void* __eax, void* __ebx, int __edx) {
				struct HINSTANCE__* _v12;
				int _v16;
				int _t4;
				struct HINSTANCE__* _t9;
				void* _t12;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t20;

				_t18 = _t19;
				_t20 = _t19 + 0xfffffff4;
				_t12 = __eax;
				_t4 = SetErrorMode(__edx); // executed
				_v16 = _t4;
				_push(_t18);
				_push(0x413caa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				asm("fnstcw word [ebp-0x2]");
				_push(_t18);
				_push(0x413c8c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t20;
				_t9 = LoadLibraryW(E004064D4(_t12)); // executed
				_v12 = _t9;
				_pop(_t16);
				 *[fs:eax] = _t16;
				_push(0x413c93);
				asm("fclex");
				asm("fldcw word [ebp-0x2]");
				return 0;
			}

0x00413c39
0x00413c3b
0x00413c3f
0x00413c42
0x00413c47
0x00413c4c
0x00413c4d
0x00413c52
0x00413c55
0x00413c58
0x00413c5d
0x00413c5e
0x00413c63
0x00413c66
0x00413c71
0x00413c76
0x00413c7b
0x00413c7e
0x00413c81
0x00413c86
0x00413c88
0x00413c8b

APIs

SetErrorMode.KERNEL32(00008000,?), ref: 00413C42
LoadLibraryW.KERNEL32(00000000,00000000,00413C8C,?,00000000,00413CAA,?,00008000,?), ref: 00413C71

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 6d13397fa428f9738fc21ef6e58727046052d619fb91389af8127e341ac0ebdd
Instruction ID: c33b5ee54a125df8a5f962db831c7c4dc245aa6e85e185c06cca69ab3386a9d6
Opcode Fuzzy Hash: 6d13397fa428f9738fc21ef6e58727046052d619fb91389af8127e341ac0ebdd
Instruction Fuzzy Hash: 6EF08975514744BEDF019F768C5245ABBECE709B0575344B6F800A2991F53C4910C664

Uniqueness

Uniqueness Score: -1.00%

Function 0047BF28, Relevance: 3.0, APIs: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0047BF28(void* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* _t9;
				void* _t18;
				void* _t23;
				void* _t24;

				_t24 = __eflags;
				_t23 = __edx;
				_t18 = __eax;
				_t9 = E00406BE4( *((intOrPtr*)(__eax + 0x88)), __ecx, __edx);
				if(_t24 == 0) {
					return _t9;
				}
				if( *((char*)(_t18 + 0xa8)) != 0) {
					if( *((char*)(_t18 + 0xcf)) == 0) {
						SetWindowTextW( *(_t18 + 0x170), E004064D4(_t23));
					} else {
						SetWindowTextW( *(_t18 + 0x170), 0);
					}
				}
				_t6 = _t18 + 0x88; // 0x25b41c8
				return E00406448(_t6, _t23);
			}

0x0047bf28
0x0047bf2a
0x0047bf2c
0x0047bf36
0x0047bf3b
0x0047bf82
0x0047bf82
0x0047bf44
0x0047bf4d
0x0047bf6e
0x0047bf4f
0x0047bf58
0x0047bf58
0x0047bf4d
0x0047bf73
0x00000000

APIs

SetWindowTextW.USER32(?,00000000), ref: 0047BF58
SetWindowTextW.USER32(?,00000000), ref: 0047BF6E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: cc630a67aeced55246b47f80a926e095c4216094bd560cf0a947ee2c7436e7f5
Instruction ID: 7d00a6810dcca363eae9ffb52ff6539818c34ce04cf4287199015802695cfbf5
Opcode Fuzzy Hash: cc630a67aeced55246b47f80a926e095c4216094bd560cf0a947ee2c7436e7f5
Instruction Fuzzy Hash: 46F03760704614AADB12EA794885BD62298AF08704F48C0B7FD4CDF39BCB7D885747AE

Uniqueness

Uniqueness Score: -1.00%

Function 004DE4AA, Relevance: 3.0, APIs: 2, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E004DE4AA() {
				void* _t10;
				intOrPtr _t11;
				intOrPtr _t19;
				intOrPtr _t27;
				intOrPtr _t36;
				intOrPtr _t41;
				void* _t42;
				intOrPtr _t43;

				_t10 =  *0x50c124(0x5045b0, 0x8000, 0, _t42 - 4); // executed
				if(_t10 != 0) {
					if( *0x50c059 == 0) {
						_t11 =  *0x50bdcc; // 0x25e102c
						E0047E290(_t11, _t42 - 0x34);
						E00406914(0x50bdf4, L"COMMAND.COM",  *((intOrPtr*)(_t42 - 0x34))); // executed
					} else {
						_t19 =  *0x50bdd0; // 0x2605f8c
						E0047E290(_t19, _t42 - 0x30);
						E00406914(0x50bdf4, L"cmd.exe",  *((intOrPtr*)(_t42 - 0x30)));
					}
					E004DE1CC(); // executed
					_pop(_t36);
					 *[fs:eax] = _t36;
					_push(E004DE56D);
					return L00406440(_t42 - 0x34, 0xc);
				} else {
					_push(_t42);
					_push(0x4de4f6);
					_push( *[fs:eax]);
					 *[fs:eax] = _t43;
					L00407690();
					_pop(_t41);
					 *[fs:eax] = _t41;
					_push(E004DE4FD);
					_t27 =  *((intOrPtr*)(_t42 - 4));
					_push(_t27);
					L004150F4();
					return _t27;
				}
			}

0x004de4ba
0x004de4c2
0x004de504
0x004de52a
0x004de52f
0x004de541
0x004de506
0x004de509
0x004de50e
0x004de520
0x004de520
0x004de546
0x004de54d
0x004de550
0x004de553
0x004de565
0x004de4c4
0x004de4c6
0x004de4c7
0x004de4cc
0x004de4cf
0x004de4da
0x004de4e1
0x004de4e4
0x004de4e7
0x004de4ec
0x004de4ef
0x004de4f0
0x004de4f5
0x004de4f5

APIs

SHGetKnownFolderPath.SHELL32(005045B0,00008000,00000000,?,?,00000005,00000000,00000000,?,004FCCF4,00000006,?,00000000,004FD285,?,00000000), ref: 004DE4BA
CoTaskMemFree.OLE32(?,004DE4FD,?,00000005,00000000,00000000,?,004FCCF4,00000006,?,00000000,004FD285,?,00000000,004FD344), ref: 004DE4F0

Strings

cmd.exe, xrefs: 004DE51B
COMMAND.COM, xrefs: 004DE53C
Common Files, xrefs: 004DE3C6
SystemDrive, xrefs: 004DE2F2
CommonFilesDir, xrefs: 004DE38F, 004DE40B
Failed to get path of 64-bit Common Files directory, xrefs: 004DE42D
ProgramFilesDir, xrefs: 004DE355, 004DE3DC
\Program Files, xrefs: 004DE37C
Failed to get path of 64-bit Program Files directory, xrefs: 004DE3FE

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FolderFreeKnownPathTask
String ID: COMMAND.COM$Common Files$CommonFilesDir$Failed to get path of 64-bit Common Files directory$Failed to get path of 64-bit Program Files directory$ProgramFilesDir$SystemDrive$\Program Files$cmd.exe
API String ID: 969438705-544719455
Opcode ID: ea54a8d18c81022eb9635f3034375d7325494039b5c57a161f9dcbda501413ac
Instruction ID: 97166e09749915100436542396b9c5ee60712ed5df2677c63ab29a003dbf545c
Opcode Fuzzy Hash: ea54a8d18c81022eb9635f3034375d7325494039b5c57a161f9dcbda501413ac
Instruction Fuzzy Hash: 45E09275704604AFE7219FA6DD22F1E7BECE749F00BA144A3F900D66C1D678AD109A18

Uniqueness

Uniqueness Score: -1.00%

Function 0042E82C, Relevance: 3.0, APIs: 2, Instructions: 19
registryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0042E82C(void* __eax) {
				void* _t7;
				void* _t14;

				_t14 = __eax;
				_t7 =  *(__eax + 4);
				if(_t7 != 0) {
					if( *((char*)(__eax + 0xc)) == 0) {
						RegFlushKey(_t7);
					}
					RegCloseKey( *(_t14 + 4)); // executed
					 *(_t14 + 4) = 0;
					return E00406448(_t14 + 0x10, 0);
				}
				return _t7;
			}

0x0042e82d
0x0042e82f
0x0042e834
0x0042e83a
0x0042e83d
0x0042e83d
0x0042e846
0x0042e84d
0x00000000
0x0042e855
0x0042e85b

APIs

RegFlushKey.ADVAPI32(00000000,?,0042E898,?,?,00000000,0042EA5B,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042E83D
RegCloseKey.ADVAPI32(00000000,?,0042E898,?,?,00000000,0042EA5B,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042E846

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseFlush
String ID:
API String ID: 320916635-0
Opcode ID: 16a93b3161b14499929432f6e7b2f7e46b5f1e358ba0c03c6b2a6c7e8b8821db
Instruction ID: a75c305c6264e109eefdb3ee3159a7ab521904fd26116d3b11111d4de8dffc1f
Opcode Fuzzy Hash: 16a93b3161b14499929432f6e7b2f7e46b5f1e358ba0c03c6b2a6c7e8b8821db
Instruction Fuzzy Hash: 2EE0EC607042018BDF54EE7685C560766D85B08304B48C4ABA908DF28BDA78C8048B24

Uniqueness

Uniqueness Score: -1.00%

Function 00471BB0, Relevance: 1.6, APIs: 1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00471BB0(char __eax, signed int __ecx, signed int __edx) {
				char _v8;
				signed int _v9;
				signed int _v10;
				intOrPtr _v14;
				intOrPtr _v18;
				intOrPtr _v22;
				intOrPtr _v26;
				intOrPtr _v30;
				intOrPtr _v34;
				char _v38;
				intOrPtr _t54;
				signed int _t66;
				intOrPtr _t70;
				signed int _t72;
				signed short _t79;
				signed short _t80;
				intOrPtr _t102;
				intOrPtr* _t103;
				void* _t104;

				_v10 = __ecx;
				_v9 = __edx;
				_v8 = __eax;
				_t103 =  &_v8;
				 *((intOrPtr*)( *_t103 + 0x14)) = 0;
				_t79 = 0;
				if( *((char*)( *_t103 + 0x18)) == 1) {
					_t79 = 1;
				}
				if( *((char*)( *_t103 + 0x1c)) != 0) {
					_t102 =  *((intOrPtr*)( *_t103 + 0x10)) - L004714C4( *_t103, _v10 & 0x000000ff, _v9 & 0x000000ff);
					 *((intOrPtr*)( *_t103 + 0x14)) = _t102;
					if(_t102 < 0) {
						 *((intOrPtr*)( *_t103 + 0x14)) = 0;
					}
				}
				_v38 = 0x1c;
				_v34 = 0x17;
				_v30 = 0;
				if( *((intOrPtr*)( *_t103 + 0x14)) <= 0) {
					_v26 = 0;
				} else {
					_v26 =  *((intOrPtr*)( *_t103 + 0x10));
				}
				_v22 = L004714C4( *_t103, _v10 & 0x000000ff, _v9 & 0x000000ff) + 1;
				_t54 =  *((intOrPtr*)( *_t103 + 0xc));
				_v18 = _t54;
				_v14 = _t54;
				 *((char*)( *_t103 + 0x44)) = 0;
				L00471AA8(0, _t104);
				_push(0xffffffff);
				_push( &_v38);
				_push(_t79 & 0x0000ffff);
				_push(L00463A10( *((intOrPtr*)( *_t103 + 4)))); // executed
				L0042E334(); // executed
				L00471930( *_t103,  *((intOrPtr*)( *_t103 + 0xc)));
				_t66 = L004714C4( *_t103, 0, 1);
				asm("cdq");
				_t80 = (_t66 + _t66 * 8) / 0xa;
				 *( *_t103 + 0xa) = _t80;
				_t70 =  *_t103;
				if( *((char*)(_t70 + 0x1f)) == 0) {
					return _t70;
				} else {
					_t72 = (_t80 & 0x0000ffff) / 0xa;
					 *( *_t103 + 8) = _t72;
					return _t72;
				}
			}

0x00471bb9
0x00471bbc
0x00471bbf
0x00471bc2
0x00471bc9
0x00471bcc
0x00471bd4
0x00471bd6
0x00471bd6
0x00471be0
0x00471bf6
0x00471bfa
0x00471bff
0x00471c05
0x00471c05
0x00471bff
0x00471c08
0x00471c0f
0x00471c18
0x00471c21
0x00471c2f
0x00471c23
0x00471c28
0x00471c28
0x00471c42
0x00471c47
0x00471c4a
0x00471c4d
0x00471c54
0x00471c58
0x00471c5e
0x00471c63
0x00471c67
0x00471c72
0x00471c73
0x00471c7f
0x00471c8a
0x00471c97
0x00471c9a
0x00471c9e
0x00471ca2
0x00471ca8
0x00471cc2
0x00471caa
0x00471cb4
0x00471cb8
0x00000000
0x00471cb8

APIs

FlatSB_SetScrollInfo.COMCTL32(00000000,0000001C,0000001C,000000FF,?,?,?), ref: 00471C73

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FlatInfoScroll
String ID:
API String ID: 3347635785-0
Opcode ID: 0b8e56398f003af2e37094571e4d2350b2c0b456a7a3a603069d487ec9884b64
Instruction ID: 504ac3d58b6b0d1a76c6eb64e7d17d5e211bc9fec583fb1852865caf7763fc92
Opcode Fuzzy Hash: 0b8e56398f003af2e37094571e4d2350b2c0b456a7a3a603069d487ec9884b64
Instruction Fuzzy Hash: AF418874A041448FD764CFADC080E9ABBF2AF58300F2485AEE488D7362D239EA04CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00443558, Relevance: 1.6, APIs: 1, Instructions: 93
windowCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E00443558(void* __eax, void* __ebx, intOrPtr* __edx, struct HWND__* __edi, void* __esi) {
				char _v8;
				intOrPtr _t31;
				char _t38;
				struct HWND__* _t41;
				intOrPtr* _t50;
				char _t58;
				intOrPtr* _t64;
				intOrPtr _t74;
				void* _t78;
				intOrPtr _t81;

				_t76 = __edi;
				_push(0);
				_push(__edi);
				_t64 = __edx;
				_t78 = __eax;
				_push(_t81);
				_push(0x443653);
				_push( *[fs:eax]);
				 *[fs:eax] = _t81;
				_t31 =  *0x505054; // 0x508c54
				if( *((char*)(_t31 + 0xc)) == 0) {
					L5:
					_t38 =  *0x508b50; // 0x400000
					_t41 = E0040A124( *((intOrPtr*)(_t64 + 8)), _t64 + 0x4c,  *((intOrPtr*)(_t64 + 0x20)), _t38, 0,  *((intOrPtr*)(_t64 + 0x1c)),  *((intOrPtr*)(_t64 + 0x18)),  *((intOrPtr*)(_t64 + 0x14)),  *((intOrPtr*)(_t64 + 0x10)),  *((intOrPtr*)(_t64 + 0xc)),  *((intOrPtr*)(_t64 + 4))); // executed
					 *(_t78 + 0x24c) = _t41;
					L6:
					E00406604( &_v8,  *_t64);
					E00414FF4( *(_t78 + 0x24c), _t64, 0, 0xc, _t76, _t78, _v8);
					_pop(_t74);
					 *[fs:eax] = _t74;
					_push(0x44365a);
					return L00406438( &_v8);
				}
				_t50 =  *0x505038; // 0x502914
				if( *_t50 == 2 || ( *(__edx + 5) & 0x00000008) == 0) {
					goto L5;
				} else {
					_t58 =  *0x508b50; // 0x400000
					_t76 = E0040A124( *((intOrPtr*)(__edx + 8)), __edx + 0x4c,  *((intOrPtr*)(__edx + 0x20)), _t58, 0,  *((intOrPtr*)(__edx + 0x1c)),  *((intOrPtr*)(__edx + 0x18)),  *((intOrPtr*)(__edx + 0x14)),  *((intOrPtr*)(__edx + 0x10)),  *((intOrPtr*)(__edx + 0xc)),  *(__edx + 4) & 0xfffff7ff);
					 *(_t78 + 0x24c) = _t76;
					if(_t76 != 0) {
						SendMessageW(_t76, 0xcf, 1, 0);
					}
					goto L6;
				}
			}

0x00443558
0x0044355b
0x0044355f
0x00443560
0x00443562
0x00443566
0x00443567
0x0044356c
0x0044356f
0x00443572
0x0044357b
0x004435e3
0x004435fd
0x00443612
0x00443617
0x0044361d
0x00443622
0x00443638
0x0044363f
0x00443642
0x00443645
0x00443652
0x00443652
0x0044357d
0x00443585
0x00000000
0x0044358d
0x004435ac
0x004435c6
0x004435c8
0x004435d0
0x004435dc
0x004435dc
0x00000000
0x004435d0

APIs

Part of subcall function 0040A124: CreateWindowExW.USER32 ref: 0040A163

SendMessageW.USER32(00000000,000000CF,00000001,00000000), ref: 004435DC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateMessageSendWindow
String ID:
API String ID: 304178485-0
Opcode ID: 573815f196507e6d036a7a0ecdccbab3dd7e1bd8fd436307ee9a42e3f2bce8ce
Instruction ID: e11c52fda4a27f151a50197d1ac5bd46fc7fc6e0f52adff070f030d935c3b23c
Opcode Fuzzy Hash: 573815f196507e6d036a7a0ecdccbab3dd7e1bd8fd436307ee9a42e3f2bce8ce
Instruction Fuzzy Hash: 9031E7B2200200AFEB55CF5DD8C1F6777EDEB48700F5584A9BA09CB296D678ED14CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00469970, Relevance: 1.6, APIs: 1, Instructions: 85
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00469970(intOrPtr __eax, void* __edx, char _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _t40;
				intOrPtr _t50;
				intOrPtr _t59;
				intOrPtr _t62;
				intOrPtr _t80;
				intOrPtr _t96;
				intOrPtr _t98;

				_t96 = _t98;
				_v8 = __eax;
				_t40 = _v8;
				_t59 =  *((intOrPtr*)(_t40 + 4));
				if(_t59 == 0) {
					return _t40;
				} else {
					if(_a4 != 0) {
						 *((char*)(_t59 + 0x170)) = 1;
						 *(_t59 + 0x54) =  *(_t59 + 0x54) | 0x00004000;
					}
					_push(_t96);
					_push(0x469a4b);
					_push( *[fs:edx]);
					 *[fs:edx] = _t98;
					if(L0045DF88( *((intOrPtr*)(_v8 + 4))) == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_v8 + 4)) + 0x30)) == 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 4)))) + 0x88))(_a8, _a12);
					} else {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 4)))) + 0x88))(_a8 -  *((intOrPtr*)(_v8 + 0xc)) +  *((intOrPtr*)(_v8 + 0x14)), _a12 -  *((intOrPtr*)(_v8 + 8)) +  *((intOrPtr*)(_v8 + 0x10)));
					}
					_pop(_t80);
					 *[fs:eax] = _t80;
					_push(0x469a52);
					if(_a4 != 0) {
						_t50 = _v8;
						_t62 =  *((intOrPtr*)(_t50 + 4));
						 *((char*)(_t62 + 0x170)) = 0;
						 *(_t62 + 0x54) =  *(_t62 + 0x54) & 0x0000bfff;
						return _t50;
					}
					return 0;
				}
			}

0x00469971
0x0046997b
0x0046997e
0x00469981
0x00469986
0x00469a57
0x0046998c
0x00469990
0x00469992
0x00469999
0x00469999
0x004699a1
0x004699a2
0x004699a7
0x004699aa
0x004699ba
0x00469a1e
0x004699c8
0x00469a02
0x00469a02
0x00469a26
0x00469a29
0x00469a2c
0x00469a35
0x00469a37
0x00469a3a
0x00469a3d
0x00469a44
0x00000000
0x00469a44
0x00469a4a
0x00469a4a

APIs

KiUserCallbackDispatcher.NTDLL(?,?,00000000,00469A4B,?,?,?,?,?,?,0045E76F,00000001,00000000,00000000), ref: 00469A1E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 3a561c3a29907f50821656d42ea964113cf6dca45ace4f921fe87d9dd1b3d9ce
Instruction ID: 33dd6183825d76350a8a11f92c63a114718b24044ad024c6769659ae42eb07a6
Opcode Fuzzy Hash: 3a561c3a29907f50821656d42ea964113cf6dca45ace4f921fe87d9dd1b3d9ce
Instruction Fuzzy Hash: 8B313A35704244EFDB04CF58D594A9ABBFAEF88310F29C1A9E8088B356DB74ED05DB15

Uniqueness

Uniqueness Score: -1.00%

Function 004230E4, Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E004230E4(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x508b50; // 0x400000
				}
				_t10 = FindResourceW(_t20, E004064D4(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E00426954(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x423158);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E004261DC(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(E0042315F);
					return E00404098(_v8);
				}
			}

0x004230e5
0x004230e7
0x004230eb
0x004230ed
0x004230ef
0x004230f3
0x004230f5
0x004230f5
0x0042310d
0x00423110
0x00423112
0x00423166
0x00423114
0x00423125
0x0042312a
0x0042312b
0x00423130
0x00423133
0x0042313b
0x00423140
0x00423144
0x00423147
0x0042314a
0x00423157
0x00423157

APIs

FindResourceW.KERNEL32(00000000,00000000,0000000A,?,108B0050,00000000,00423381,?,004232B0,00000000,004232C8,?,0000FFA6,00000000,00000000), ref: 00423106

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FindResource
String ID:
API String ID: 1635176832-0
Opcode ID: 8185a077245d37cbe22f8d035410122bef49fceb3b2227ad57302fe8e657a3e0
Instruction ID: 4a3a1da4f905cbffce5b1b6ee0bf98fadfa2f2fcfee68d73e4c187ddbaafb2a9
Opcode Fuzzy Hash: 8185a077245d37cbe22f8d035410122bef49fceb3b2227ad57302fe8e657a3e0
Instruction Fuzzy Hash: 3901F271304310AFD710EF6AEC9293AB7EDEB89714792403AF604D7391DA7A9C169628

Uniqueness

Uniqueness Score: -1.00%

Function 004AA208, Relevance: 1.6, APIs: 1, Instructions: 52
windowCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E004AA208(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				void* _t19;
				intOrPtr _t39;
				void* _t45;

				_t44 = _t45;
				_push(__ebx);
				_v16 = 0;
				_v8 = __edx;
				_v12 = __eax;
				_push(_t45);
				_push(0x4aa29e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t45 + 0xfffffff4;
				if( *((char*)(_v12 + 0x298)) != 0) {
					SendMessageW(L00463A10(_v12), 0x435, 0, 0x7ffffffe);
					_t19 = E004AA180(2, _t44); // executed
					if(_t19 != 0) {
						E004AA180(1, _t44);
					}
				} else {
					E0040665C( &_v16, _v8);
					E0045B100(_v12, __ebx, 0, _v16, __esi);
				}
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(0x4aa2a5);
				return L00406438( &_v16);
			}

0x004aa209
0x004aa20e
0x004aa211
0x004aa214
0x004aa217
0x004aa21c
0x004aa21d
0x004aa222
0x004aa225
0x004aa232
0x004aa263
0x004aa26e
0x004aa278
0x004aa280
0x004aa286
0x004aa234
0x004aa23a
0x004aa245
0x004aa24a
0x004aa28a
0x004aa28d
0x004aa290
0x004aa29d

APIs

SendMessageW.USER32(00000000,00000435,00000000,7FFFFFFE), ref: 004AA263

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 95f48fe79b7f0070c44aa0da5875e089468e44ca8ab7114b4da0b454f3a5638f
Instruction ID: 3ab67592e975b4b0c91210ecba32422d82d2f45fb3d2042fb05e181c8722349b
Opcode Fuzzy Hash: 95f48fe79b7f0070c44aa0da5875e089468e44ca8ab7114b4da0b454f3a5638f
Instruction Fuzzy Hash: 00016571A042087FD700DFA5D842B5DB7E9DB19714F5141BAF414A3391DB796920851D

Uniqueness

Uniqueness Score: -1.00%

Function 004AA180, Relevance: 1.5, APIs: 1, Instructions: 49
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AA180(int __eax, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t32;
				int _t45;

				_t45 = __eax;
				_v12 = L00405A4C( *((intOrPtr*)(_a4 - 4)));
				_v28 =  *((intOrPtr*)(_a4 - 4));
				_t32 = _v28;
				if(_t32 != 0) {
					_t32 =  *((intOrPtr*)(_t32 - 4));
				}
				_v8 = _t32;
				if((_t45 & 0x00000001) != 0 && _v8 >= 2 &&  *((short*)( *((intOrPtr*)(_a4 - 4)))) == 0xfeff) {
					_t45 = _t45 | 0x00000010;
					_v12 = _v12 + 2;
					_v8 = _v8 - 2;
				}
				_v24 =  &_v12;
				_v20 = 0;
				_v16 = E004AA144;
				SendMessageW(L00463A10( *((intOrPtr*)(_a4 - 8))), 0x449, _t45,  &_v24); // executed
				return _v20;
			}

0x004aa187
0x004aa194
0x004aa19d
0x004aa1a0
0x004aa1a5
0x004aa1aa
0x004aa1aa
0x004aa1ac
0x004aa1b2
0x004aa1c7
0x004aa1ca
0x004aa1ce
0x004aa1ce
0x004aa1d5
0x004aa1da
0x004aa1e2
0x004aa1fb
0x004aa207

APIs

SendMessageW.USER32(00000000,00000449,?,?), ref: 004AA1FB

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 4fd264f1d484155155ceb63f08e336f327c486bf43db2e8587be4178355d6c5d
Instruction ID: b1399a6e0d261bd4a70e698cd2da3fce8c27263347c229cce97fc1cba37eea5c
Opcode Fuzzy Hash: 4fd264f1d484155155ceb63f08e336f327c486bf43db2e8587be4178355d6c5d
Instruction Fuzzy Hash: 6811FA70A01209EFCB40DFA9C98599EBBF4EB09314F1081A6E948E7351E3349E50DB45

Uniqueness

Uniqueness Score: -1.00%

Function 0045FFF8, Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0045FFF8(intOrPtr* __eax, void* __ecx) {
				char _v16;
				intOrPtr* _t14;
				intOrPtr _t15;
				struct HWND__* _t16;
				void* _t23;
				void* _t24;
				signed int _t27;
				void* _t33;
				intOrPtr* _t34;
				void* _t35;
				long _t36;

				_t14 = __eax;
				_t36 = _t35 + 0xfffffff8;
				_t34 = __eax;
				if( *((intOrPtr*)(__eax + 0x24c)) != 0) {
					_t15 =  *((intOrPtr*)(__eax + 0x1d8));
					if(_t15 != 0) {
						_t23 =  *((intOrPtr*)(_t15 + 8)) - 1;
						if(_t23 >= 0) {
							_t24 = _t23 + 1;
							_t33 = 0;
							do {
								_t27 =  *(L00423514( *((intOrPtr*)(__eax + 0x1d8)), _t33));
								 *((intOrPtr*)(_t27 + 0xb0))();
								_t33 = _t33 + 1;
								_t24 = _t24 - 1;
							} while (_t24 != 0);
						}
					}
					_t16 =  *(_t34 + 0x24c);
					 *_t36 = _t16;
					_v16 = _t27 & 0xffffff00 | ( *(_t34 + 0x55) & 0x00000020) != 0x00000000;
					EnumChildWindows(_t16, 0x45ffb4, _t36); // executed
					_t14 =  *((intOrPtr*)( *_t34 + 0xb8))();
				}
				return _t14;
			}

0x0045fff8
0x0045fffb
0x0045fffe
0x00460007
0x00460009
0x00460011
0x00460016
0x00460019
0x0046001b
0x0046001c
0x0046001e
0x0046002b
0x0046002d
0x00460033
0x00460034
0x00460034
0x0046001e
0x00460019
0x00460037
0x0046003d
0x00460047
0x00460054
0x0046005d
0x0046005d
0x00460068

APIs

EnumChildWindows.USER32 ref: 00460054

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ChildEnumWindows
String ID:
API String ID: 3555792229-0
Opcode ID: 82ee3fee61d26e50e49649728977328f34805d21dbc2901f38f8d39a87d19b0d
Instruction ID: 2adc6b513d2d03d358a797f50149a893bdca0ce90b39a6aad1cb033f243510af
Opcode Fuzzy Hash: 82ee3fee61d26e50e49649728977328f34805d21dbc2901f38f8d39a87d19b0d
Instruction Fuzzy Hash: F10181313087428BD3209A29D888B87F7E5EF81359F18866BA49987291DA749C45CB56

Uniqueness

Uniqueness Score: -1.00%

Function 004C9FAC, Relevance: 1.5, APIs: 1, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E004C9FAC(void* __eax, void* __edi, void* __esi) {
				intOrPtr* _v8;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t4;
				intOrPtr* _t6;
				void* _t15;
				intOrPtr _t21;
				intOrPtr _t25;
				intOrPtr _t27;

				_t25 = _t27;
				_t15 = __eax;
				_t4 =  *0x504d6c; // 0x50c06c
				if( *_t4 < 0x5010000 ||  *0x50bce8 == 0) {
					return _t4;
				} else {
					_t6 = E00470BFC(0, __eax, __edi, __esi); // executed
					_v8 = _t6;
					 *[fs:eax] = _t27;
					 *0x50bce8(0, E004064D4(_t15), 0,  *[fs:eax], 0x4ca00b, _t25); // executed
					_t21 = 0;
					 *[fs:eax] = _t21;
					_push(0x4ca012);
					return E00470CC0(_v8);
				}
			}

0x004c9fad
0x004c9fb1
0x004c9fb3
0x004c9fbe
0x004ca015
0x004c9fc9
0x004c9fcb
0x004c9fd0
0x004c9fde
0x004c9fef
0x004c9ff7
0x004c9ffa
0x004c9ffd
0x004ca00a
0x004ca00a

APIs

Part of subcall function 00470BFC: GetCurrentThreadId.KERNEL32 ref: 00470C53
Part of subcall function 00470BFC: EnumThreadWindows.USER32(00000000,00470BAC,00000000), ref: 00470C59

SHPathPrepareForWriteW.SHELL32(00000000,00000000,00000000,00000000,00000000,004CA00B,?,00000000,?,?,004CA292,00000000,00000000,004CA31C), ref: 004C9FEF

Part of subcall function 00470CC0: IsWindow.USER32(?), ref: 00470CCE
Part of subcall function 00470CC0: EnableWindow.USER32(?,000000FF), ref: 00470CDD

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ThreadWindow$CurrentEnableEnumPathPrepareWindowsWrite
String ID:
API String ID: 3319771486-0
Opcode ID: 62d0fbe5e84b3b3114ab05a46df32029b906e465e3373ab5a32c607c35d4071d
Instruction ID: ab61ebd11688c1f5228e1637e4fd017bde6633cefa93b1203f381c591cdf9357
Opcode Fuzzy Hash: 62d0fbe5e84b3b3114ab05a46df32029b906e465e3373ab5a32c607c35d4071d
Instruction Fuzzy Hash: 79F02434244304EFF7158F66EC56F1A73E8F309718F61443AF104C3190DA7A9C50A629

Uniqueness

Uniqueness Score: -1.00%

Function 00414FF2, Relevance: 1.5, APIs: 1, Instructions: 33
windowCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E00414FF2(struct HWND__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, char _a4) {
				struct HWND__* _t15;
				intOrPtr _t21;
				int _t25;
				intOrPtr _t28;

				_t25 = __edx;
				_t15 = __eax;
				L00406430(_a4);
				_push(_t28);
				_push(0x41503f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				SendMessageW(_t15, _t25, __ecx, E004064D4(_a4)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00415046);
				return L00406438( &_a4);
			}

0x00414ffc
0x00414ffe
0x00415003
0x0041500a
0x0041500b
0x00415010
0x00415013
0x00415022
0x0041502b
0x0041502e
0x00415031
0x0041503e

APIs

SendMessageW.USER32(?,?,?,00000000), ref: 00415022

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 5de256d1273c56407486b3b2b18b454f9c51500707d336b04d1538bb1563cdee
Instruction ID: b4e77840fe86c1a9a15b620e24bf89c841d9b994244da7b6d11ca4a9a5cce54a
Opcode Fuzzy Hash: 5de256d1273c56407486b3b2b18b454f9c51500707d336b04d1538bb1563cdee
Instruction Fuzzy Hash: 7BF0ED30204604BFD310EA2ACC42CA77FDCDB8EB94382843ABC08D3652EA789C1080AC

Uniqueness

Uniqueness Score: -1.00%

Function 00414FF4, Relevance: 1.5, APIs: 1, Instructions: 32
windowCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E00414FF4(struct HWND__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, char _a4) {
				struct HWND__* _t15;
				intOrPtr _t21;
				int _t25;
				intOrPtr _t28;

				_t25 = __edx;
				_t15 = __eax;
				L00406430(_a4);
				_push(_t28);
				_push(0x41503f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				SendMessageW(_t15, _t25, __ecx, E004064D4(_a4)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00415046);
				return L00406438( &_a4);
			}

0x00414ffc
0x00414ffe
0x00415003
0x0041500a
0x0041500b
0x00415010
0x00415013
0x00415022
0x0041502b
0x0041502e
0x00415031
0x0041503e

APIs

SendMessageW.USER32(?,?,?,00000000), ref: 00415022

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fb65fbd9a5d22e5868ae5a156bf56d1ae0d68fbf666a4fb3df8e53439fe0124a
Instruction ID: 15d5ac83eed9c3dcd1f8424a3613cd65ef4208e20a25ca006d7fb2729d27d5b8
Opcode Fuzzy Hash: fb65fbd9a5d22e5868ae5a156bf56d1ae0d68fbf666a4fb3df8e53439fe0124a
Instruction Fuzzy Hash: C2E0ED30204604BFD310EA2ACC42CA77FDCDB8EB94382843AB808D3652EA789C1080AC

Uniqueness

Uniqueness Score: -1.00%

Function 0045AF7C, Relevance: 1.5, APIs: 1, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E0045AF7C(intOrPtr* __eax, void* __edx) {
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v28;
				intOrPtr _v32;
				intOrPtr* _t31;

				asm("movsd");
				asm("movsd");
				 *((intOrPtr*)( *__eax + 0x44))();
				_push( *((intOrPtr*)(__eax + 0x48)) - _v20 +  *_t31);
				_push( *((intOrPtr*)(__eax + 0x4c)) - _v16 + _v32);
				return  *((intOrPtr*)( *__eax + 0x88))();
			}

0x0045af87
0x0045af88
0x0045af93
0x0045afa0
0x0045afac
0x0045afc3

APIs

KiUserCallbackDispatcher.NTDLL(?,?), ref: 0045AFB7

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: c4643b4b68760a8d6199615b02a577f63622df5181be579b687e7404b3f1c16c
Instruction ID: ae7e1c5642afe656c6ce1464cd9707bf1fd320cf40c09bb8fbf1a9685e4a0d09
Opcode Fuzzy Hash: c4643b4b68760a8d6199615b02a577f63622df5181be579b687e7404b3f1c16c
Instruction Fuzzy Hash: 7EF0D4362042019FC704DF5CC8C498ABBE5FF89255F4446A8FA89CB356DA32E858CB92

Uniqueness

Uniqueness Score: -1.00%

Function 004A494C, Relevance: 1.5, APIs: 1, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004A494C(struct HDC__* __eax, int __edx, int _a4) {
				struct tagRECT* _v8;
				int _t9;
				struct tagRECT* _t12;
				struct HDC__* _t14;
				int _t15;

				_v8 = _t12;
				_t15 = __edx;
				_t14 = __eax;
				_t10 = __edx;
				if(__edx != 0) {
					_t10 =  *(__edx - 4);
				}
				_t9 = DrawTextW(_t14, E004064D4(_t15), _t10, _v8, _a4); // executed
				return _t9;
			}

0x004a4953
0x004a4956
0x004a4958
0x004a495a
0x004a495e
0x004a4963
0x004a4963
0x004a4977
0x004a4981

APIs

DrawTextW.USER32(?,00000000,00000000,?,?), ref: 004A4977

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DrawText
String ID:
API String ID: 2175133113-0
Opcode ID: 8cd70315d7187254e1599707e1ebb882dff13d65b8fa23297fc8c541d9ba8e7d
Instruction ID: d44062532e91153f92044cf75d8a343a9ddeda22a2273d3c524c09aff5e9e453
Opcode Fuzzy Hash: 8cd70315d7187254e1599707e1ebb882dff13d65b8fa23297fc8c541d9ba8e7d
Instruction Fuzzy Hash: 66E04FB37042147F6704DA9EADC1D6BF7ECDA99664310403AFA08E3301D574AD0182B8

Uniqueness

Uniqueness Score: -1.00%

Function 0048087C, Relevance: 1.5, APIs: 1, Instructions: 28
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0048087C(long __eax, void* __edx) {
				short _v2052;
				signed int _t7;
				void* _t10;
				signed int _t16;
				void* _t17;

				_t10 = __edx;
				_t7 = FormatMessageW(0x3200, 0, __eax, 0,  &_v2052, 0x400, 0); // executed
				while(_t7 > 0) {
					_t16 =  *(_t17 + _t7 * 2 - 2) & 0x0000ffff;
					if(_t16 <= 0x20) {
						L1:
						_t7 = _t7 - 1;
						__eflags = _t7;
						continue;
					} else {
						_t20 = _t16 - 0x2e;
						if(_t16 == 0x2e) {
							goto L1;
						}
					}
					break;
				}
				return E00406584(_t10, _t7, _t17, _t20);
			}

0x00480883
0x0048089b
0x004808a3
0x004808a7
0x004808b0
0x004808a2
0x004808a2
0x004808a2
0x00000000
0x004808b2
0x004808b2
0x004808b6
0x00000000
0x00000000
0x004808b6
0x00000000
0x004808b0
0x004808c9

APIs

FormatMessageW.KERNEL32(00003200,00000000,00000000,00000000,?,00000400,00000000,00000000,004AA95E,00000000,004AA9AF,?,004AAB90), ref: 0048089B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: a71dd8b6ecc17ab16b5fd190bbb7372696dbcf7a8d05847f5d675a72fe716238
Instruction ID: aab9e7cd74eeccd42596a0313d2d04cd802c2727da9f391265aa23357043e6e1
Opcode Fuzzy Hash: a71dd8b6ecc17ab16b5fd190bbb7372696dbcf7a8d05847f5d675a72fe716238
Instruction Fuzzy Hash: 7EE0D860B6430225F27431490C53F7F11499FC0B00FA4483676809D7DAD6AD98D993DF

Uniqueness

Uniqueness Score: -1.00%

Function 0047EAF0, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E0047EAF0(void* __eax, void* __ebx, void* __ecx, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t24;

				_push(0);
				_push(_t24);
				_push(0x47eb36);
				_push( *[fs:eax]);
				 *[fs:eax] = _t24;
				E0047EA84(__eax, __ecx,  &_v8, __eflags);
				GetFileAttributesW(E004064D4(_v8)); // executed
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E0047EB3D);
				return L00406438( &_v8);
			}

0x0047eaf3
0x0047eafa
0x0047eafb
0x0047eb00
0x0047eb03
0x0047eb0b
0x0047eb19
0x0047eb22
0x0047eb25
0x0047eb28
0x0047eb35

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,0047EB36,?,00000000,00000000,?,0047EB86,00000000,004AD259,00000000,004AD27A,?,00000000,00000000), ref: 0047EB19

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 01500d1026585a2ff11322f49bb50a5149f4299f696efe3803ac1df52f52bf88
Instruction ID: 2bb03c8bc3e63462193d8b19a19c0dc88d26945139d61dae7d8f27ec2ae29b2c
Opcode Fuzzy Hash: 01500d1026585a2ff11322f49bb50a5149f4299f696efe3803ac1df52f52bf88
Instruction Fuzzy Hash: 08E09231704344BFD711EB77CC53949B7ECE74C704BA288B6F405E3682E678AE108558

Uniqueness

Uniqueness Score: -1.00%

Function 0045FDFC, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E0045FDFC(intOrPtr __eax) {
				intOrPtr _v8;
				int _t15;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t25;

				_v8 = __eax;
				 *(_v8 + 0x54) =  *(_v8 + 0x54) | 0x00000200;
				_push(_t25);
				_push(0x45fe49);
				_push( *[fs:eax]);
				 *[fs:eax] = _t25;
				_t15 = DestroyWindow( *(_v8 + 0x24c)); // executed
				if(_t15 == 0) {
					L004135BC();
				}
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(0x45fe50);
				_t17 = _v8;
				 *(_t17 + 0x54) =  *(_t17 + 0x54) & 0x0000fdff;
				return _t17;
			}

0x0045fe00
0x0045fe06
0x0045fe0e
0x0045fe0f
0x0045fe14
0x0045fe17
0x0045fe24
0x0045fe2b
0x0045fe2d
0x0045fe2d
0x0045fe34
0x0045fe37
0x0045fe3a
0x0045fe3f
0x0045fe42
0x0045fe48

APIs

DestroyWindow.USER32(?,00000000,0045FE49), ref: 0045FE24

Part of subcall function 004135BC: GetLastError.KERNEL32(0040AA79,00000000,00400000,00000000,00400000,CHARTABLE,0000000A,?,?,0040A9F4,00000000,00451ABD,00000000,00451BD7), ref: 004135BC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DestroyErrorLastWindow
String ID:
API String ID: 1182162058-0
Opcode ID: 867ff450d70524fe63aa754b0f8bfe42a1835dbfea5dd59b621c3541c527c495
Instruction ID: 8bc6597d40b90e1f926ddf57c0d32e4619ab0118fdac3a5b753122f2e679815d
Opcode Fuzzy Hash: 867ff450d70524fe63aa754b0f8bfe42a1835dbfea5dd59b621c3541c527c495
Instruction Fuzzy Hash: 10F0A030604304EFD712CF69CA56D1EB7F8EB08B00B6200BAF804D3662E338ED08A619

Uniqueness

Uniqueness Score: -1.00%

Function 004080D0, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004080D0(void* __eax) {
				short _v532;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				WCHAR* _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x400000
					GetModuleFileNameW( *_t3,  &_v532, 0x20a);
					_t14 = E00408370(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x400000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x400000
				return  *_t7;
			}

0x004080d8
0x004080de
0x004080ea
0x004080ee
0x004080f7
0x004080fc
0x004080fe
0x00408103
0x00408105
0x00408108
0x00408108
0x00408103
0x0040810b
0x00408116

APIs

GetModuleFileNameW.KERNEL32(00400000,?,0000020A), ref: 004080EE

Part of subcall function 00408370: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00400000,005027F0), ref: 0040838C
Part of subcall function 00408370: RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005027F0), ref: 004083AC
Part of subcall function 00408370: RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105,00400000,005027F0), ref: 004083CA
Part of subcall function 00408370: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000), ref: 004083E8
Part of subcall function 00408370: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 00408406
Part of subcall function 00408370: RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,00000000,004084A4,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?), ref: 0040844F
Part of subcall function 00408370: RegQueryValueExW.ADVAPI32(?,00408698,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,004084A4,?,80000001), ref: 0040846D
Part of subcall function 00408370: RegCloseKey.ADVAPI32(?,004084AB,00000000,?,?,00000000,004084A4,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 0040849E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Open$FileModuleNameQueryValue$Close
String ID:
API String ID: 2796650324-0
Opcode ID: 6d7ca68d75fa4230207e8bf5216afb727d6242516d6ec55213392f30d600521f
Instruction ID: 3970bc2d34380e59235853d60ecf92922676daedb8835f9a67ac2a530b45cafe
Opcode Fuzzy Hash: 6d7ca68d75fa4230207e8bf5216afb727d6242516d6ec55213392f30d600521f
Instruction Fuzzy Hash: 02E0C971A003209BCB14DE58C9C5A473794AF08764F0449AAED54DF396D775DD208BD5

Uniqueness

Uniqueness Score: -1.00%

Function 004AAB10, Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004AAB10(signed int __ecx, void* __edx, signed char _a4, signed char _a8) {
				void* _t17;

				_t17 = CreateFileW(E004064D4(__edx),  *(0x504244 + (_a8 & 0x000000ff) * 4),  *(0x504250 + (_a4 & 0x000000ff) * 4), 0,  *(0x504260 + (__ecx & 0x000000ff) * 4), 0x80, 0); // executed
				return _t17;
			}

0x004aab4d
0x004aab55

APIs

CreateFileW.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 004AAB4D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 4fdd9f033404721df2e155fd5605cef61fe1f312c88f640614ddb3b7f7a101af
Instruction ID: 5de1926a2839ddf32ba0c0ef62d3103c8ca3c69ea4801b3e123a2d7eb7fa098d
Opcode Fuzzy Hash: 4fdd9f033404721df2e155fd5605cef61fe1f312c88f640614ddb3b7f7a101af
Instruction Fuzzy Hash: 3BE04FB534426C3ED200AA9DBC51F7A77DC9759719F008013FA94DB282C07A9E14ABF8

Uniqueness

Uniqueness Score: -1.00%

Function 0047FCE8, Relevance: 1.5, APIs: 1, Instructions: 26
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047FCE8(void* __eax, short* __ecx, void* __edx, int* _a4, void** _a8, struct _SECURITY_ATTRIBUTES* _a12, int _a16, int _a20, short* _a24, int _a28) {
				long _t15;
				short* _t16;
				void* _t17;
				int _t18;

				_t17 = __edx;
				_t16 = __ecx;
				_t18 = _a16;
				if(__eax == 2) {
					_t18 = _t18 | 0x00000100;
				}
				_t15 = RegCreateKeyExW(_t17, _t16, _a28, _a24, _a20, _t18, _a12, _a8, _a4); // executed
				return _t15;
			}

0x0047fce8
0x0047fce8
0x0047fcec
0x0047fcf1
0x0047fcf3
0x0047fcf3
0x0047fd14
0x0047fd1b

APIs

RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?), ref: 0047FD14

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 4d8780b082cb17675e2ccbe2fcd0e9af29cea4848a969c8d517a1122db3e5fe2
Instruction ID: e0324ee88b814fa4232cf693952619af2d285c9fcc3fcc9da0a056ce71b8dee9
Opcode Fuzzy Hash: 4d8780b082cb17675e2ccbe2fcd0e9af29cea4848a969c8d517a1122db3e5fe2
Instruction Fuzzy Hash: 30E05AB260011DAF9B40DE8CDC81EEB77ADAB1D250B408016FE08D7241C274EC518BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0047B41C, Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047B41C(intOrPtr _a4) {
				long _t27;

				_t27 = DefWindowProcW( *( *((intOrPtr*)(_a4 - 4)) + 0x170),  *( *(_a4 - 8)), ( *(_a4 - 8))[1], ( *(_a4 - 8))[2]); // executed
				( *(_a4 - 8))[3] = _t27;
				return _t27;
			}

0x0047b449
0x0047b454
0x0047b458

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 0047B449

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: 25634872d4ce72af03b89055b95a040c859e08475323948650b878a0dc1210d4
Instruction ID: 5cb162f3b9425c3554eccc2811f6088f8d6969fb27f58a237ed41856848cae58
Opcode Fuzzy Hash: 25634872d4ce72af03b89055b95a040c859e08475323948650b878a0dc1210d4
Instruction Fuzzy Hash: 28F0B379205609AFCB40DF99D588D9ABBE8BB4C260B058595B988CB322C234FD818B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D5E0, Relevance: 1.5, APIs: 1, Instructions: 23
fileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E0040D5E0(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}

0x0040d5e3
0x0040d5f4
0x0040d5fb
0x0040d5fd
0x0040d5fd
0x0040d60b

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040D5F4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 849ccb1cc630722e820f8d22c01cec317a8f6614d22617264c0f7bedcd348476
Instruction ID: 1e4c6feb8bd0c14f171d90cc00ea43c501c6847d79150b28584173b472c14f22
Opcode Fuzzy Hash: 849ccb1cc630722e820f8d22c01cec317a8f6614d22617264c0f7bedcd348476
Instruction Fuzzy Hash: 0DD012B22081506AD220A55B5C44DA75ADCCBC5770F10463AB658C2281D620CC058275

Uniqueness

Uniqueness Score: -1.00%

Function 0045A758, Relevance: 1.5, APIs: 1, Instructions: 19
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E0045A758(intOrPtr* __eax, void* __edx) {
				void* _t15;
				intOrPtr _t16;

				_push( *((intOrPtr*)(__eax + 0x4c)));
				_t15 =  *((intOrPtr*)( *__eax + 0x88))();
				 *(__eax + 0x88) =  *(__eax + 0x88) | 0x00000004;
				if(( *(__eax + 0x1c) & 0x00000002) != 0) {
					_t16 =  *((intOrPtr*)(__eax + 0x48));
					 *((intOrPtr*)(__eax + 0x194)) = _t16;
					return _t16;
				}
				return _t15;
			}

0x0045a760
0x0045a76b
0x0045a771
0x0045a77c
0x0045a77e
0x0045a781
0x00000000
0x0045a781
0x0045a789

APIs

KiUserCallbackDispatcher.NTDLL(?,00000000,?,?,004C4A09,0000000C), ref: 0045A76B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: c7cf7074a665caa880df6352a8bf1e0f51914274fe53a4cf435d6a591524547b
Instruction ID: 4fed6f1bead1e826d82ef6c1d6d08b942746fe2498122949f57dd92a01f9b926
Opcode Fuzzy Hash: c7cf7074a665caa880df6352a8bf1e0f51914274fe53a4cf435d6a591524547b
Instruction Fuzzy Hash: E2E0BF752002408FEB44CE58C4C5B527BE4AF49215F4480E5EE49CF35BD775DC45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00481434, Relevance: 1.5, APIs: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00481434(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t5;
				long _t7;

				_t5 = _a8;
				if(_t5 != 0x10) {
					_t7 = DefWindowProcW(_a4, _t5, _a12, _a16); // executed
					return _t7;
				}
				return 0;
			}

0x00481437
0x0048143d
0x00481450
0x00000000
0x00481450
0x00000000

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 00481450

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ProcWindow
String ID:
API String ID: 181713994-0
Opcode ID: d1f572c8df8d45808f434a8084c194e2c96dbff8bf9edfc5a4f2fe1318614efb
Instruction ID: 0016984d6659a185f013249d18ee087c054b1a6ff239e6549a9d0a57eb8f3b16
Opcode Fuzzy Hash: d1f572c8df8d45808f434a8084c194e2c96dbff8bf9edfc5a4f2fe1318614efb
Instruction Fuzzy Hash: 60D0A77110010D6FCB00DD98D840CAF33ACAB88B10B10CC06F919C7212C634FC5187B5

Uniqueness

Uniqueness Score: -1.00%

Function 0047EB44, Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047EB44(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesW(E004064D4(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) != 0) {
					return 0;
				} else {
					return 1;
				}
			}

0x0047eb4f
0x0047eb57
0x0047eb60
0x0047eb61
0x0047eb64
0x0047eb64

APIs

GetFileAttributesW.KERNEL32(00000000,00000000,004ABD07,00000000,?), ref: 0047EB4F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 975f53d88cea3fe7f0012b4993e8238b103f4f20d6890ad68db02f2c4c1cf399
Instruction ID: 51270bde0d8cc8ec99cae62ce868433d80924152b8d70de0c8c870994d55acf5
Opcode Fuzzy Hash: 975f53d88cea3fe7f0012b4993e8238b103f4f20d6890ad68db02f2c4c1cf399
Instruction Fuzzy Hash: 59C08CE16112001A9E10E2FF0CC648B02C8094933C3644FB7F03EE23E3E23DA822211C

Uniqueness

Uniqueness Score: -1.00%

Function 00409458, Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,00000001,00000000,?,004FE333,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668,?,?,00000000,?), ref: 0040946E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
Instruction ID: 2731864b0b5e3a088948824bae72fe0e700cd8c627f608496357a5823e14ea87
Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
Instruction Fuzzy Hash: 71C01273160248ABCB00EEE9CC06D9B33DCAB28609B00C829B92CDB102C139E9908B64

Uniqueness

Uniqueness Score: -1.00%

Function 0042BCE0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,00000000), ref: 0042BCF4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
Instruction ID: 48f25c4fc7afed193c39a16cc91a0304f94a1296cd048c63733264e3b5f0309e
Opcode Fuzzy Hash: aa2ab5d04534ce78fd06398472ac87fc8e200d4b6eb1d54961e47d4e7a3c3f50
Instruction Fuzzy Hash: D2D0C932100108AFDB018E94AC018677B69EB48210B148815FD0485221D633E831AA91

Uniqueness

Uniqueness Score: -1.00%

Function 004C3E64, Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,004C4BD9,00000000,00000000,00000000,0000000C), ref: 004C3E79

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 9b0c72239ccaca0190836299fb0a6069d56c884ff20631f0de36f37fde58ba5d
Instruction ID: 23d04abac229bcf66aaf442f814edf6cb2d68a26ccb933b11de5ffd061268eca
Opcode Fuzzy Hash: 9b0c72239ccaca0190836299fb0a6069d56c884ff20631f0de36f37fde58ba5d
Instruction Fuzzy Hash: F5D0E9B52101029FD744CE5DC9C4D95B7E9FF4C21175481A4F609CB316EB66FC85CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 004AAC74, Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,?,004B8267,00000000,004B83F9,?,00000000,00000002,00000002), ref: 004AAC7B

Part of subcall function 004AA9EC: GetLastError.KERNEL32(004AA780,004AAAB7,?,004FDBB4,00000001,00000000,00000002,00000000,004FDD55,?,?,00000005,00000000,004FDD8E), ref: 004AA9EF

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 351eeb30cd41957f7cb464669e35ada0d1404ca6a40d9ddf30320966c7c1cfb8
Instruction ID: 242d799680f052610c1cb83d63b003a7645a65ebb046a71bb5bfcc4518069ac9
Opcode Fuzzy Hash: 351eeb30cd41957f7cb464669e35ada0d1404ca6a40d9ddf30320966c7c1cfb8
Instruction Fuzzy Hash: 8AC09BE131020187DF11EABEC5C1A0763DC6F1D3143444466F549CF217D768DC10C75A

Uniqueness

Uniqueness Score: -1.00%

Function 0040DD04, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNEL32(00000000,?,004FDB42,00000000,004FDD55,?,?,00000005,00000000,004FDD8E,?,?,00000000,?), ref: 0040DD0F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 5e2741f406a566ac20dd53898cd79c442441464cd05229c01c6d26d87152863f
Instruction ID: 760e6ac4e30c85a6c7c9acfda4d72fc248caca873c4b92e09980cd14d23c5683
Opcode Fuzzy Hash: 5e2741f406a566ac20dd53898cd79c442441464cd05229c01c6d26d87152863f
Instruction Fuzzy Hash: C7B012E3F302401ACB007AFE0CC180D00CC951860E7110C3FB006E31D3D43EC8140118

Uniqueness

Uniqueness Score: -1.00%

Function 00408DCE, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00408DD4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: ce29b5d2e090cee81fdcbee02132d35637f2953bf04ff818f1586bc486ffd9c4
Instruction ID: 49db0b3b33c2bf6e97ae97d93976948e2610fce81232a523bb2059fdc29b762b
Opcode Fuzzy Hash: ce29b5d2e090cee81fdcbee02132d35637f2953bf04ff818f1586bc486ffd9c4
Instruction Fuzzy Hash: 20B012246084020BC504A72D4C4344F31C01A40224FC42634785CE56D2F62DC9B503DF

Uniqueness

Uniqueness Score: -1.00%

Function 00413CAF, Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00413CB1), ref: 00413CA4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 534a8ee811bc55c6c9a8c602d35d62d22f7629fd39b459a8fdb9d8c680905833
Instruction ID: 754c34c688c062f3ad774ae1f62c56ccb4e6504a3f1d33e77c3a12713a2d13f6
Opcode Fuzzy Hash: 534a8ee811bc55c6c9a8c602d35d62d22f7629fd39b459a8fdb9d8c680905833
Instruction Fuzzy Hash: 00A0223BC00000F2CF00AEE0C00088C33382A083003C008833008B3082F03C8A00030C

Uniqueness

Uniqueness Score: -1.00%

Function 0042BD08, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,0050BC38,00000000,00000000,?,0042BE6B,00000000,00000B06,00000000,00400000,00000000,00000000,00000000), ref: 0042BD26

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b1b39261860be757938f1e3b03389e4a1231d0f724abb6382cc17b64e77e588a
Instruction ID: 6b31fb2f33bbe4fe12c45ac344cf3817c842f0af1773a987dad5548b9ca9cf69
Opcode Fuzzy Hash: b1b39261860be757938f1e3b03389e4a1231d0f724abb6382cc17b64e77e588a
Instruction Fuzzy Hash: 2D114C343403199FC710DF19D881B86BBE5FF58350F50C53AE9988B385D374E9058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004AD804, Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,004AD870), ref: 004AD852

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: ead1f182d4bc557158a8d7a75a1c7f5afcaf6fb7894ed86ff90b817f4fdf3820
Instruction ID: dc377ecba4bc59826d84f5731e4709c3e0bd63d95e98ea8b0dad1aa82d21acd3
Opcode Fuzzy Hash: ead1f182d4bc557158a8d7a75a1c7f5afcaf6fb7894ed86ff90b817f4fdf3820
Instruction Fuzzy Hash: 7B01FC71A042086F8711DB6A9C514BEBBE8DB5A320750427BF424D3681DA3C9E1096A8

Uniqueness

Uniqueness Score: -1.00%

Function 004017F8, Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,00401E07,?,00401ADA), ref: 0040180E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5d1f62ad247cbe67ca2a105773c48f0b04cd6e470e57aae5a891e4acb4eadd7e
Instruction ID: 03b0546ac705445d345df6d4e88d4e8d7795d62d4a8be454eee869accf12312c
Opcode Fuzzy Hash: 5d1f62ad247cbe67ca2a105773c48f0b04cd6e470e57aae5a891e4acb4eadd7e
Instruction Fuzzy Hash: 9AF049B1B513008BDB15AF799D4130A7AD2F789308F10C13DEA09EB7A9E77584169B00

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00434448, Relevance: 48.5, APIs: 32, Instructions: 500
windowCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00434448(struct HBITMAP__* __eax, struct HPALETTE__* __ecx, struct HPALETTE__* __edx, intOrPtr _a4, signed int _a8) {
				struct HBITMAP__* _v8;
				struct HPALETTE__* _v12;
				struct HPALETTE__* _v16;
				struct HPALETTE__* _v20;
				void* _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				struct HDC__* _v36;
				struct HPALETTE__* _v40;
				BITMAPINFO* _v44;
				void* _v48;
				intOrPtr _v52;
				struct tagRGBQUAD _v56;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v132;
				intOrPtr _v136;
				void _v140;
				struct tagRECT _v156;
				void* __ebx;
				void* __ebp;
				signed int _t229;
				int _t281;
				signed int _t290;
				signed short _t292;
				struct HBRUSH__* _t366;
				struct HPALETTE__* _t422;
				signed int _t441;
				intOrPtr _t442;
				intOrPtr _t444;
				intOrPtr _t445;
				void* _t455;
				void* _t457;
				void* _t459;
				intOrPtr _t460;

				_t457 = _t459;
				_t460 = _t459 + 0xffffff68;
				_push(_t419);
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 = 0;
				if( *(_a8 + 0x18) == 0 ||  *(_a8 + 0x1c) != 0 &&  *(_a8 + 0x20) != 0) {
					if( *(_a8 + 0x18) != 0 ||  *(_a8 + 4) != 0 &&  *(_a8 + 8) != 0) {
						L00433FD4(_v8);
						_v116 = 0;
						if(_v8 != 0 && GetObjectW(_v8, 0x54,  &_v140) < 0x18) {
							E00432838();
						}
						_v28 = E0043294C(GetDC(0));
						_v32 = E0043294C(CreateCompatibleDC(_v28));
						_push(_t457);
						_push(0x434a96);
						_push( *[fs:edx]);
						 *[fs:edx] = _t460;
						if( *(_a8 + 0x18) >= 0x28) {
							_v44 = E00403018(0x42c);
							_push(_t457);
							_push(0x4347a0);
							_push( *[fs:edx]);
							 *[fs:edx] = _t460;
							 *(_a8 + 0x18) = 0x28;
							 *((short*)(_a8 + 0x24)) = 1;
							if( *(_a8 + 0x26) == 0) {
								_t290 = GetDeviceCaps(_v28, 0xc);
								_t292 = GetDeviceCaps(_v28, 0xe);
								_t419 = _t290 * _t292;
								 *(_a8 + 0x26) = _t290 * _t292;
							}
							_t55 = _a8 + 0x18; // 0x18
							memcpy(_v44, _t55, 0xa << 2);
							 *(_a8 + 4) =  *(_a8 + 0x1c);
							_t441 = _a8;
							 *(_t441 + 8) =  *(_a8 + 0x20);
							if( *(_a8 + 0x26) > 8) {
								_t229 =  *(_a8 + 0x26) & 0x0000ffff;
								if(_t229 == 0x10) {
									L30:
									if(( *(_a8 + 0x28) & 0x00000003) != 0) {
										E004343FC(_a8);
										_t104 =  &(_v44->bmiColors); // 0x28
										_t441 = _t104;
										E004031D0(_a8 + 0x40, 0xc, _t441);
									}
								} else {
									_t441 = _a8;
									if(_t229 == 0x20) {
										goto L30;
									}
								}
							} else {
								if( *(_a8 + 0x26) != 1 || _v8 != 0 && _v120 != 0) {
									if(_v16 == 0) {
										if(_v8 != 0) {
											_v24 = SelectObject(_v32, _v8);
											if(_v116 <= 0 || _v120 == 0) {
												asm("cdq");
												GetDIBits(_v32, _v8, 0, ( *(_a8 + 0x20) ^ _t441) - _t441, 0, _v44, 0);
											} else {
												_t281 = GetDIBColorTable(_v32, 0, 0x100,  &(_v44->bmiColors));
												_t441 = _a8;
												 *(_t441 + 0x38) = _t281;
											}
											SelectObject(_v32, _v24);
										}
									} else {
										_t76 =  &(_v44->bmiColors); // 0x28
										_t441 = _t76;
										E004330E8(_v16, 0xff, _t441);
									}
								} else {
									_t441 = 0;
									_v44->bmiColors = 0;
									 *((intOrPtr*)(_v44 + 0x2c)) = 0xffffff;
								}
							}
							_v20 = E0043294C(CreateDIBSection(_v28, _v44, 0,  &_v48, 0, 0));
							if(_v48 == 0) {
								E004328A4(_t419);
							}
							if(_v8 == 0 ||  *(_a8 + 0x1c) != _v136 ||  *(_a8 + 0x20) != _v132 ||  *(_a8 + 0x26) <= 8) {
								_pop(_t442);
								 *[fs:eax] = _t442;
								_push(0x4347a7);
								return E00403034(_v44);
							} else {
								asm("cdq");
								GetDIBits(_v32, _v8, 0, ( *(_a8 + 0x20) ^ _t441) - _t441, _v48, _v44, 0);
								E00404B68();
								E00404B68();
								goto L58;
							}
						} else {
							if(( *(_a8 + 0x10) & 0x0000ffff |  *(_a8 + 0x12)) != 1) {
								_v20 = E0043294C(CreateCompatibleBitmap(_v28,  *(_a8 + 4),  *(_a8 + 8)));
							} else {
								_v20 = E0043294C(CreateBitmap( *(_a8 + 4),  *(_a8 + 8), 1, 1, 0));
							}
							E0043294C(_v20);
							_v24 = E0043294C(SelectObject(_v32, _v20));
							_push(_t457);
							_push(0x434a47);
							_push( *[fs:eax]);
							 *[fs:eax] = _t460;
							_push(_t457);
							_push(0x434a36);
							_push( *[fs:eax]);
							 *[fs:eax] = _t460;
							_v40 = 0;
							_t422 = 0;
							if(_v16 != 0) {
								_v40 = SelectPalette(_v32, _v16, 0);
								RealizePalette(_v32);
							}
							_push(_t457);
							_push(0x434a14);
							_push( *[fs:eax]);
							 *[fs:eax] = _t460;
							if(_a4 == 0) {
								PatBlt(_v32, 0, 0,  *(_a8 + 4),  *(_a8 + 8), 0xff0062);
							} else {
								_t366 = L0043170C( *((intOrPtr*)(_a4 + 0x14)));
								E00409158(0,  *(_a8 + 4), 0,  &_v156,  *(_a8 + 8));
								FillRect(_v32,  &_v156, _t366);
								SetTextColor(_v32, E004306C0( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc)) + 0x18))));
								SetBkColor(_v32, E004306C0(L004316B0( *((intOrPtr*)(_a4 + 0x14)))));
								if( *(_a8 + 0x26) == 1 &&  *((intOrPtr*)(_a8 + 0x14)) != 0) {
									_v56 = E004306C0( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc)) + 0x18)));
									_v52 = E004306C0(L004316B0( *((intOrPtr*)(_a4 + 0x14))));
									SetDIBColorTable(_v32, 0, 2,  &_v56);
								}
							}
							if(_v8 == 0) {
								_pop(_t444);
								 *[fs:eax] = _t444;
								_push(0x434a1b);
								if(_v16 != 0) {
									return SelectPalette(_v32, _v40, 0xffffffff);
								}
								return 0;
							} else {
								_v36 = E0043294C(CreateCompatibleDC(_v28));
								_push(_t457);
								_push(0x4349ea);
								_push( *[fs:eax]);
								 *[fs:eax] = _t460;
								_t455 = E0043294C(SelectObject(_v36, _v8));
								if(_v12 != 0) {
									_t422 = SelectPalette(_v36, _v12, 0);
									RealizePalette(_v36);
								}
								if(_a4 != 0) {
									SetTextColor(_v36, E004306C0( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc)) + 0x18))));
									SetBkColor(_v36, E004306C0(L004316B0( *((intOrPtr*)(_a4 + 0x14)))));
								}
								BitBlt(_v32, 0, 0,  *(_a8 + 4),  *(_a8 + 8), _v36, 0, 0, 0xcc0020);
								if(_v12 != 0) {
									SelectPalette(_v36, _t422, 0xffffffff);
								}
								E0043294C(SelectObject(_v36, _t455));
								_pop(_t445);
								 *[fs:eax] = _t445;
								_push(0x4349f1);
								return DeleteDC(_v36);
							}
						}
					} else {
						goto L58;
					}
				} else {
					L58:
					return _v20;
				}
			}

0x00434449
0x0043444b
0x00434451
0x00434454
0x00434457
0x0043445a
0x0043445f
0x00434469
0x0043448c
0x004344ab
0x004344b2
0x004344b9
0x004344d2
0x004344d2
0x004344e3
0x004344f4
0x004344f9
0x004344fa
0x004344ff
0x00434502
0x0043450c
0x00434576
0x0043457b
0x0043457c
0x00434581
0x00434584
0x0043458a
0x00434594
0x004345a2
0x004345aa
0x004345b7
0x004345bc
0x004345c3
0x004345c3
0x004345cd
0x004345d7
0x004345e2
0x004345eb
0x004345ee
0x004345f9
0x004346c9
0x004346d1
0x004346dc
0x004346e3
0x004346e8
0x004346f0
0x004346f0
0x004346fe
0x004346fe
0x004346d3
0x004346d3
0x004346da
0x00000000
0x00000000
0x004346da
0x004345ff
0x00434607
0x00434635
0x00434653
0x00434666
0x0043466d
0x004346a2
0x004346b2
0x00434675
0x00434687
0x0043468c
0x0043468f
0x0043468f
0x004346bf
0x004346bf
0x00434637
0x0043463a
0x0043463a
0x00434645
0x00434645
0x00434615
0x00434618
0x0043461a
0x00434626
0x00434626
0x00434607
0x0043471f
0x00434726
0x00434728
0x00434728
0x00434731
0x0043478c
0x0043478f
0x00434792
0x0043479f
0x00434756
0x00434766
0x00434776
0x0043477b
0x00434780
0x00000000
0x00434780
0x0043450e
0x00434520
0x00434564
0x00434522
0x00434540
0x00434540
0x004347aa
0x004347c1
0x004347c6
0x004347c7
0x004347cc
0x004347cf
0x004347d4
0x004347d5
0x004347da
0x004347dd
0x004347e2
0x004347e5
0x004347eb
0x004347fc
0x00434803
0x00434803
0x0043480a
0x0043480b
0x00434810
0x00434813
0x0043481a
0x004348f0
0x00434820
0x00434826
0x00434844
0x00434854
0x0043486c
0x00434886
0x00434893
0x004348ac
0x004348bf
0x004348ce
0x004348ce
0x00434893
0x004348f9
0x004349f3
0x004349f6
0x004349f9
0x00434a02
0x00000000
0x00434a0e
0x00434a13
0x004348ff
0x0043490d
0x00434912
0x00434913
0x00434918
0x0043491b
0x00434930
0x00434936
0x00434947
0x0043494d
0x0043494d
0x00434956
0x0043496b
0x00434985
0x00434985
0x004349ad
0x004349b6
0x004349bf
0x004349bf
0x004349ce
0x004349d5
0x004349d8
0x004349db
0x004349e9
0x004349e9
0x004348f9
0x00000000
0x00000000
0x00000000
0x00434a9d
0x00434a9d
0x00434aa6
0x00434aa6

APIs

GetObjectW.GDI32(00000000,00000054,?,00000000,?,00000000,?,00434C12,00000000,?,00000000,00434CC3,?,?,?,00000000), ref: 004344C8
GetDC.USER32(00000000), ref: 004344D9
CreateCompatibleDC.GDI32(00000000), ref: 004344EA
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00434536
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043455A
SelectObject.GDI32(?,?), ref: 004347B7
SelectPalette.GDI32(?,00000000,00000000), ref: 004347F7
RealizePalette.GDI32(?), ref: 00434803
SetTextColor.GDI32(?,00000000), ref: 0043486C
SetBkColor.GDI32(?,00000000), ref: 00434886
SetDIBColorTable.GDI32(?,00000000,00000002,?,?,00000000,?,00000000,?,00434A14,00434A14,?,00000000,00000000,00434A14), ref: 004348CE
FillRect.USER32 ref: 00434854

Part of subcall function 004306C0: GetSysColor.USER32(00432508), ref: 004306CA

PatBlt.GDI32(?,00000000,00000000,?,?,00FF0062), ref: 004348F0
CreateCompatibleDC.GDI32(00000000), ref: 00434903
SelectObject.GDI32(00434D0B,00000000), ref: 00434926
SelectPalette.GDI32(00434D0B,00000000,00000000), ref: 00434942
RealizePalette.GDI32(00434D0B), ref: 0043494D
SetTextColor.GDI32(00434D0B,00000000), ref: 0043496B
SetBkColor.GDI32(00434D0B,00000000), ref: 00434985
BitBlt.GDI32(?,00000000,00000000,?,?,00434D0B,00000000,00000000,00CC0020), ref: 004349AD
SelectPalette.GDI32(00434D0B,00000000,000000FF), ref: 004349BF
SelectObject.GDI32(00434D0B,00000000), ref: 004349C9
DeleteDC.GDI32(00434D0B), ref: 004349E4

Part of subcall function 0043170C: CreateBrushIndirect.GDI32(?), ref: 004317B7

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ColorSelect$CreatePalette$Object$Compatible$BitmapRealizeText$BrushDeleteFillIndirectRectTable
String ID:
API String ID: 1299887459-0
Opcode ID: a547df16d9d45c743b2e04442f89ff0603482c87bfc6ba3c0a06317c7910bba4
Instruction ID: f1df2df15a4d58b172ea2e73916dc75ef4af8a8e80b15d768e357f7c63fd91c8
Opcode Fuzzy Hash: a547df16d9d45c743b2e04442f89ff0603482c87bfc6ba3c0a06317c7910bba4
Instruction Fuzzy Hash: E812BB75A00208AFDB10EFA9C885F9E77B8EB4C314F159556F914EB2A2C778ED40CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00408174, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 152
stringlibraryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E00408174(WCHAR* __eax, int __edx) {
				WCHAR* _v8;
				int _v12;
				WCHAR* _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				short _v1134;
				signed int _t53;
				signed int _t54;
				signed int _t59;
				signed int _t60;
				signed int _t105;
				signed int _t106;
				intOrPtr* _t107;
				WCHAR* _t114;
				WCHAR* _t116;
				short* _t117;
				void* _t118;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_v20 = GetModuleHandleW(L"kernel32.dll");
				if(_v20 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t116 =  &(_v8[2]);
						goto L10;
					} else {
						if(_v8[1] == 0x5c) {
							_t117 = E00408150( &(_v8[2]));
							if( *_t117 != 0) {
								_t17 = _t117 + 2; // 0x2
								_t116 = E00408150(_t17);
								if( *_t116 != 0) {
									L10:
									_t105 = _t116 - _v8;
									_t106 = _t105 >> 1;
									if(_t105 < 0) {
										asm("adc ebx, 0x0");
									}
									lstrcpynW( &_v1134, _v8, _t106 + 1);
									while( *_t116 != 0) {
										_t114 = E00408150( &(_t116[1]));
										_t53 = _t114 - _t116;
										_t54 = _t53 >> 1;
										if(_t53 < 0) {
											asm("adc eax, 0x0");
										}
										if(_t54 + _t106 + 1 <= 0x105) {
											_t59 = _t114 - _t116;
											_t60 = _t59 >> 1;
											if(_t59 < 0) {
												asm("adc eax, 0x0");
											}
											lstrcpynW( &_v1134 + _t106 + _t106, _t116, _t60 + 1);
											_v20 = FindFirstFileW( &_v1134,  &_v612);
											if(_v20 != 0xffffffff) {
												FindClose(_v20);
												if(lstrlenW( &(_v612.cFileName)) + _t106 + 1 + 1 <= 0x105) {
													 *((short*)(_t118 + _t106 * 2 - 0x46a)) = 0x5c;
													lstrcpynW( &(( &_v1134 + _t106 + _t106)[1]),  &(_v612.cFileName), 0x105 - _t106 - 1);
													_t106 = _t106 + lstrlenW( &(_v612.cFileName)) + 1;
													_t116 = _t114;
													continue;
												}
											}
										}
										goto L23;
									}
									lstrcpynW(_v8,  &_v1134, _v12);
								}
							}
						}
					}
				} else {
					_t107 = GetProcAddress(_v20, "GetLongPathNameW");
					if(_t107 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v1134);
						_push(_v8);
						if( *_t107() == 0) {
							goto L4;
						} else {
							lstrcpynW(_v8,  &_v1134, _v12);
						}
					}
				}
				L23:
				return _v16;
			}

0x00408180
0x00408183
0x00408189
0x00408196
0x0040819d
0x004081e2
0x004081e9
0x00408229
0x00000000
0x004081eb
0x004081f3
0x00408204
0x0040820a
0x00408210
0x00408218
0x0040821e
0x0040822c
0x0040822e
0x00408231
0x00408233
0x00408235
0x00408235
0x00408247
0x00408316
0x00408259
0x0040825d
0x0040825f
0x00408261
0x00408263
0x00408263
0x0040826e
0x00408276
0x00408278
0x0040827a
0x0040827c
0x0040827c
0x0040828f
0x004082a7
0x004082ae
0x004082b8
0x004082d4
0x004082d6
0x00408300
0x00408312
0x00408314
0x00000000
0x00408314
0x004082d4
0x004082ae
0x00000000
0x0040826e
0x0040832f
0x0040832f
0x0040821e
0x0040820a
0x004081f3
0x0040819f
0x004081ad
0x004081b1
0x00000000
0x004081b3
0x004081b3
0x004081be
0x004081c2
0x004081c7
0x00000000
0x004081c9
0x004081d8
0x004081d8
0x004081c7
0x004081b1
0x00408334
0x0040833d

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,0040B314,00400000,005027F0), ref: 00408191
GetProcAddress.KERNEL32(?,GetLongPathNameW), ref: 004081A8
lstrcpynW.KERNEL32(?,?,?), ref: 004081D8
lstrcpynW.KERNEL32(?,?,?,kernel32.dll,0040B314,00400000,005027F0), ref: 00408247
lstrcpynW.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,0040B314,00400000,005027F0), ref: 0040828F
FindFirstFileW.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,0040B314,00400000,005027F0), ref: 004082A2
FindClose.KERNEL32(?,?,?,?,?,00000001,?,?,?,kernel32.dll,0040B314,00400000,005027F0), ref: 004082B8
lstrlenW.KERNEL32(?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,0040B314,00400000,005027F0), ref: 004082C4
lstrcpynW.KERNEL32(?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,0040B314,00400000), ref: 00408300
lstrlenW.KERNEL32(?,?,?,00000104,?,?,?,?,?,?,00000001,?,?,?,kernel32.dll,0040B314), ref: 0040830C
lstrcpynW.KERNEL32(?,?,?,?,?,?,00000104,?,?,?,?,?,?,00000001,?,?), ref: 0040832F

Strings

GetLongPathNameW, xrefs: 0040819F
kernel32.dll, xrefs: 0040818C
\, xrefs: 004082D6

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
String ID: GetLongPathNameW$\$kernel32.dll
API String ID: 3245196872-3908791685
Opcode ID: d23ac2dccd6c5904ed4ebb122041d1f5d384be88246b7f3bb0063985ae1c4c9b
Instruction ID: 250bcaa9846f6036ca752eb7000dfcf737f83f99ccb7def8f15fd4b0e8f234fa
Opcode Fuzzy Hash: d23ac2dccd6c5904ed4ebb122041d1f5d384be88246b7f3bb0063985ae1c4c9b
Instruction Fuzzy Hash: A3519472E005189BDB10EBE4CD85ADE73BCAF44310F1445BEA944F7290EB789E41CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004D8F68, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E004D8F68(void* __eax, void* __ebx, DWORD* __ecx, void* __edx, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				DWORD* _v16;
				struct _SHELLEXECUTEINFOW _v76;
				long _t41;
				intOrPtr _t69;
				void* _t71;
				void* _t73;
				void* _t74;
				intOrPtr _t75;

				_t73 = _t74;
				_t75 = _t74 + 0xffffffb8;
				_v8 = 0;
				_v12 = 0;
				_v16 = __ecx;
				_t71 = __edx;
				_t60 = __eax;
				_push(_t73);
				_push(0x4d90b7);
				 *[fs:eax] = _t75;
				E004D8D84(__eax, __ecx,  &_v8,  *[fs:eax]);
				E004D8E94( &_v12, _t60, _t71);
				L00403540( &_v76, 0x3c);
				_v76.cbSize = 0x3c;
				_v76.fMask = 0x800540;
				_v76.lpVerb = L"runas";
				_v76.lpFile = E004064D4(_v8);
				_v76.lpParameters = E004064D4(_t71);
				_v76.lpDirectory = E004064D4(_v12);
				_v76.nShow = 1;
				if(ShellExecuteExW( &_v76) == 0) {
					if(GetLastError() == 0x4c7) {
						L0041191C();
					}
					L004ADC34(L"ShellExecuteEx");
				}
				if(_v76.hProcess == 0) {
					L004ADAE0(L"ShellExecuteEx returned hProcess=0", _t60);
				}
				_push(_t73);
				_push(0x4d9095);
				_push( *[fs:edx]);
				 *[fs:edx] = _t75;
				do {
					E004D8A90();
					_t41 = MsgWaitForMultipleObjects(1,  &(_v76.hProcess), 0, 0xffffffff, 0xff);
				} while (_t41 == 1);
				if(_t41 == 0xffffffff) {
					L004ADC34(L"MsgWaitForMultipleObjects");
				}
				E004D8A90();
				if(GetExitCodeProcess(_v76.hProcess, _v16) == 0) {
					L004ADC34(L"GetExitCodeProcess");
				}
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E004D909C);
				return CloseHandle(_v76.hProcess);
			}

0x004d8f69
0x004d8f6b
0x004d8f72
0x004d8f75
0x004d8f78
0x004d8f7b
0x004d8f7d
0x004d8f81
0x004d8f82
0x004d8f8a
0x004d8f92
0x004d8f9a
0x004d8fa9
0x004d8fae
0x004d8fb5
0x004d8fc1
0x004d8fcc
0x004d8fd6
0x004d8fe1
0x004d8fe4
0x004d8ff6
0x004d9002
0x004d9004
0x004d9004
0x004d900e
0x004d900e
0x004d9017
0x004d901e
0x004d901e
0x004d9025
0x004d9026
0x004d902b
0x004d902e
0x004d9031
0x004d9031
0x004d9045
0x004d904a
0x004d9052
0x004d9059
0x004d9059
0x004d905e
0x004d9072
0x004d9079
0x004d9079
0x004d9080
0x004d9083
0x004d9086
0x004d9094

APIs

Part of subcall function 004D8D84: GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 004D8DB0
Part of subcall function 004D8D84: GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 004D8DC9
Part of subcall function 004D8D84: CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 004D8DF3
Part of subcall function 004D8D84: CloseHandle.KERNEL32(00000000), ref: 004D8E11

Part of subcall function 004D8E94: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,004D8F27,?,?,025C275C,?,004D8F9F,00000000,004D90B7,?,?,?), ref: 004D8EC3

ShellExecuteExW.SHELL32(0000003C), ref: 004D8FEF
GetLastError.KERNEL32(00000000,004D90B7,?,?,?), ref: 004D8FF8
MsgWaitForMultipleObjects.USER32 ref: 004D9045
GetExitCodeProcess.KERNEL32 ref: 004D906B
CloseHandle.KERNEL32(00000000,004D909C,00000000,00000000,000000FF,000000FF,00000000,004D9095,?,00000000,004D90B7,?,?,?), ref: 004D908F

Strings

ShellExecuteEx, xrefs: 004D9009
<, xrefs: 004D8FAE
runas, xrefs: 004D8FBC
GetExitCodeProcess, xrefs: 004D9074
MsgWaitForMultipleObjects, xrefs: 004D9054
ShellExecuteEx returned hProcess=0, xrefs: 004D9019

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Handle$CloseFile$AttributesCodeCreateCurrentDirectoryErrorExecuteExitLastModuleMultipleObjectsProcessShellWait
String ID: <$GetExitCodeProcess$MsgWaitForMultipleObjects$ShellExecuteEx$ShellExecuteEx returned hProcess=0$runas
API String ID: 254331816-221126205
Opcode ID: 88b7e8e2931dd48e293a83664960c397ea41088d5152feaac06ae0063b573678
Instruction ID: 0ceec1fc157af90cc67455280caa66068deec0621c71cd14981735221fdfa72d
Opcode Fuzzy Hash: 88b7e8e2931dd48e293a83664960c397ea41088d5152feaac06ae0063b573678
Instruction Fuzzy Hash: CA318270E04219AADF11EFA6D861A9EB6B8EB09318F50443FF514E6381DB7C8D00CB19

Uniqueness

Uniqueness Score: -1.00%

Function 004B00AC, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 42
shutdownCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004B00AC() {
				int _v4;
				struct _TOKEN_PRIVILEGES _v16;
				void* _v20;
				intOrPtr* _t6;
				int _t7;

				_t6 =  *0x505038; // 0x502914
				if( *_t6 != 2) {
					L5:
					_t7 = ExitWindowsEx(2, 0);
					asm("sbb eax, eax");
					return _t7 + 1;
				}
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v20) != 0) {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v16.Privileges));
					_v16.PrivilegeCount = 1;
					_v4 = 2;
					AdjustTokenPrivileges(_v20, 0,  &_v16, 0, 0, 0);
					if(GetLastError() == 0) {
						goto L5;
					}
					return 0;
				}
				return 0;
			}

0x004b00af
0x004b00b7
0x004b0114
0x004b0118
0x004b0120
0x00000000
0x004b0122
0x004b00c9
0x004b00db
0x004b00e0
0x004b00e8
0x004b0102
0x004b010e
0x00000000
0x00000000
0x00000000
0x004b0110
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 004B00BC
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 004B00C2
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 004B00DB
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000), ref: 004B0102
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 004B0107
ExitWindowsEx.USER32(00000002,00000000), ref: 004B0118

Strings

SeShutdownPrivilege, xrefs: 004B00D4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: ef9d41a7b5daaa718b69dd9ca2d444d7aee655285940df61ceddb449c0489ae7
Instruction ID: 2d82122e82644b5eda749e0f008ebc2aa4b636d5a7613be086f7d44d70cf5359
Opcode Fuzzy Hash: ef9d41a7b5daaa718b69dd9ca2d444d7aee655285940df61ceddb449c0489ae7
Instruction Fuzzy Hash: EEF0C8306453017AE614AA758C07FAF72C8AB44B05F50082AB640E61C3D7BED904863F

Uniqueness

Uniqueness Score: -1.00%

Function 004C0BC0, Relevance: 7.6, APIs: 5, Instructions: 133
fileCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E004C0BC0(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v9;
				int _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				char _v616;
				char _v620;
				char _v624;
				char _v628;
				intOrPtr _t40;
				intOrPtr _t88;
				intOrPtr _t103;
				intOrPtr _t109;
				intOrPtr _t112;
				void* _t114;
				void* _t116;
				void* _t118;
				void* _t119;
				intOrPtr _t120;

				_t114 = __edi;
				_t118 = _t119;
				_t120 = _t119 + 0xfffffd90;
				_push(__esi);
				_v624 = 0;
				_v628 = 0;
				_v620 = 0;
				_v616 = 0;
				_v8 = 0;
				_t88 = __edx;
				_t116 = __eax;
				_push(_t118);
				_push(0x4c0d8c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t120;
				_v16 = SetErrorMode(1);
				_push(_t118);
				_push(0x4c0d5f);
				_push( *[fs:edx]);
				 *[fs:edx] = _t120;
				_t40 = _t88;
				if(_t40 != 0) {
					_t40 =  *((intOrPtr*)(_t40 - 4));
				}
				if(_t40 != 3) {
					L6:
					_v9 = 1;
					E0047E290(_t88,  &_v620);
					E00406854( &_v620, 0x4c0dac,  &_v612);
					_v20 = FindFirstFileW(E004064D4(_v620), ??);
					if(_v20 == 0xffffffff) {
						_pop(_t103);
						 *[fs:eax] = _t103;
						_push(0x4c0d66);
						return SetErrorMode(_v16);
					} else {
						_push(_t118);
						_push(0x4c0d41);
						_push( *[fs:eax]);
						 *[fs:eax] = _t120;
						do {
							if(L004BF3EC( &_v612) != 0) {
								E00406640( &_v8, 0x104,  &(_v612.cFileName));
								E0047E290(_t88,  &_v628);
								E00406854( &_v628, _v8);
								L004BF530(_v628,  &_v624);
								E004C05DC( *((intOrPtr*)(_a4 - 4)), _v8, _t116, 0, _v624);
							}
						} while (FindNextFileW(_v20,  &_v612) != 0);
						_pop(_t109);
						 *[fs:eax] = _t109;
						_push(0x4c0d48);
						return FindClose(_v20);
					}
				} else {
					if(L004BF870(_t88, _t114, _t116) != 0) {
						L004BF530(_t88,  &_v616);
						E004C0FEC( *((intOrPtr*)(_a4 - 4)), _v616, _t116);
						goto L6;
					} else {
						_v9 = 0;
						E00404B68();
						_pop(_t112);
						 *[fs:eax] = _t112;
						_push(0x4c0d93);
						L00406440( &_v628, 4);
						return L00406438( &_v8);
					}
				}
			}

0x004c0bc0
0x004c0bc1
0x004c0bc3
0x004c0bca
0x004c0bcd
0x004c0bd3
0x004c0bd9
0x004c0bdf
0x004c0be5
0x004c0be8
0x004c0bea
0x004c0bee
0x004c0bef
0x004c0bf4
0x004c0bf7
0x004c0c01
0x004c0c06
0x004c0c07
0x004c0c0c
0x004c0c0f
0x004c0c12
0x004c0c16
0x004c0c1b
0x004c0c1b
0x004c0c20
0x004c0c5b
0x004c0c5b
0x004c0c6e
0x004c0c7e
0x004c0c94
0x004c0c9b
0x004c0d4a
0x004c0d4d
0x004c0d50
0x004c0d5e
0x004c0ca1
0x004c0ca3
0x004c0ca4
0x004c0ca9
0x004c0cac
0x004c0caf
0x004c0cbc
0x004c0ccc
0x004c0cd9
0x004c0ce7
0x004c0cf8
0x004c0d11
0x004c0d11
0x004c0d26
0x004c0d2c
0x004c0d2f
0x004c0d32
0x004c0d40
0x004c0d40
0x004c0c22
0x004c0c2b
0x004c0c43
0x004c0c56
0x00000000
0x004c0c2d
0x004c0c2d
0x004c0c31
0x004c0d68
0x004c0d6b
0x004c0d6e
0x004c0d7e
0x004c0d8b
0x004c0d8b
0x004c0c2b

APIs

FindFirstFileW.KERNEL32(00000000,?,00000000,004C0D5F,?,00000001,00000000,004C0D8C), ref: 004C0C8F
SetErrorMode.KERNEL32(00000001,00000000,004C0D8C), ref: 004C0BFC

Part of subcall function 004BF530: SHGetFileInfoW.SHELL32(00000000,00000000,?,000002B4,00000200), ref: 004BF555

Part of subcall function 004C0FEC: SendMessageW.USER32(00000000,0000113F,00000000), ref: 004C1037

FindNextFileW.KERNEL32(000000FF,?,00000000,004C0D41,?,00000000,?,00000000,004C0D5F,?,00000001,00000000,004C0D8C), ref: 004C0D21
FindClose.KERNEL32(000000FF,004C0D48,004C0D41,?,00000000,?,00000000,004C0D5F,?,00000001,00000000,004C0D8C), ref: 004C0D3B

Part of subcall function 004C05DC: SendMessageW.USER32(00000000,00001132,00000000,?), ref: 004C06C2

SetErrorMode.KERNEL32(?,004C0D66,004C0D5F,?,00000001,00000000,004C0D8C), ref: 004C0D59

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileFind$ErrorMessageModeSend$CloseFirstInfoNext
String ID:
API String ID: 2376185272-0
Opcode ID: 533ee44c0d0b3ee8ec863e2940adb7a47ed5ab89265e936dad62646711958313
Instruction ID: 7e4bd4ec4f0f77a230d10517dd002f12573b4f33877a00e5ba4ab44c0602116b
Opcode Fuzzy Hash: 533ee44c0d0b3ee8ec863e2940adb7a47ed5ab89265e936dad62646711958313
Instruction Fuzzy Hash: B6419035A08218DFCB50EFA5CC85A9EB7B9EB48304F5045FEF409A7381D739AE45CA58

Uniqueness

Uniqueness Score: -1.00%

Function 004C107C, Relevance: 7.6, APIs: 5, Instructions: 132
fileCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E004C107C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				int _v16;
				void* _v20;
				struct _WIN32_FIND_DATAW _v612;
				char _v616;
				char _v620;
				char _v624;
				char _v628;
				char _v632;
				void* _t58;
				void* _t93;
				struct _WIN32_FIND_DATAW* _t105;
				struct _WIN32_FIND_DATAW* _t108;
				void* _t116;
				void* _t119;
				void* _t121;
				void* _t123;
				void* _t124;
				struct _WIN32_FIND_DATAW* _t125;

				_t94 = __ecx;
				_t123 = _t124;
				_t125 = _t124 + 0xfffffd8c;
				_push(__ebx);
				_push(__esi);
				_v628 = 0;
				_v632 = 0;
				_v624 = 0;
				_v616 = 0;
				_v620 = 0;
				_v8 = 0;
				_v12 = 0;
				_t119 = __ecx;
				_t93 = __edx;
				_t121 = __eax;
				_push(_t123);
				_push(0x4c1272);
				_push( *[fs:eax]);
				 *[fs:eax] = _t125;
				_t126 = __ecx;
				if(__ecx != 0) {
					E0047E824(__ecx, __ecx,  &_v616);
					_push(_v616);
					E0047E290(_t93,  &_v620);
					_pop(_t116);
					if(E0047E4A8(_v620, _t93, _t94, _t116, _t121, _t126) == 0) {
						E0047E7FC(_t119, _t94,  &_v8);
					}
				}
				_v16 = SetErrorMode(1);
				_push(_t123);
				_push(0x4c1240);
				 *[fs:eax] = _t125;
				E0047E290(_t93,  &_v624);
				E00406854( &_v624, 0x4c128c,  &_v612);
				_v20 = FindFirstFileW(E004064D4(_v624),  *[fs:eax]);
				if(_v20 == 0xffffffff) {
					__eflags = 0;
					_pop(_t105);
					 *[fs:eax] = _t105;
					_push(0x4c1247);
					return SetErrorMode(_v16);
				} else {
					_push(_t123);
					_push(0x4c1222);
					_push( *[fs:eax]);
					 *[fs:eax] = _t125;
					do {
						_t58 = L004BF3EC( &_v612);
						_t130 = _t58;
						if(_t58 != 0) {
							E00406640( &_v12, 0x104,  &(_v612.cFileName));
							if(E0047E4A8(_v12, _t93, 0x104, _v8, _t121, _t130) != 0 && E004C06D0( *((intOrPtr*)(_a4 - 4)), _v12, _t121) == 0) {
								E0047E290(_t93,  &_v632);
								E00406854( &_v632, _v12);
								L004BF530(_v632,  &_v628);
								E004C05DC( *((intOrPtr*)(_a4 - 4)), _v12, _t121, 0, _v628);
							}
						}
					} while (FindNextFileW(_v20,  &_v612) != 0);
					_pop(_t108);
					 *[fs:eax] = _t108;
					_push(0x4c1229);
					return FindClose(_v20);
				}
			}

0x004c107c
0x004c107d
0x004c107f
0x004c1085
0x004c1086
0x004c108a
0x004c1090
0x004c1096
0x004c109c
0x004c10a2
0x004c10a8
0x004c10ab
0x004c10ae
0x004c10b0
0x004c10b2
0x004c10b6
0x004c10b7
0x004c10bc
0x004c10bf
0x004c10c2
0x004c10c4
0x004c10ce
0x004c10d9
0x004c10e2
0x004c10ed
0x004c10f5
0x004c10fc
0x004c10fc
0x004c10f5
0x004c1108
0x004c110d
0x004c110e
0x004c1116
0x004c1128
0x004c1138
0x004c114e
0x004c1155
0x004c1229
0x004c122b
0x004c122e
0x004c1231
0x004c123f
0x004c115b
0x004c115d
0x004c115e
0x004c1163
0x004c1166
0x004c1169
0x004c116f
0x004c1174
0x004c1176
0x004c1186
0x004c1198
0x004c11b6
0x004c11c4
0x004c11d5
0x004c11ee
0x004c11ee
0x004c1198
0x004c1203
0x004c120d
0x004c1210
0x004c1213
0x004c1221
0x004c1221

APIs

SetErrorMode.KERNEL32(00000001,00000000,004C1272), ref: 004C1103
FindFirstFileW.KERNEL32(00000000,?,00000000,004C1240,?,00000001,00000000,004C1272), ref: 004C1149
FindNextFileW.KERNEL32(000000FF,?,00000000,004C1222,?,00000000,?,00000000,004C1240,?,00000001,00000000,004C1272), ref: 004C11FE
FindClose.KERNEL32(000000FF,004C1229,004C1222,?,00000000,?,00000000,004C1240,?,00000001,00000000,004C1272), ref: 004C121C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Find$File$CloseErrorFirstModeNext
String ID:
API String ID: 4011626565-0
Opcode ID: 4fcc882513897c6fdb4f92f068723be0bd7c979de30b9bd6cf79b5c7838bb8e6
Instruction ID: 2a8789369dbeb2033d079400e39f2ab1ede8b867783cb7895bd506eac8688779
Opcode Fuzzy Hash: 4fcc882513897c6fdb4f92f068723be0bd7c979de30b9bd6cf79b5c7838bb8e6
Instruction Fuzzy Hash: DC415239A042189FCB10EF66CC85A9EB7B8FB49314F5085EEE808E3352D7399E45CE54

Uniqueness

Uniqueness Score: -1.00%

Function 004808CC, Relevance: 7.5, APIs: 5, Instructions: 49
fileCOMMON

Download Yara Rule

C-Code - Quality: 88%

			E004808CC(void* __eax, void* __ecx, signed char __edx) {
				long _v16;
				int _t12;
				long _t14;
				signed char _t16;
				void* _t17;
				void* _t23;

				_t16 = __edx;
				_t23 = CreateFileW(E004064D4(__eax), 0xc0000000, 1, 0, 3, 0x2000000, 0);
				if(_t23 == 0xffffffff) {
					_t17 = 0;
				} else {
					_t12 = DeviceIoControl(_t23, 0x9c040, 0x503ddc + (_t16 & 0x000000ff) * 2, 2, 0, 0,  &_v16, 0);
					asm("sbb eax, eax");
					_t17 = _t12 + 1;
					_t14 = GetLastError();
					CloseHandle(_t23);
					SetLastError(_t14);
				}
				return _t17;
			}

0x004808d0
0x004808f3
0x004808f8
0x0048093a
0x004808fa
0x00480918
0x00480920
0x00480923
0x00480925
0x0048092d
0x00480933
0x00480933
0x00480942

APIs

CreateFileW.KERNEL32(00000000,C0000000,00000001,00000000,00000003,02000000,00000000,?,?,?,?,004AD778,00000000,004AD799), ref: 004808EE
DeviceIoControl.KERNEL32 ref: 00480918
GetLastError.KERNEL32(00000000,0009C040,?,00000002,00000000,00000000,?,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000), ref: 00480925
CloseHandle.KERNEL32(00000000,00000000,0009C040,?,00000002,00000000,00000000,?,00000000,00000000,C0000000,00000001,00000000,00000003,02000000,00000000), ref: 0048092D
SetLastError.KERNEL32(00000000,00000000,00000000,0009C040,?,00000002,00000000,00000000,?,00000000,00000000,C0000000,00000001,00000000,00000003,02000000), ref: 00480933

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast$CloseControlCreateDeviceFileHandle
String ID:
API String ID: 1177325624-0
Opcode ID: eba49109ab4412aa03c078146b95e6a817892ca5320b90857e4067fed9350521
Instruction ID: 757201d374c544a68746b83c475efb3820bba70b78ff77d633849ce88f686b7b
Opcode Fuzzy Hash: eba49109ab4412aa03c078146b95e6a817892ca5320b90857e4067fed9350521
Instruction Fuzzy Hash: 43F06DB279422039F121626A1C82FBF118C9B85BA8F51453AF604FB1D2D5A99D0A526D

Uniqueness

Uniqueness Score: -1.00%

Function 004328A4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
windowCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E004328A4(void* __ebx) {
				short _v516;
				char _v520;
				long _t21;
				void* _t22;
				intOrPtr _t27;
				void* _t32;

				_v520 = 0;
				_push(_t32);
				_push(0x432940);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32 + 0xfffffdfc;
				_t21 = GetLastError();
				if(_t21 == 0 || FormatMessageW(0x1000, 0, _t21, 0x400,  &_v516, 0x100, 0) == 0) {
					E00432850(_t22);
				} else {
					E00406640( &_v520, 0x100,  &_v516);
					L00411930(_v520, 1);
					E00404A74();
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(0x432947);
				return L00406438( &_v520);
			}

0x004328b0
0x004328b8
0x004328b9
0x004328be
0x004328c1
0x004328c9
0x004328cd
0x00432922
0x004328f3
0x00432904
0x00432916
0x0043291b
0x0043291b
0x00432929
0x0043292c
0x0043292f
0x0043293f

APIs

GetLastError.KERNEL32(00000000,00432940,?,00000000,?,00432958,00000000,00434B6B,00000000,00000000,00434D0B,?,00000000,00000054,?,00000000), ref: 004328C4
FormatMessageW.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,00432940,?,00000000,?,00432958,00000000,00434B6B,00000000), ref: 004328EA

Strings

8B, xrefs: 00432911

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID: 8B
API String ID: 3479602957-4165284811
Opcode ID: b9b18f56e8c7b98fc6c45eea2eb42fcaaf3aa21852c179f19d793cb319631204
Instruction ID: 287b00f6fbc44408d1deb48b84d0f04d1ce37634cb89fa4247d01634c909129f
Opcode Fuzzy Hash: b9b18f56e8c7b98fc6c45eea2eb42fcaaf3aa21852c179f19d793cb319631204
Instruction Fuzzy Hash: 9001ACB07047095AE721FB618D52BDA72ACDF0C704F9140BBB604A62D2DAB8AD41891C

Uniqueness

Uniqueness Score: -1.00%

Function 0047A500, Relevance: 4.5, APIs: 3, Instructions: 33
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047A500(void* __edx) {
				struct tagPOINT _v12;
				void* _t5;
				long _t6;
				void* _t17;
				void* _t20;

				_t20 = __edx;
				 *0x50b18c = GetCurrentThreadId();
				L5:
				_t5 =  *0x50b190; // 0x0
				_t6 = WaitForSingleObject(_t5, 0x64);
				if(_t6 == 0x102) {
					if( *0x50b17c != 0 &&  *((intOrPtr*)( *0x50b17c + 0x5c)) != 0) {
						GetCursorPos( &_v12);
						if(L00459528( &_v12) == 0) {
							L0047D598( *0x50b17c, _t17, _t20);
						}
					}
					goto L5;
				}
				return _t6;
			}

0x0047a500
0x0047a511
0x0047a541
0x0047a543
0x0047a549
0x0047a553
0x0047a51b
0x0047a529
0x0047a538
0x0047a53c
0x0047a53c
0x0047a538
0x00000000
0x0047a51b
0x0047a559

APIs

GetCurrentThreadId.KERNEL32 ref: 0047A50C
GetCursorPos.USER32(?,00000000,00000064), ref: 0047A529
WaitForSingleObject.KERNEL32(00000000,00000064), ref: 0047A549

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CurrentCursorObjectSingleThreadWait
String ID:
API String ID: 1359611202-0
Opcode ID: c3825cbfbb0fce71f61fa2a5937f100f6191f94a8ccc55f7865f3cb6f4fafa16
Instruction ID: b085e44beee730e3645b7972984611c6b32b386b080458ef1046c60807020b85
Opcode Fuzzy Hash: c3825cbfbb0fce71f61fa2a5937f100f6191f94a8ccc55f7865f3cb6f4fafa16
Instruction Fuzzy Hash: 5BF0B431544304AAEB14A766D886BDE33E8FB45314F504027E504972D2D77C9C50CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004629EC, Relevance: 3.1, APIs: 2, Instructions: 64
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004629EC(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr _v8;
				void* __ecx;
				void* _t25;
				intOrPtr* _t31;
				void* _t34;
				intOrPtr* _t37;
				void* _t46;

				_v8 = __edx;
				_t37 = __eax;
				if(( *(_v8 + 4) & 0x0000fff0) != 0xf100 ||  *((short*)(_v8 + 8)) == 0x20 ||  *((short*)(_v8 + 8)) == 0x2d || IsIconic( *(__eax + 0x24c)) != 0 || GetCapture() != 0) {
					L8:
					if(( *(_v8 + 4) & 0x0000fff0) != 0xf100) {
						L10:
						return  *((intOrPtr*)( *_t37 - 0x10))();
					}
					_t25 = E0046293C(_t37, _t46);
					if(_t25 == 0) {
						goto L10;
					}
				} else {
					_t31 =  *0x504e38; // 0x50b17c
					if(_t37 ==  *((intOrPtr*)( *_t31 + 0x40))) {
						goto L8;
					} else {
						_t34 = E004710A8(_t37);
						_t45 = _t34;
						if(_t34 == 0) {
							goto L8;
						} else {
							_t25 = E0045C458(_t45, 0, 0xb017, _v8);
							if(_t25 == 0) {
								goto L8;
							}
						}
					}
				}
				return _t25;
			}

0x004629f2
0x004629f5
0x00462a07
0x00462a67
0x00462a77
0x00462a86
0x00000000
0x00462a8d
0x00462a7c
0x00462a84
0x00000000
0x00000000
0x00462a36
0x00462a36
0x00462a40
0x00000000
0x00462a42
0x00462a46
0x00462a4b
0x00462a4f
0x00000000
0x00462a51
0x00462a5e
0x00462a65
0x00000000
0x00000000
0x00462a65
0x00462a4f
0x00462a40
0x00462a94

APIs

IsIconic.USER32(?), ref: 00462A24
GetCapture.USER32 ref: 00462A2D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CaptureIconic
String ID:
API String ID: 2277910766-0
Opcode ID: 201650b5fbd0e2d90c744b81722c7441c4f55fc64f4f176e00ec4b6230af2621
Instruction ID: 5ad91f7f634b7bc75800b6c2637611c91fc1552889c671418f97189261b6e815
Opcode Fuzzy Hash: 201650b5fbd0e2d90c744b81722c7441c4f55fc64f4f176e00ec4b6230af2621
Instruction Fuzzy Hash: 05115E32B10605ABDB30DB99CA85D6A73E4EF04308B24407AE404DB752E7BCEE449759

Uniqueness

Uniqueness Score: -1.00%

Function 004B2868, Relevance: 3.0, APIs: 2, Instructions: 20
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004B2868(struct _SYSTEMTIME* __eax, void* __ecx) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME* _t11;
				void* _t17;

				_t11 = __eax;
				GetSystemTimeAsFileTime( &_v12);
				L00481940( &_v12, 0x50bc4c, _t17);
				return FileTimeToSystemTime( &_v12, _t11);
			}

0x004b286f
0x004b2875
0x004b2882
0x004b2895

APIs

GetSystemTimeAsFileTime.KERNEL32(00000000,0050B17C), ref: 004B2875
FileTimeToSystemTime.KERNEL32(00000000,000000EC,00000000,0050B17C), ref: 004B288C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: 8df3344a1913a510bd2bcbf171e22cdea64415c61be7cbee4416e66eadbfa6e2
Instruction ID: 9f6a24f4defc00cb3f60560b239b7d9862f6860e6d10b1eeb03a0992580cee41
Opcode Fuzzy Hash: 8df3344a1913a510bd2bcbf171e22cdea64415c61be7cbee4416e66eadbfa6e2
Instruction Fuzzy Hash: 5BD09BB251820C6ADF04B6E59CC68CF77DCA604224B500677A514A21D2FF75AB45465D

Uniqueness

Uniqueness Score: -1.00%

Function 00470A2C, Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00470A48

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Iconic
String ID:
API String ID: 110040809-0
Opcode ID: f76e5970be86353728f5777092b2c2d2ddc29d7ef8c624a474a584325eb60d3a
Instruction ID: 43d3b676a681cc8dd192a57e008d754785de3d61f70c2e5714767b9bbbcc4d3d
Opcode Fuzzy Hash: f76e5970be86353728f5777092b2c2d2ddc29d7ef8c624a474a584325eb60d3a
Instruction Fuzzy Hash: 78C01270510140CBDB01D738C4D0E893375B765305FE08696E00887452C338DC49D694

Uniqueness

Uniqueness Score: -1.00%

Function 00438998, Relevance: 86.0, APIs: 1, Strings: 48, Instructions: 268
libraryCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E00438998(void* __ebx) {
				char _v5;
				intOrPtr* _t3;
				intOrPtr* _t6;
				void* _t105;
				intOrPtr _t110;
				void* _t112;
				void* _t113;
				intOrPtr _t115;

				_t3 =  *0x50b02c; // 0x25df568
				 *((intOrPtr*)( *_t3))(__ebx, _t105, _t113);
				_push(_t115);
				_push(0x438d4a);
				_push( *[fs:edx]);
				 *[fs:edx] = _t115;
				 *0x50b028 =  *0x50b028 + 1;
				if( *0x50b024 == 0) {
					 *0x50b024 = LoadLibraryW(L"uxtheme.dll");
					if( *0x50b024 > 0) {
						 *0x50af64 = E00409620(0x50b024, _t112,  *0x50b024, L"OpenThemeData");
						 *0x50af68 = E00409620(0x50b024, _t112,  *0x50b024, L"CloseThemeData");
						 *0x50af6c = E00409620(0x50b024, _t112,  *0x50b024, L"DrawThemeBackground");
						 *0x50af70 = E00409620(0x50b024, _t112,  *0x50b024, L"DrawThemeText");
						 *0x50af74 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeBackgroundContentRect");
						 *0x50af78 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeBackgroundExtent");
						 *0x50af7c = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemePartSize");
						 *0x50af80 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeTextExtent");
						 *0x50af84 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeTextMetrics");
						 *0x50af88 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeBackgroundRegion");
						 *0x50af8c = E00409620(0x50b024, _t112,  *0x50b024, L"HitTestThemeBackground");
						 *0x50af90 = E00409620(0x50b024, _t112,  *0x50b024, L"DrawThemeEdge");
						 *0x50af94 = E00409620(0x50b024, _t112,  *0x50b024, L"DrawThemeIcon");
						 *0x50af98 = E00409620(0x50b024, _t112,  *0x50b024, L"IsThemePartDefined");
						 *0x50af9c = E00409620(0x50b024, _t112,  *0x50b024, L"IsThemeBackgroundPartiallyTransparent");
						 *0x50afa0 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeColor");
						 *0x50afa4 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeMetric");
						 *0x50afa8 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeString");
						 *0x50afac = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeBool");
						 *0x50afb0 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeInt");
						 *0x50afb4 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeEnumValue");
						 *0x50afb8 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemePosition");
						 *0x50afbc = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeFont");
						 *0x50afc0 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeRect");
						 *0x50afc4 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeMargins");
						 *0x50afc8 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeIntList");
						 *0x50afcc = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemePropertyOrigin");
						 *0x50afd0 = E00409620(0x50b024, _t112,  *0x50b024, L"SetWindowTheme");
						 *0x50afd4 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeFilename");
						 *0x50afd8 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysColor");
						 *0x50afdc = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysColorBrush");
						 *0x50afe0 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysBool");
						 *0x50afe4 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysSize");
						 *0x50afe8 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysFont");
						 *0x50afec = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysString");
						 *0x50aff0 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeSysInt");
						 *0x50aff4 = E00409620(0x50b024, _t112,  *0x50b024, L"IsThemeActive");
						 *0x50aff8 = E00409620(0x50b024, _t112,  *0x50b024, L"IsAppThemed");
						 *0x50affc = E00409620(0x50b024, _t112,  *0x50b024, L"GetWindowTheme");
						 *0x50b000 = E00409620(0x50b024, _t112,  *0x50b024, L"EnableThemeDialogTexture");
						 *0x50b004 = E00409620(0x50b024, _t112,  *0x50b024, L"IsThemeDialogTextureEnabled");
						 *0x50b008 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeAppProperties");
						 *0x50b00c = E00409620(0x50b024, _t112,  *0x50b024, L"SetThemeAppProperties");
						 *0x50b010 = E00409620(0x50b024, _t112,  *0x50b024, L"GetCurrentThemeName");
						 *0x50b014 = E00409620(0x50b024, _t112,  *0x50b024, L"GetThemeDocumentationProperty");
						 *0x50b018 = E00409620(0x50b024, _t112,  *0x50b024, L"DrawThemeParentBackground");
						 *0x50b01c = E00409620(0x50b024, _t112,  *0x50b024, L"EnableTheming");
					}
				}
				_v5 =  *0x50b024 > 0;
				_pop(_t110);
				 *[fs:eax] = _t110;
				_t6 =  *0x50b02c; // 0x25df568
				return  *((intOrPtr*)( *_t6 + 4))(0x438d51);
			}

0x004389a2
0x004389a9
0x004389ad
0x004389ae
0x004389b3
0x004389b6
0x004389b9
0x004389c2
0x004389d2
0x004389d7
0x004389ea
0x004389fc
0x00438a0e
0x00438a20
0x00438a32
0x00438a44
0x00438a56
0x00438a68
0x00438a7a
0x00438a8c
0x00438a9e
0x00438ab0
0x00438ac2
0x00438ad4
0x00438ae6
0x00438af8
0x00438b0a
0x00438b1c
0x00438b2e
0x00438b40
0x00438b52
0x00438b64
0x00438b76
0x00438b88
0x00438b9a
0x00438bac
0x00438bbe
0x00438bd0
0x00438be2
0x00438bf4
0x00438c06
0x00438c18
0x00438c2a
0x00438c3c
0x00438c4e
0x00438c60
0x00438c72
0x00438c84
0x00438c96
0x00438ca8
0x00438cba
0x00438ccc
0x00438cde
0x00438cf0
0x00438d02
0x00438d14
0x00438d26
0x00438d26
0x004389d7
0x00438d2e
0x00438d34
0x00438d37
0x00438d3f
0x00438d49

APIs

LoadLibraryW.KERNEL32(uxtheme.dll,00000000,00438D4A), ref: 004389CD

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,00000000), ref: 00409666

Strings

SetWindowTheme, xrefs: 00438BC3
GetThemeSysInt, xrefs: 00438C53
GetThemeBackgroundExtent, xrefs: 00438A37
DrawThemeText, xrefs: 00438A13
DrawThemeIcon, xrefs: 00438AB5
uxtheme.dll, xrefs: 004389C8
EnableTheming, xrefs: 00438D19
GetThemeInt, xrefs: 00438B33
GetThemeTextMetrics, xrefs: 00438A6D
GetThemeMargins, xrefs: 00438B8D
GetThemePropertyOrigin, xrefs: 00438BB1
GetThemeSysString, xrefs: 00438C41
OpenThemeData, xrefs: 004389DD
GetThemeSysFont, xrefs: 00438C2F
GetThemeFont, xrefs: 00438B69
GetThemeAppProperties, xrefs: 00438CBF
DrawThemeBackground, xrefs: 00438A01
HitTestThemeBackground, xrefs: 00438A91
GetThemeSysSize, xrefs: 00438C1D
GetThemePartSize, xrefs: 00438A49
IsAppThemed, xrefs: 00438C77
EnableThemeDialogTexture, xrefs: 00438C9B
IsThemeDialogTextureEnabled, xrefs: 00438CAD
DrawThemeParentBackground, xrefs: 00438D07
GetThemeRect, xrefs: 00438B7B
GetThemeBool, xrefs: 00438B21
GetThemeFilename, xrefs: 00438BD5
GetThemeString, xrefs: 00438B0F
GetThemeEnumValue, xrefs: 00438B45
CloseThemeData, xrefs: 004389EF
SetThemeAppProperties, xrefs: 00438CD1
GetWindowTheme, xrefs: 00438C89
GetCurrentThemeName, xrefs: 00438CE3
GetThemePosition, xrefs: 00438B57
GetThemeBackgroundContentRect, xrefs: 00438A25
IsThemeActive, xrefs: 00438C65
GetThemeSysColorBrush, xrefs: 00438BF9
GetThemeMetric, xrefs: 00438AFD
GetThemeColor, xrefs: 00438AEB
GetThemeSysColor, xrefs: 00438BE7
GetThemeIntList, xrefs: 00438B9F
IsThemeBackgroundPartiallyTransparent, xrefs: 00438AD9
GetThemeBackgroundRegion, xrefs: 00438A7F
DrawThemeEdge, xrefs: 00438AA3
GetThemeTextExtent, xrefs: 00438A5B
GetThemeDocumentationProperty, xrefs: 00438CF5
IsThemePartDefined, xrefs: 00438AC7
GetThemeSysBool, xrefs: 00438C0B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundExtent$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
API String ID: 2238633743-1748089680
Opcode ID: 9bcecffcbfd86346d01e5b775dba036659bba963af8624f9faf22e7e539e0a52
Instruction ID: 03dfae092b75d818a524d512a0b8bfda9bd8a64c44f972164b7d9b039d1d0e58
Opcode Fuzzy Hash: 9bcecffcbfd86346d01e5b775dba036659bba963af8624f9faf22e7e539e0a52
Instruction Fuzzy Hash: 30A1A5B4A40B11AFDB04EFB5EC86E2A37A8EB19704B10197BB400DF296D77D9C04DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004A4EC4, Relevance: 84.3, APIs: 1, Strings: 47, Instructions: 280
libraryCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E004A4EC4(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _t121;
				intOrPtr _t128;

				_t125 = __esi;
				_push(0);
				_push(0);
				_push(__ebx);
				_push(_t128);
				_push(0x4a52a5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t128;
				 *0x50b2c8 =  *0x50b2c8 + 1;
				if( *0x50b2c4 == 0) {
					E004A4E40();
					if(0 != 0) {
						E004A4E94( &_v12);
						E0047E290(_v12,  &_v8);
						E00406854( &_v8, L"uxtheme.dll");
						LoadLibraryW(E004064D4(_v8));
						 *0x50b2c4 = 0;
						if( *0x50b2c4 != 0) {
							 *0x50b208 = E00409620(0x50b2c4, __esi,  *0x50b2c4, L"OpenThemeData");
							 *0x50b20c = E00409620(0x50b2c4, __esi,  *0x50b2c4, L"CloseThemeData");
							 *0x50b210 = E00409620(0x50b2c4, __esi,  *0x50b2c4, L"DrawThemeBackground");
							 *0x50b214 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"DrawThemeText");
							 *0x50b218 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeBackgroundContentRect");
							 *0x50b21c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeBackgroundContentRect");
							 *0x50b220 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemePartSize");
							 *0x50b224 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeTextExtent");
							 *0x50b228 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeTextMetrics");
							 *0x50b22c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeBackgroundRegion");
							 *0x50b230 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"HitTestThemeBackground");
							 *0x50b234 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"DrawThemeEdge");
							 *0x50b238 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"DrawThemeIcon");
							 *0x50b23c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"IsThemePartDefined");
							 *0x50b240 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"IsThemeBackgroundPartiallyTransparent");
							 *0x50b244 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeColor");
							 *0x50b248 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeMetric");
							 *0x50b24c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeString");
							 *0x50b250 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeBool");
							 *0x50b254 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeInt");
							 *0x50b258 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeEnumValue");
							 *0x50b25c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemePosition");
							 *0x50b260 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeFont");
							 *0x50b264 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeRect");
							 *0x50b268 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeMargins");
							 *0x50b26c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeIntList");
							 *0x50b270 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemePropertyOrigin");
							 *0x50b274 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"SetWindowTheme");
							 *0x50b278 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeFilename");
							 *0x50b27c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysColor");
							 *0x50b280 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysColorBrush");
							 *0x50b284 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysBool");
							 *0x50b288 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysSize");
							 *0x50b28c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysFont");
							 *0x50b290 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysString");
							 *0x50b294 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeSysInt");
							 *0x50b298 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"IsThemeActive");
							 *0x50b29c = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"IsAppThemed");
							 *0x50b2a0 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetWindowTheme");
							 *0x50b2a4 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"EnableThemeDialogTexture");
							 *0x50b2a8 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"IsThemeDialogTextureEnabled");
							 *0x50b2ac = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeAppProperties");
							 *0x50b2b0 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"SetThemeAppProperties");
							 *0x50b2b4 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetCurrentThemeName");
							 *0x50b2b8 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"GetThemeDocumentationProperty");
							 *0x50b2bc = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"DrawThemeParentBackground");
							_t9 = E00409620(0x50b2c4, _t125,  *0x50b2c4, L"EnableTheming");
							 *0x50b2c0 = 0;
						}
					}
				}
				_pop(_t121);
				 *[fs:eax] = _t121;
				_push(0x4a52ac);
				return L00406440( &_v12, 2);
			}

0x004a4ec4
0x004a4ec7
0x004a4ec9
0x004a4ecb
0x004a4ed3
0x004a4ed4
0x004a4ed9
0x004a4edc
0x004a4edf
0x004a4ee8
0x004a4eee
0x004a4ef5
0x004a4efe
0x004a4f09
0x004a4f16
0x004a4f24
0x004a4f29
0x004a4f2e
0x004a4f41
0x004a4f53
0x004a4f65
0x004a4f77
0x004a4f89
0x004a4f9b
0x004a4fad
0x004a4fbf
0x004a4fd1
0x004a4fe3
0x004a4ff5
0x004a5007
0x004a5019
0x004a502b
0x004a503d
0x004a504f
0x004a5061
0x004a5073
0x004a5085
0x004a5097
0x004a50a9
0x004a50bb
0x004a50cd
0x004a50df
0x004a50f1
0x004a5103
0x004a5115
0x004a5127
0x004a5139
0x004a514b
0x004a515d
0x004a516f
0x004a5181
0x004a5193
0x004a51a5
0x004a51b7
0x004a51c9
0x004a51db
0x004a51ed
0x004a51ff
0x004a5211
0x004a5223
0x004a5235
0x004a5247
0x004a5259
0x004a526b
0x004a5278
0x004a527d
0x004a527d
0x004a4f2e
0x004a4ef5
0x004a528c
0x004a528f
0x004a5292
0x004a52a4

APIs

Part of subcall function 004A4E40: GetVersionExW.KERNEL32(00000114), ref: 004A4E5D

Part of subcall function 004A4E94: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004A4EAC

LoadLibraryW.KERNEL32(00000000,00000000,004A52A5,?,?,00000000,00000000), ref: 004A4F24

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,00000000), ref: 00409666

Strings

SetThemeAppProperties, xrefs: 004A5228
IsThemeActive, xrefs: 004A51BC
CloseThemeData, xrefs: 004A4F46
IsThemeBackgroundPartiallyTransparent, xrefs: 004A5030
DrawThemeText, xrefs: 004A4F6A
GetThemeBackgroundContentRect, xrefs: 004A4F7C, 004A4F8E
GetThemeSysColorBrush, xrefs: 004A5150
IsThemeDialogTextureEnabled, xrefs: 004A5204
GetThemeFilename, xrefs: 004A512C
GetThemeTextMetrics, xrefs: 004A4FC4
GetThemeMargins, xrefs: 004A50E4
GetThemePropertyOrigin, xrefs: 004A5108
GetThemeSysBool, xrefs: 004A5162
GetThemeAppProperties, xrefs: 004A5216
GetThemeColor, xrefs: 004A5042
GetThemeEnumValue, xrefs: 004A509C
GetThemePartSize, xrefs: 004A4FA0
GetThemeTextExtent, xrefs: 004A4FB2
GetThemeSysColor, xrefs: 004A513E
uxtheme.dll, xrefs: 004A4F11
GetThemeDocumentationProperty, xrefs: 004A524C
GetThemeFont, xrefs: 004A50C0
GetThemeInt, xrefs: 004A508A
DrawThemeIcon, xrefs: 004A500C
GetThemeRect, xrefs: 004A50D2
HitTestThemeBackground, xrefs: 004A4FE8
GetThemeString, xrefs: 004A5066
IsAppThemed, xrefs: 004A51CE
IsThemePartDefined, xrefs: 004A501E
GetThemeSysSize, xrefs: 004A5174
EnableThemeDialogTexture, xrefs: 004A51F2
GetThemeSysInt, xrefs: 004A51AA
GetThemeSysFont, xrefs: 004A5186
DrawThemeParentBackground, xrefs: 004A525E
GetThemeIntList, xrefs: 004A50F6
GetThemeBool, xrefs: 004A5078
GetThemeMetric, xrefs: 004A5054
SetWindowTheme, xrefs: 004A511A
EnableTheming, xrefs: 004A5270
GetThemeBackgroundRegion, xrefs: 004A4FD6
GetWindowTheme, xrefs: 004A51E0
GetCurrentThemeName, xrefs: 004A523A
DrawThemeBackground, xrefs: 004A4F58
OpenThemeData, xrefs: 004A4F34
DrawThemeEdge, xrefs: 004A4FFA
GetThemePosition, xrefs: 004A50AE
GetThemeSysString, xrefs: 004A5198

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$DirectoryLibraryLoadSystemVersion
String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
API String ID: 2754715182-2910565190
Opcode ID: e5b466685c6e41930f5373cf1a20f1d965abb1b851416aacb7f879f944a7bd74
Instruction ID: 34710f8a37b5754a7619989322830bb577352d0a303a5992ba6e25e5a2d351dc
Opcode Fuzzy Hash: e5b466685c6e41930f5373cf1a20f1d965abb1b851416aacb7f879f944a7bd74
Instruction Fuzzy Hash: C1A11474D40B11AFEB00EFA5D9C6A1E37A8EB26704B50197AB400DF296D77C9C04DB59

Uniqueness

Uniqueness Score: -1.00%

Function 00432AFC, Relevance: 37.7, APIs: 25, Instructions: 245
windowCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E00432AFC(struct HDC__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, int _a4, int _a8, struct HDC__* _a12, int _a16, int _a20, int _a24, int _a28, struct HDC__* _a32, int _a36, int _a40) {
				int _v8;
				int _v12;
				char _v13;
				struct HDC__* _v20;
				void* _v24;
				void* _v28;
				long _v32;
				long _v36;
				struct HPALETTE__* _v40;
				intOrPtr* _t78;
				struct HPALETTE__* _t89;
				struct HPALETTE__* _t95;
				int _t169;
				intOrPtr _t176;
				intOrPtr _t177;
				struct HDC__* _t179;
				int _t181;
				void* _t183;
				void* _t184;
				intOrPtr _t185;

				_t183 = _t184;
				_t185 = _t184 + 0xffffffdc;
				_v12 = __ecx;
				_v8 = __edx;
				_t179 = __eax;
				_t181 = _a16;
				_t169 = _a20;
				_v13 = 1;
				_t78 =  *0x505038; // 0x502914
				if( *_t78 != 2 || _t169 != _a40 || _t181 != _a36) {
					_v40 = 0;
					_v20 = E0043294C(CreateCompatibleDC(0));
					_push(_t183);
					_push(0x432d71);
					_push( *[fs:eax]);
					 *[fs:eax] = _t185;
					_v24 = E0043294C(CreateCompatibleBitmap(_a32, _t169, _t181));
					_v28 = SelectObject(_v20, _v24);
					_t89 =  *0x50aeec; // 0x6a080b01
					_v40 = SelectPalette(_a32, _t89, 0);
					SelectPalette(_a32, _v40, 0);
					if(_v40 == 0) {
						_t95 =  *0x50aeec; // 0x6a080b01
						_v40 = SelectPalette(_v20, _t95, 0xffffffff);
					} else {
						_v40 = SelectPalette(_v20, _v40, 0xffffffff);
					}
					RealizePalette(_v20);
					StretchBlt(_v20, 0, 0, _t169, _t181, _a12, _a8, _a4, _t169, _t181, 0xcc0020);
					StretchBlt(_v20, 0, 0, _t169, _t181, _a32, _a28, _a24, _t169, _t181, 0x440328);
					_v32 = SetTextColor(_t179, 0);
					_v36 = SetBkColor(_t179, 0xffffff);
					StretchBlt(_t179, _v8, _v12, _a40, _a36, _a12, _a8, _a4, _t169, _t181, 0x8800c6);
					StretchBlt(_t179, _v8, _v12, _a40, _a36, _v20, 0, 0, _t169, _t181, 0x660046);
					SetTextColor(_t179, _v32);
					SetBkColor(_t179, _v36);
					if(_v28 != 0) {
						SelectObject(_v20, _v28);
					}
					DeleteObject(_v24);
					_pop(_t176);
					 *[fs:eax] = _t176;
					_push(0x432d78);
					if(_v40 != 0) {
						SelectPalette(_v20, _v40, 0);
					}
					return DeleteDC(_v20);
				} else {
					_v24 = E0043294C(CreateCompatibleBitmap(_a32, 1, 1));
					_v24 = SelectObject(_a12, _v24);
					_push(_t183);
					_push(0x432bc4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t185;
					MaskBlt(_t179, _v8, _v12, _a40, _a36, _a32, _a28, _a24, _v24, _a8, _a4, 0xccaa0029);
					_pop(_t177);
					 *[fs:eax] = _t177;
					_push(0x432d78);
					_v24 = SelectObject(_a12, _v24);
					return DeleteObject(_v24);
				}
			}

0x00432afd
0x00432aff
0x00432b05
0x00432b08
0x00432b0b
0x00432b0d
0x00432b10
0x00432b13
0x00432b17
0x00432b1f
0x00432bcd
0x00432bdc
0x00432be1
0x00432be2
0x00432be7
0x00432bea
0x00432bfd
0x00432c0d
0x00432c12
0x00432c21
0x00432c2e
0x00432c37
0x00432c4f
0x00432c5e
0x00432c39
0x00432c48
0x00432c48
0x00432c65
0x00432c87
0x00432ca9
0x00432cb6
0x00432cc4
0x00432ceb
0x00432d10
0x00432d1a
0x00432d24
0x00432d2d
0x00432d37
0x00432d37
0x00432d40
0x00432d47
0x00432d4a
0x00432d4d
0x00432d56
0x00432d62
0x00432d62
0x00432d70
0x00432b37
0x00432b49
0x00432b59
0x00432b5e
0x00432b5f
0x00432b64
0x00432b67
0x00432b98
0x00432b9f
0x00432ba2
0x00432ba5
0x00432bb7
0x00432bc3
0x00432bc3

APIs

CreateCompatibleBitmap.GDI32(?,00000001,00000001), ref: 00432B3F
SelectObject.GDI32(?,?), ref: 00432B54
MaskBlt.GDI32(?,?,?,?,?,?,00000000,00431C22,?,?,?,CCAA0029,00000000,00432BC4,?,?), ref: 00432B98
SelectObject.GDI32(?,?), ref: 00432BB2
DeleteObject.GDI32(?), ref: 00432BBE
CreateCompatibleDC.GDI32(00000000), ref: 00432BD2
CreateCompatibleBitmap.GDI32(?,?,?), ref: 00432BF3
SelectObject.GDI32(?,?), ref: 00432C08
SelectPalette.GDI32(?,6A080B01,00000000), ref: 00432C1C
SelectPalette.GDI32(?,?,00000000), ref: 00432C2E
SelectPalette.GDI32(?,00000000,000000FF), ref: 00432C43
SelectPalette.GDI32(?,6A080B01,000000FF), ref: 00432C59
RealizePalette.GDI32(?), ref: 00432C65
StretchBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 00432C87
StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00431C22,?,?,00440328), ref: 00432CA9
SetTextColor.GDI32(?,00000000), ref: 00432CB1
SetBkColor.GDI32(?,00FFFFFF), ref: 00432CBF
StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,?,008800C6), ref: 00432CEB
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00432D10
SetTextColor.GDI32(?,00431C22), ref: 00432D1A
SetBkColor.GDI32(?,00000000), ref: 00432D24
SelectObject.GDI32(?,00000000), ref: 00432D37
DeleteObject.GDI32(?), ref: 00432D40
SelectPalette.GDI32(?,00000000,00000000), ref: 00432D62
DeleteDC.GDI32(?), ref: 00432D6B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Select$ObjectPalette$ColorStretch$CompatibleCreateDelete$BitmapText$MaskRealize
String ID:
API String ID: 3976802218-0
Opcode ID: a04f30a74c40dbf7e93a2f238fa9aa79fd4f271c7360f3957c125c04d716e3a9
Instruction ID: d034b4618e2972aea62039f1f7d2ad1cccad53cf4b3874f5b84d587d1a16ec0b
Opcode Fuzzy Hash: a04f30a74c40dbf7e93a2f238fa9aa79fd4f271c7360f3957c125c04d716e3a9
Instruction Fuzzy Hash: 438193B1A00249AFDB50DEA9CD85FAF77FCAB0C714F110559F618F7292C678AD008B69

Uniqueness

Uniqueness Score: -1.00%

Function 00434B10, Relevance: 31.7, APIs: 21, Instructions: 194
windowCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00434B10(void* __eax, long __ecx, struct HPALETTE__* __edx) {
				struct HBITMAP__* _v8;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _v20;
				char _v21;
				void* _v28;
				void* _v32;
				intOrPtr _v92;
				intOrPtr _v96;
				int _v108;
				int _v112;
				void _v116;
				int _t68;
				long _t82;
				void* _t117;
				intOrPtr _t126;
				intOrPtr _t127;
				long _t130;
				struct HPALETTE__* _t133;
				void* _t137;
				void* _t139;
				intOrPtr _t140;

				_t137 = _t139;
				_t140 = _t139 + 0xffffff90;
				_t130 = __ecx;
				_t133 = __edx;
				_t117 = __eax;
				_v8 = 0;
				if(__eax == 0 || GetObjectW(__eax, 0x54,  &_v116) == 0) {
					return _v8;
				} else {
					L00433FD4(_t117);
					_v12 = 0;
					_v20 = 0;
					_push(_t137);
					_push(0x434d0b);
					_push( *[fs:eax]);
					 *[fs:eax] = _t140;
					_v12 = E0043294C(GetDC(0));
					_v20 = E0043294C(CreateCompatibleDC(_v12));
					_v8 = CreateBitmap(_v112, _v108, 1, 1, 0);
					if(_v8 == 0) {
						L17:
						_t68 = 0;
						_pop(_t126);
						 *[fs:eax] = _t126;
						_push(0x434d12);
						if(_v20 != 0) {
							_t68 = DeleteDC(_v20);
						}
						if(_v12 != 0) {
							return ReleaseDC(0, _v12);
						}
						return _t68;
					} else {
						_v32 = SelectObject(_v20, _v8);
						if(_t130 != 0x1fffffff) {
							_v16 = E0043294C(CreateCompatibleDC(_v12));
							_push(_t137);
							_push(0x434cc3);
							_push( *[fs:eax]);
							 *[fs:eax] = _t140;
							if(_v96 == 0) {
								_v21 = 0;
							} else {
								_v21 = 1;
								_v92 = 0;
								_t117 = E00434448(_t117, _t133, _t133, 0,  &_v116);
							}
							_v28 = SelectObject(_v16, _t117);
							if(_t133 != 0) {
								SelectPalette(_v16, _t133, 0);
								RealizePalette(_v16);
								SelectPalette(_v20, _t133, 0);
								RealizePalette(_v20);
							}
							_t82 = SetBkColor(_v16, _t130);
							BitBlt(_v20, 0, 0, _v112, _v108, _v16, 0, 0, 0xcc0020);
							SetBkColor(_v16, _t82);
							if(_v28 != 0) {
								SelectObject(_v16, _v28);
							}
							if(_v21 != 0) {
								DeleteObject(_t117);
							}
							_pop(_t127);
							 *[fs:eax] = _t127;
							_push(0x434cca);
							return DeleteDC(_v16);
						} else {
							PatBlt(_v20, 0, 0, _v112, _v108, 0x42);
							if(_v32 != 0) {
								SelectObject(_v20, _v32);
							}
							goto L17;
						}
					}
				}
			}

0x00434b11
0x00434b13
0x00434b19
0x00434b1b
0x00434b1d
0x00434b21
0x00434b26
0x00434d1b
0x00434b40
0x00434b42
0x00434b49
0x00434b4e
0x00434b53
0x00434b54
0x00434b59
0x00434b5c
0x00434b6b
0x00434b7c
0x00434b92
0x00434b99
0x00434cdd
0x00434cdd
0x00434cdf
0x00434ce2
0x00434ce5
0x00434cee
0x00434cf4
0x00434cf4
0x00434cfd
0x00000000
0x00434d05
0x00434d0a
0x00434b9f
0x00434bac
0x00434bb5
0x00434be1
0x00434be6
0x00434be7
0x00434bec
0x00434bef
0x00434bf6
0x00434c16
0x00434bf8
0x00434bf8
0x00434bfe
0x00434c12
0x00434c12
0x00434c24
0x00434c29
0x00434c32
0x00434c3b
0x00434c47
0x00434c50
0x00434c50
0x00434c5a
0x00434c7e
0x00434c88
0x00434c91
0x00434c9b
0x00434c9b
0x00434ca4
0x00434ca7
0x00434ca7
0x00434cae
0x00434cb1
0x00434cb4
0x00434cc2
0x00434bb7
0x00434bc9
0x00434cce
0x00434cd8
0x00434cd8
0x00000000
0x00434cce
0x00434bb5
0x00434b99

APIs

GetObjectW.GDI32(00000000,00000054,?,00000000,?,?), ref: 00434B33
GetDC.USER32(00000000), ref: 00434B61
CreateCompatibleDC.GDI32(?), ref: 00434B72
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00434B8D
SelectObject.GDI32(?,00000000), ref: 00434BA7
PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 00434BC9
CreateCompatibleDC.GDI32(?), ref: 00434BD7
SelectObject.GDI32(00000000,00000000), ref: 00434C1F
SelectPalette.GDI32(00000000,?,00000000), ref: 00434C32
RealizePalette.GDI32(00000000), ref: 00434C3B
SelectPalette.GDI32(?,?,00000000), ref: 00434C47
RealizePalette.GDI32(?), ref: 00434C50
SetBkColor.GDI32(00000000,00000000), ref: 00434C5A
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00434C7E
SetBkColor.GDI32(00000000,00000000), ref: 00434C88
SelectObject.GDI32(00000000,00000000), ref: 00434C9B
DeleteObject.GDI32(00000000), ref: 00434CA7
DeleteDC.GDI32(00000000), ref: 00434CBD
SelectObject.GDI32(?,00000000), ref: 00434CD8
DeleteDC.GDI32(00000000), ref: 00434CF4
ReleaseDC.USER32 ref: 00434D05

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ObjectSelect$Palette$CreateDelete$ColorCompatibleRealize$BitmapRelease
String ID:
API String ID: 332224125-0
Opcode ID: c3fbc05cf5805c8685c1b67128c962a0d125028280f5df3cea1153d378d76d2c
Instruction ID: 453225a8cb8d6c2ada6f79124b4d1807b40c4de9b1724858bfa0f1eafd7650ad
Opcode Fuzzy Hash: c3fbc05cf5805c8685c1b67128c962a0d125028280f5df3cea1153d378d76d2c
Instruction Fuzzy Hash: 8B51EDB1E00244ABDB10DAE9CC55FAFB7FCAB4C704F11546AB614E7292D678AD408B68

Uniqueness

Uniqueness Score: -1.00%

Function 004FE294, Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 268
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E004FE294(void* __ebx, void* __edi, char __esi, void* __fp0) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char _v21;
				signed int _v22;
				void* _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* _t64;
				signed int _t114;
				intOrPtr _t132;
				signed int _t133;
				char _t137;
				char _t142;
				char _t145;
				char* _t152;
				signed int _t162;
				void* _t163;
				intOrPtr _t185;
				intOrPtr _t193;
				intOrPtr _t194;
				intOrPtr _t196;
				intOrPtr _t200;
				intOrPtr _t203;
				intOrPtr* _t208;
				intOrPtr _t210;
				intOrPtr _t211;
				void* _t220;

				_t220 = __fp0;
				_t207 = __esi;
				_t206 = __edi;
				_t210 = _t211;
				_t163 = 7;
				do {
					_push(0);
					_push(0);
					_t163 = _t163 - 1;
				} while (_t163 != 0);
				_push(__esi);
				_push(__edi);
				_t162 =  *0x504e38; // 0x50b17c
				_push(_t210);
				_push(0x4fe668);
				_push( *[fs:eax]);
				 *[fs:eax] = _t211;
				L0047F29C(1, _t162,  &_v36, __edi, __esi);
				_t64 = E0040C24C(_v36, _t163, L"/REG");
				_t213 = _t64;
				if(_t64 != 0) {
					L0047F29C(1, _t162,  &_v40, __edi, __esi);
					__eflags = E0040C24C(_v40, _t163, L"/REGU");
					if(__eflags != 0) {
						__eflags = 0;
						_pop(_t185);
						 *[fs:eax] = _t185;
						_push(E004FE66F);
						L00406440( &_v60, 7);
						return L00406440( &_v20, 4);
					} else {
						_v21 = 0;
						goto L6;
					}
				} else {
					_v21 = 1;
					L6:
					E0047BF28( *_t162, _t163, L"Setup", _t213);
					ShowWindow( *( *_t162 + 0x170), 5);
					L004E1564();
					_v28 = E00409458(0, 0, L"Inno-Setup-RegSvr-Mutex");
					ShowWindow( *( *_t162 + 0x170), 0);
					if(_v28 != 0) {
						do {
							E0047C3A8( *_t162);
						} while (MsgWaitForMultipleObjects(1,  &_v28, 0, 0xffffffff, 0xff) == 1);
					}
					ShowWindow( *( *_t162 + 0x170), 5);
					_push(_t210);
					_push(0x4fe639);
					_push( *[fs:eax]);
					 *[fs:eax] = _t211;
					L0047F29C(0, _t162,  &_v44, _t206, _t207);
					E0047E380(_v44, _t162,  &_v8, L".msg", _t206, _t207);
					L0047F29C(0, _t162,  &_v48, _t206, _t207);
					E0047E380(_v48, _t162,  &_v12, L".lst", _t206, _t207);
					if(E0047EB44(_v12) == 0) {
						DeleteFileW(E004064D4(_v12));
						DeleteFileW(E004064D4(_v8));
						_push(_t210);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						E004FE1F4(_t162,  &_v12, _t206, _t207, __eflags);
						_pop(_t193);
						 *[fs:eax] = _t193;
						_t194 = 0x4fe609;
						 *[fs:eax] = _t194;
						_push(E004FE640);
						__eflags = _v28;
						if(_v28 != 0) {
							ReleaseMutex(_v28);
							return CloseHandle(_v28);
						}
						return 0;
					} else {
						L004ABCEC(_v8, _t162, 1, 0, _t206, _t207);
						_t114 =  *0x504d8c; // 0x50bbb0
						L004811D0(_t114 & 0xffffff00 | ( *(_t114 + 0x4c) & 0x00000001) != 0x00000000);
						_t196 =  *0x504e48; // 0x50b83c
						_t26 = _t196 + 0x274; // 0x25caf1c
						E0047BF28( *_t162, 1,  *_t26,  *(_t114 + 0x4c) & 0x00000001);
						_push(_t210);
						_push(0x4fe5c9);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						E004DE8AC(_t162,  *_t26, _t206, _t207);
						_v32 = E004AAA68(1, 1, 0, 2);
						_push(_t210);
						_push(0x4fe5af);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						while(E004AAD08(_v32) == 0) {
							E004AAD18(_v32, _t162,  &_v16, _t206, _t207, __eflags);
							_t207 = _v16;
							__eflags = _t207;
							if(_t207 != 0) {
								_t208 = _t207 - 4;
								__eflags = _t208;
								_t207 =  *_t208;
							}
							__eflags = _t207 - 4;
							if(_t207 <= 4) {
								_t162 = 0;
								__eflags = 0;
							} else {
								__eflags =  *_v16 - 0x5b;
								_t162 = _t162 & 0xffffff00 |  *_v16 == 0x0000005b;
							}
							__eflags = _t162;
							if(__eflags != 0) {
								__eflags =  *((short*)(_v16 + 6)) - 0x5d;
								if(__eflags == 0) {
									E00406BEC(_v16, _t162, 5, _t206, _t207,  &_v20);
									_t132 = _v16;
									__eflags =  *((short*)(_t132 + 4)) - 0x71;
									if( *((short*)(_t132 + 4)) == 0x71) {
										L21:
										_t133 = 1;
									} else {
										__eflags = _v21;
										if(_v21 == 0) {
											L20:
											_t133 = 0;
										} else {
											_t152 =  *0x504ca8; // 0x50c05c
											__eflags =  *_t152;
											if( *_t152 == 0) {
												goto L21;
											} else {
												goto L20;
											}
										}
									}
									_v22 = _t133;
									_push(_t210);
									_push(0x4fe526);
									_push( *[fs:eax]);
									 *[fs:eax] = _t211;
									_t137 = ( *(_v16 + 2) & 0x0000ffff) - 0x53;
									__eflags = _t137;
									if(_t137 == 0) {
										_push(_v22 & 0x000000ff);
										L004B3324(0, _t162, _v20, 1, _t206, _t207, _t220);
									} else {
										_t142 = _t137 - 1;
										__eflags = _t142;
										if(_t142 == 0) {
											__eflags = 0;
											L004B3514(0, _t162, _v20, _t207, 0, _t220);
										} else {
											_t145 = _t142 - 0x1f;
											__eflags = _t145;
											if(_t145 == 0) {
												_push(_v22 & 0x000000ff);
												L004B3324(0, _t162, _v20, 0, _t206, _t207, _t220);
											} else {
												__eflags = _t145 - 1;
												if(__eflags == 0) {
													L004B197C(_v20, _t162, _t207);
												}
											}
										}
									}
									_pop(_t203);
									 *[fs:eax] = _t203;
								}
							}
						}
						_pop(_t200);
						 *[fs:eax] = _t200;
						_push(E004FE5B6);
						return E00404098(_v32);
					}
				}
			}

0x004fe294
0x004fe294
0x004fe294
0x004fe295
0x004fe297
0x004fe29c
0x004fe29c
0x004fe29e
0x004fe2a0
0x004fe2a0
0x004fe2a4
0x004fe2a5
0x004fe2a6
0x004fe2ae
0x004fe2af
0x004fe2b4
0x004fe2b7
0x004fe2c2
0x004fe2cf
0x004fe2d4
0x004fe2d6
0x004fe2e6
0x004fe2f8
0x004fe2fa
0x004fe640
0x004fe642
0x004fe645
0x004fe648
0x004fe655
0x004fe667
0x004fe300
0x004fe300
0x00000000
0x004fe300
0x004fe2d8
0x004fe2d8
0x004fe304
0x004fe30b
0x004fe31b
0x004fe320
0x004fe333
0x004fe341
0x004fe34a
0x004fe34c
0x004fe34e
0x004fe367
0x004fe34c
0x004fe377
0x004fe37e
0x004fe37f
0x004fe384
0x004fe387
0x004fe38f
0x004fe39f
0x004fe3a9
0x004fe3b9
0x004fe3c8
0x004fe5d9
0x004fe5e7
0x004fe5ee
0x004fe5f4
0x004fe5f7
0x004fe5fa
0x004fe601
0x004fe604
0x004fe615
0x004fe618
0x004fe61b
0x004fe620
0x004fe624
0x004fe62a
0x00000000
0x004fe633
0x004fe638
0x004fe3ce
0x004fe3d5
0x004fe3da
0x004fe3e6
0x004fe3eb
0x004fe3f1
0x004fe3f9
0x004fe400
0x004fe401
0x004fe406
0x004fe409
0x004fe40c
0x004fe426
0x004fe42b
0x004fe42c
0x004fe431
0x004fe434
0x004fe589
0x004fe442
0x004fe447
0x004fe44a
0x004fe44c
0x004fe44e
0x004fe44e
0x004fe451
0x004fe451
0x004fe453
0x004fe456
0x004fe464
0x004fe464
0x004fe458
0x004fe45b
0x004fe45f
0x004fe45f
0x004fe466
0x004fe468
0x004fe471
0x004fe476
0x004fe48d
0x004fe492
0x004fe495
0x004fe49a
0x004fe4b0
0x004fe4b0
0x004fe49c
0x004fe49c
0x004fe4a0
0x004fe4ac
0x004fe4ac
0x004fe4a2
0x004fe4a2
0x004fe4a7
0x004fe4aa
0x00000000
0x00000000
0x00000000
0x00000000
0x004fe4aa
0x004fe4a0
0x004fe4b2
0x004fe4b7
0x004fe4b8
0x004fe4bd
0x004fe4c0
0x004fe4ca
0x004fe4ca
0x004fe4ce
0x004fe4f9
0x004fe501
0x004fe4d0
0x004fe4d0
0x004fe4d0
0x004fe4d3
0x004fe515
0x004fe517
0x004fe4d5
0x004fe4d5
0x004fe4d5
0x004fe4d9
0x004fe4e6
0x004fe4ee
0x004fe4db
0x004fe4db
0x004fe4de
0x004fe50b
0x004fe50b
0x004fe4de
0x004fe4d9
0x004fe4d3
0x004fe51e
0x004fe521
0x004fe521
0x004fe476
0x004fe468
0x004fe59b
0x004fe59e
0x004fe5a1
0x004fe5ae
0x004fe5ae
0x004fe3c8

APIs

ShowWindow.USER32(?,00000005,00000000,004FE668,?,?,00000000,?,00000000,00000000,?,004FEB16,00000000,004FEB20,?,00000000), ref: 004FE31B
ShowWindow.USER32(?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668,?,?,00000000,?,00000000,00000000), ref: 004FE341
MsgWaitForMultipleObjects.USER32 ref: 004FE362
ShowWindow.USER32(?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668,?,?,00000000,?,00000000), ref: 004FE377

Part of subcall function 0047F29C: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0047F333,?,?,?,00000001,?,004B0D32,00000000,004B0D9F), ref: 0047F2D1

Strings

Setup, xrefs: 004FE306
.msg, xrefs: 004FE39A
Inno-Setup-RegSvr-Mutex, xrefs: 004FE325
.lst, xrefs: 004FE3B4
/REGU, xrefs: 004FE2EE
/REG, xrefs: 004FE2CA

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ShowWindow$FileModuleMultipleNameObjectsWait
String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
API String ID: 66301061-3672972446
Opcode ID: 5cfc5dff2a9fb54821fa85b1078596bc45cacd9b4628b879ee3730bc8e78ff0c
Instruction ID: 3eb728371c213ff15b7bf5068121ca3ff1519d47c4d722a15f1148c1838efd6d
Opcode Fuzzy Hash: 5cfc5dff2a9fb54821fa85b1078596bc45cacd9b4628b879ee3730bc8e78ff0c
Instruction Fuzzy Hash: 9A91D430A042089FDB10EBA6C851BBE77F4EB09709F51446AFA00EB7A2D77D9D05CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004B6018, Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 214
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E004B6018(char __eax, void* __ebx, signed char __edx, void* __edi, void* __esi, void* __fp0, char _a4, char _a8, intOrPtr _a12) {
				char _v5;
				char _v6;
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v60;
				void* __ecx;
				char _t65;
				void* _t69;
				void* _t112;
				signed char _t135;
				intOrPtr _t137;
				intOrPtr _t164;
				intOrPtr _t178;
				void* _t188;
				signed int _t189;
				char _t191;
				intOrPtr _t193;
				intOrPtr _t194;

				_t210 = __fp0;
				_t187 = __edi;
				_t193 = _t194;
				_t137 = 6;
				do {
					_push(0);
					_push(0);
					_t137 = _t137 - 1;
				} while (_t137 != 0);
				_push(_t137);
				_t1 =  &_v8;
				_t138 =  *_t1;
				 *_t1 = _t137;
				_push(__edi);
				_v5 =  *_t1;
				_t135 = __edx;
				_t191 = __eax;
				_push(_t193);
				_push(0x4b62d8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				_v6 = 1;
				E0047E7C8(__eax,  *_t1,  &_v12);
				if(E0040C24C(_v12,  *_t1, L".hlp") != 0) {
					E0047E7C8(_t191, _t138,  &_v24);
					_t65 = E0040C24C(_v24, _t138, L".chm");
					__eflags = _t65;
					if(_t65 == 0) {
						E0047E380(_t191, _t135,  &_v28, L".chw", __edi, _t191);
						__eflags = 0;
						E004B6018(_v28, _t135, _t135, __edi, _t191, __fp0, 0, 0, _a12);
						_pop(_t138);
					}
				} else {
					E0047E380(_t191, _t135,  &_v16, L".gid", __edi, _t191);
					E004B6018(_v16, _t135, _t135, __edi, _t191, __fp0, 0, 0, _a12);
					E0047E380(_t191, _t135,  &_v20, L".fts", __edi, _t191);
					E004B6018(_v20, _t135, _t135, _t187, _t191, __fp0, 0, 0, _a12);
					_pop(_t138);
				}
				E0047E7C8(_t191, _t138,  &_v32);
				_t69 = E0040C24C(_v32, _t138, L".lnk");
				_t197 = _t69;
				if(_t69 == 0) {
					L004B1C94(_t191, _t135);
				}
				if(L004AD5D8(_t135, _t191, _t197) == 0) {
					L25:
					_pop(_t164);
					 *[fs:eax] = _t164;
					_push(E004B62DF);
					L00406440( &_v60, 5);
					return L00406440( &_v32, 6);
				} else {
					_v40 = _t191;
					_v36 = 0x11;
					_t141 = 0;
					E004B2E4C(L"Deleting file: %s", _t135, 0,  &_v40, _t187, _t191);
					_t199 = _a4;
					if(_a4 != 0) {
						_t189 = E004AD314(_t135, _t191, _t199);
						if(_t189 != 0xffffffff) {
							_t201 = _t189 & 0x00000001;
							if((_t189 & 0x00000001) != 0) {
								_t141 = _t189 & 0xfffffffe;
								_t112 = L004AD6C0(_t135, _t189 & 0xfffffffe, _t191, _t201);
								_t202 = _t112;
								if(_t112 == 0) {
									E004B2BC8(L"Failed to strip read-only attribute.", _t135, _t141, _t189, _t191);
								} else {
									E004B2BC8(L"Stripped read-only attribute.", _t135, _t141, _t189, _t191);
								}
							}
						}
					}
					if(E004AD13C(_t135, _t191, _t202) != 0) {
						__eflags = _v5;
						if(_v5 != 0) {
							SHChangeNotify(4, 5, E004064D4(_t191), 0);
							E0047E76C(_t191, _t141,  &_v60);
							E004B0FF0( *((intOrPtr*)(_a12 - 0x3c)), _t141, _v60, _t210);
						}
						goto L25;
					} else {
						_t188 = GetLastError();
						if(_a8 == 0 ||  *((char*)(_a12 - 0x29)) == 0) {
							L22:
							_v40 = _t188;
							_v36 = 0;
							E004B2E4C(L"Failed to delete the file; it may be in use (%d).", _t135, 0,  &_v40, _t188, _t191);
							_v6 = 0;
							goto L25;
						} else {
							if(_t188 == 5) {
								L20:
								if((E004AD314(_t135, _t191, _t207) & 0x00000001) != 0) {
									goto L22;
								}
								_v40 = _t188;
								_v36 = 0;
								E004B2E4C(L"The file appears to be in use (%d). Will delete on restart.", _t135, 0,  &_v40, _t188, _t191);
								_push(_t193);
								 *[fs:eax] = _t194;
								E004AE5E8(_t135, _t135, _t191, _t188, _t191);
								 *((char*)( *((intOrPtr*)(_a12 - 0x30)) + 0x1c)) = 1;
								E0047E6BC(_t191,  &_v48,  *[fs:eax]);
								E0047E76C(_v48, 0,  &_v44);
								E004B0FF0( *((intOrPtr*)(_a12 + (_t135 & 0x000000ff) * 4 - 0x38)), _a12, _v44, _t210);
								_t178 = 0x4b6233;
								 *[fs:eax] = _t178;
								goto L25;
							}
							_t207 = _t188 - 0x20;
							if(_t188 != 0x20) {
								goto L22;
							}
							goto L20;
						}
					}
				}
			}

0x004b6018
0x004b6018
0x004b6019
0x004b601c
0x004b6021
0x004b6021
0x004b6023
0x004b6025
0x004b6025
0x004b6028
0x004b6029
0x004b6029
0x004b6029
0x004b602e
0x004b602f
0x004b6032
0x004b6034
0x004b6038
0x004b6039
0x004b603e
0x004b6041
0x004b6044
0x004b604d
0x004b6061
0x004b60b2
0x004b60bf
0x004b60c4
0x004b60c6
0x004b60da
0x004b60e2
0x004b60e6
0x004b60eb
0x004b60eb
0x004b6063
0x004b6075
0x004b6081
0x004b6099
0x004b60a5
0x004b60aa
0x004b60aa
0x004b60f1
0x004b60fe
0x004b6103
0x004b6105
0x004b6109
0x004b6109
0x004b6119
0x004b62b0
0x004b62b2
0x004b62b5
0x004b62b8
0x004b62c5
0x004b62d7
0x004b611f
0x004b611f
0x004b6122
0x004b6129
0x004b6130
0x004b6135
0x004b6139
0x004b6144
0x004b6149
0x004b614b
0x004b6151
0x004b6155
0x004b615c
0x004b6161
0x004b6163
0x004b6176
0x004b6165
0x004b616a
0x004b616a
0x004b6163
0x004b6151
0x004b6149
0x004b6186
0x004b627f
0x004b6283
0x004b6293
0x004b629d
0x004b62ab
0x004b62ab
0x00000000
0x004b618c
0x004b6191
0x004b6197
0x004b6263
0x004b6263
0x004b6266
0x004b6274
0x004b6279
0x00000000
0x004b61aa
0x004b61ad
0x004b61b8
0x004b61c3
0x00000000
0x00000000
0x004b61c9
0x004b61cc
0x004b61da
0x004b61e1
0x004b61ea
0x004b61f3
0x004b61fe
0x004b6207
0x004b6212
0x004b6224
0x004b622b
0x004b622e
0x00000000
0x004b622e
0x004b61af
0x004b61b2
0x00000000
0x00000000
0x00000000
0x004b61b2
0x004b6197
0x004b6186

APIs

GetLastError.KERNEL32(00000000,004B62D8,?,?,?,?,00000005,00000000,00000000,?,?,004B76B1,00000000,00000000,?,00000000), ref: 004B618C

Strings

Failed to strip read-only attribute., xrefs: 004B6171
Failed to delete the file; it may be in use (%d)., xrefs: 004B626F
.chm, xrefs: 004B60BA
Stripped read-only attribute., xrefs: 004B6165
.lnk, xrefs: 004B60F9
.gid, xrefs: 004B606E
.chw, xrefs: 004B60D3
.fts, xrefs: 004B6092
The file appears to be in use (%d). Will delete on restart., xrefs: 004B61D5
.hlp, xrefs: 004B6055
Deleting file: %s, xrefs: 004B612B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast
String ID: .chm$.chw$.fts$.gid$.hlp$.lnk$Deleting file: %s$Failed to delete the file; it may be in use (%d).$Failed to strip read-only attribute.$Stripped read-only attribute.$The file appears to be in use (%d). Will delete on restart.
API String ID: 1452528299-3112430753
Opcode ID: aa2d00f1e4007b7b3cadeb091347b6f361e8a39d387a2866d32693abf2253aa4
Instruction ID: 7ed9f04ec13f5c3f5660eb524a497fab973c0e9aa021cbf78e872c09f34b2f30
Opcode Fuzzy Hash: aa2d00f1e4007b7b3cadeb091347b6f361e8a39d387a2866d32693abf2253aa4
Instruction Fuzzy Hash: 57719130B042445BEB15EB6E88427EE77A99F49708F52856BF801AB382CB7CDD05877D

Uniqueness

Uniqueness Score: -1.00%

Function 004B8A78, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 174
libraryloadermemoryCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E004B8A78(intOrPtr __eax, struct _SID_IDENTIFIER_AUTHORITY* __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				_Unknown_base(*)()* _v20;
				_Unknown_base(*)()* _v24;
				char _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				void* _v44;
				intOrPtr* _t67;
				signed int _t107;
				struct _SID_IDENTIFIER_AUTHORITY* _t111;
				void* _t113;
				intOrPtr _t124;
				intOrPtr* _t133;
				void* _t135;
				void* _t136;
				struct HINSTANCE__* _t139;
				struct _SID_IDENTIFIER_AUTHORITY* _t140;
				void* _t142;
				void* _t144;
				intOrPtr _t145;

				_t142 = _t144;
				_t145 = _t144 + 0xffffffd8;
				_t111 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t67 =  *0x505038; // 0x502914
				if( *_t67 != 2 || (GetVersion() & 0x000000ff) < 5) {
					_v16 = 1;
					goto L18;
				} else {
					_t139 = GetModuleHandleW(L"advapi32.dll");
					_t133 = GetProcAddress(_t139, "GetNamedSecurityInfoW");
					_v20 = GetProcAddress(_t139, "SetNamedSecurityInfoW");
					_v24 = GetProcAddress(_t139, "SetEntriesInAclW");
					if(_t133 == 0 || _v20 == 0 || _v24 == 0) {
						_v16 = 0x7f;
						goto L18;
					} else {
						_v40 = 0;
						_v16 =  *_t133(E004064D4(_v12), _v8, 4, 0, 0,  &_v32, 0,  &_v28);
						if(_v16 != 0) {
							L18:
							return _v16;
						} else {
							_push(_t142);
							_push(0x4b8cb3);
							_push( *[fs:edx]);
							 *[fs:edx] = _t145;
							_v40 = E00403000(_a8 << 5);
							_t140 = _t111;
							_t135 = _a8 - 1;
							if(_t135 < 0) {
								L15:
								_v16 = _v24(_a8, _v40, _v32,  &_v36);
								if(_v16 == 0) {
									 *[fs:eax] = _t145;
									_v16 = _v20(E004064D4(_v12), _v8, 4, 0, 0, _v36, 0,  *[fs:eax], 0x4b8c59, _t142);
									_pop(_t124);
									 *[fs:eax] = _t124;
									_push(0x4b8c60);
									return LocalFree(_v36);
								} else {
									E00404B68();
									goto L18;
								}
							} else {
								_t136 = _t135 + 1;
								_t113 = 0;
								while(AllocateAndInitializeSid(_t140,  *(_t140 + 6) & 0x000000ff,  *(_t140 + 8),  *(_t140 + 0xc), 0, 0, 0, 0, 0, 0,  &_v44) != 0) {
									_t107 = _t113 + _t113 + _t113 + _t113;
									 *((intOrPtr*)(_v40 + _t107 * 8)) =  *((intOrPtr*)(_t140 + 0x10));
									 *((intOrPtr*)(_v40 + 4 + _t107 * 8)) = 1;
									 *((intOrPtr*)(_v40 + 8 + _t107 * 8)) = _a4;
									 *((intOrPtr*)(_v40 + 0x14 + _t107 * 8)) = 0;
									 *((intOrPtr*)(_v40 + 0x18 + _t107 * 8)) = 0;
									 *((intOrPtr*)(_v40 + 0x1c + _t107 * 8)) = _v44;
									_t140 = _t140 + 0x14;
									_t113 = _t113 + 1;
									_t136 = _t136 - 1;
									if(_t136 != 0) {
										continue;
									} else {
										goto L15;
									}
									goto L19;
								}
								_v16 = GetLastError();
								if(_v16 == 0) {
									_v16 = 0x57;
								}
								E00404B68();
								goto L18;
							}
						}
					}
				}
				L19:
			}

0x004b8a79
0x004b8a7b
0x004b8a81
0x004b8a83
0x004b8a86
0x004b8a89
0x004b8a91
0x004b8aa3
0x00000000
0x004b8aaf
0x004b8ab9
0x004b8ac6
0x004b8ad3
0x004b8ae1
0x004b8ae6
0x004b8af4
0x00000000
0x004b8b00
0x004b8b02
0x004b8b24
0x004b8b2b
0x004b8cba
0x004b8cc3
0x004b8b31
0x004b8b33
0x004b8b34
0x004b8b39
0x004b8b3c
0x004b8b4a
0x004b8b4d
0x004b8b52
0x004b8b55
0x004b8bef
0x004b8c02
0x004b8c09
0x004b8c20
0x004b8c3f
0x004b8c44
0x004b8c47
0x004b8c4a
0x004b8c58
0x004b8c0b
0x004b8c0b
0x00000000
0x004b8c0b
0x004b8b5b
0x004b8b5b
0x004b8b5c
0x004b8b5e
0x004b8ba8
0x004b8bb0
0x004b8bb6
0x004b8bc4
0x004b8bcd
0x004b8bd6
0x004b8be0
0x004b8be4
0x004b8be7
0x004b8be8
0x004b8be9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004b8be9
0x004b8b8a
0x004b8b91
0x004b8b93
0x004b8b93
0x004b8b9a
0x00000000
0x004b8b9a
0x004b8b55
0x004b8b2b
0x004b8ae6
0x00000000

APIs

GetVersion.KERNEL32 ref: 004B8A93
GetModuleHandleW.KERNEL32(advapi32.dll), ref: 004B8AB4
GetProcAddress.KERNEL32(00000000,GetNamedSecurityInfoW), ref: 004B8AC1
GetProcAddress.KERNEL32(00000000,SetNamedSecurityInfoW), ref: 004B8ACE
GetProcAddress.KERNEL32(00000000,SetEntriesInAclW), ref: 004B8ADC
AllocateAndInitializeSid.ADVAPI32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,004B8CB3), ref: 004B8B7C
GetLastError.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,004B8CB3), ref: 004B8B85
LocalFree.KERNEL32(?,004B8C60), ref: 004B8C53

Strings

SetEntriesInAclW, xrefs: 004B8AD6
SetNamedSecurityInfoW, xrefs: 004B8AC8
advapi32.dll, xrefs: 004B8AAF
GetNamedSecurityInfoW, xrefs: 004B8ABB
W, xrefs: 004B8B93

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$AllocateErrorFreeHandleInitializeLastLocalModuleVersion
String ID: GetNamedSecurityInfoW$SetEntriesInAclW$SetNamedSecurityInfoW$W$advapi32.dll
API String ID: 4088882585-4263478283
Opcode ID: e470e76dbb7141f3320895f6a1926b685bea5dfdd9640bf6a8e56b54529c9f24
Instruction ID: afc200dc3f936ce53cb1efbb79d5f7f4363e73e43a3005e33bf7901514434693
Opcode Fuzzy Hash: e470e76dbb7141f3320895f6a1926b685bea5dfdd9640bf6a8e56b54529c9f24
Instruction Fuzzy Hash: 335130B1901608AFDB10DFA9C845BEEB7F8EB48314F20846AF515E7281DA799D41CF78

Uniqueness

Uniqueness Score: -1.00%

Function 0043504C, Relevance: 22.8, APIs: 15, Instructions: 252
windowCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E0043504C(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				struct HPALETTE__* _v12;
				char _v13;
				struct tagPOINT _v24;
				struct HDC__* _v28;
				void* _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				struct HPALETTE__* _t92;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				char _t101;
				void* _t169;
				intOrPtr* _t199;
				intOrPtr _t214;
				intOrPtr _t216;
				int* _t220;
				intOrPtr _t222;
				void* _t224;
				void* _t225;
				intOrPtr _t226;

				_t200 = __ecx;
				_t224 = _t225;
				_t226 = _t225 + 0xffffffe0;
				_t220 = __ecx;
				_v8 = __edx;
				_t199 = __eax;
				_t222 =  *((intOrPtr*)(__eax + 0x28));
				E00432630(_v8, __ecx,  *0x4352f4 & 0x000000ff, __ecx);
				L00435C44(_t199);
				_v12 = 0;
				_v13 = 0;
				_t92 =  *(_t222 + 0x10);
				if(_t92 != 0) {
					_v12 = SelectPalette( *(_v8 + 4), _t92, 0xffffffff);
					RealizePalette( *(_v8 + 4));
					_v13 = 1;
				}
				_push(GetDeviceCaps( *(_v8 + 4), 0xc));
				_t98 = GetDeviceCaps( *(_v8 + 4), 0xe);
				_pop(_t99);
				_t100 = _t99 * _t98;
				if(_t100 > 8) {
					L4:
					_t101 = 0;
				} else {
					_t200 =  *(_t222 + 0x28) & 0x0000ffff;
					if(_t100 < ( *(_t222 + 0x2a) & 0x0000ffff) * ( *(_t222 + 0x28) & 0x0000ffff)) {
						_t101 = 1;
					} else {
						goto L4;
					}
				}
				if(_t101 == 0) {
					if(L004356F0(_t199) == 0) {
						SetStretchBltMode(E00432554(_v8), 3);
					}
				} else {
					GetBrushOrgEx( *(_v8 + 4),  &_v24);
					SetStretchBltMode( *(_v8 + 4), 4);
					SetBrushOrgEx( *(_v8 + 4), _v24, _v24.y,  &_v24);
				}
				_push(_t224);
				_push(0x4352e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t226;
				if( *((intOrPtr*)( *_t199 + 0x2c))() != 0) {
					L00435BE4(_t199, _t200);
				}
				E00432630(L00435634(_t199), _t200,  *0x4352f4 & 0x000000ff, _t220);
				if( *((intOrPtr*)( *_t199 + 0x2c))() == 0) {
					if( *((intOrPtr*)( *_t199 + 0x4c))() == 0) {
						StretchBlt( *(_v8 + 4),  *_t220, _t220[1], _t220[2] -  *_t220, _t220[3] - _t220[1],  *(L00435634(_t199) + 4), 0, 0,  *(_t222 + 0x1c),  *(_t222 + 0x20),  *(_v8 + 0x20));
					} else {
						_v36 = 0;
						_v35 = 0;
						_v34 = 0xff;
						_v33 = 1;
						_push(_v36);
						_push( *(_t222 + 0x20));
						_push( *(_t222 + 0x1c));
						_push(0);
						_push(0);
						_push( *(L00435634(_t199) + 4));
						_push(_t220[3] - _t220[1]);
						_push(_t220[2] -  *_t220);
						_push(_t220[1]);
						_push( *_t220);
						_push(E00432554(_v8));
						L004098E4();
					}
					_pop(_t214);
					 *[fs:eax] = _t214;
					_push(0x4352ea);
					if(_v13 != 0) {
						return SelectPalette( *(_v8 + 4), _v12, 0xffffffff);
					}
					return 0;
				} else {
					_v32 = 0;
					_v28 = 0;
					_push(_t224);
					_push(0x43521f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t226;
					_v28 = E0043294C(CreateCompatibleDC(0));
					_v32 = SelectObject(_v28,  *(_t222 + 0xc));
					E00432AFC( *(_v8 + 4), _t199, _t220[1],  *_t220, _t220, _t222, 0, 0, _v28,  *(_t222 + 0x20),  *(_t222 + 0x1c), 0, 0,  *(L00435634(_t199) + 4), _t220[3] - _t220[1], _t220[2] -  *_t220);
					_t169 = 0;
					_pop(_t216);
					 *[fs:eax] = _t216;
					_push(0x4352bd);
					if(_v32 != 0) {
						_t169 = SelectObject(_v28, _v32);
					}
					if(_v28 != 0) {
						return DeleteDC(_v28);
					}
					return _t169;
				}
			}

0x0043504c
0x0043504d
0x0043504f
0x00435055
0x00435057
0x0043505a
0x0043505c
0x00435069
0x00435070
0x00435077
0x0043507a
0x0043507e
0x00435083
0x00435094
0x0043509e
0x004350a3
0x004350a3
0x004350b5
0x004350bf
0x004350c6
0x004350c7
0x004350cc
0x004350dd
0x004350dd
0x004350ce
0x004350d2
0x004350db
0x004350e1
0x00000000
0x00000000
0x00000000
0x004350db
0x004350e5
0x00435128
0x00435135
0x00435135
0x004350e7
0x004350f2
0x00435100
0x00435118
0x00435118
0x0043513c
0x0043513d
0x00435142
0x00435145
0x00435151
0x00435155
0x00435155
0x00435168
0x00435176
0x0043522f
0x004352b8
0x00435231
0x00435231
0x00435235
0x00435239
0x0043523d
0x00435241
0x00435247
0x0043524b
0x0043524c
0x0043524e
0x0043525a
0x00435261
0x00435267
0x0043526b
0x0043526e
0x00435277
0x00435278
0x00435278
0x004352bf
0x004352c2
0x004352c5
0x004352ce
0x00000000
0x004352dd
0x004352e2
0x0043517c
0x0043517e
0x00435183
0x00435188
0x00435189
0x0043518e
0x00435191
0x004351a0
0x004351b0
0x004351ea
0x004351ef
0x004351f1
0x004351f4
0x004351f7
0x00435200
0x0043520a
0x0043520a
0x00435213
0x00000000
0x00435219
0x0043521e
0x0043521e

APIs

Part of subcall function 00435C44: GetDC.USER32(00000000), ref: 00435C9A
Part of subcall function 00435C44: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00435CAF
Part of subcall function 00435C44: GetDeviceCaps.GDI32(00000000,0000000E), ref: 00435CB9
Part of subcall function 00435C44: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,004341AB,00000000,00434237), ref: 00435CDD
Part of subcall function 00435C44: ReleaseDC.USER32 ref: 00435CE8

SelectPalette.GDI32(?,?,000000FF), ref: 0043508F
RealizePalette.GDI32(?), ref: 0043509E
GetDeviceCaps.GDI32(?,0000000C), ref: 004350B0
GetDeviceCaps.GDI32(?,0000000E), ref: 004350BF
GetBrushOrgEx.GDI32(?,?,0000000E,00000000,?,0000000C), ref: 004350F2
SetStretchBltMode.GDI32(?,00000004), ref: 00435100
SetBrushOrgEx.GDI32(?,?,?,?,?,00000004,?,?,0000000E,00000000,?,0000000C), ref: 00435118
SetStretchBltMode.GDI32(00000000,00000003), ref: 00435135
CreateCompatibleDC.GDI32(00000000), ref: 00435196
SelectObject.GDI32(?,?), ref: 004351AB
SelectObject.GDI32(?,00000000), ref: 0043520A
DeleteDC.GDI32(00000000), ref: 00435219

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CapsDevice$PaletteSelect$BrushCreateModeObjectStretch$CompatibleDeleteHalftoneRealizeRelease
String ID:
API String ID: 2414602066-0
Opcode ID: 62c92d5eb5b0f851de4766f09de334abd94ffe329039d1bf9da3c2145fdab174
Instruction ID: 233bef55b0a36d45384dfab345ca70d5732d401be5eec45ae4de51717a1343c1
Opcode Fuzzy Hash: 62c92d5eb5b0f851de4766f09de334abd94ffe329039d1bf9da3c2145fdab174
Instruction Fuzzy Hash: 739119B1600645AFDB10DFADC985F5AB7F8AF0C304F10956AB518EB392D678ED01CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0043295C, Relevance: 21.1, APIs: 14, Instructions: 131
windowCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E0043295C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _v8;
				int _v12;
				int _v16;
				struct HBITMAP__* _v20;
				struct HDC__* _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				int _v48;
				int _v52;
				void _v56;
				void* _t78;
				intOrPtr _t85;
				intOrPtr _t86;
				void* _t91;
				void* _t93;
				void* _t94;
				intOrPtr _t95;

				_t93 = _t94;
				_t95 = _t94 + 0xffffffcc;
				asm("movsd");
				asm("movsd");
				_t77 = __ecx;
				_v8 = __eax;
				_v28 = CreateCompatibleDC(0);
				_v32 = CreateCompatibleDC(0);
				_push(_t93);
				_push(0x432aaa);
				_push( *[fs:eax]);
				 *[fs:eax] = _t95;
				GetObjectW(_v8, 0x18,  &_v56);
				if(__ecx == 0) {
					_v24 = GetDC(0);
					if(_v24 == 0) {
						E004328A4(_t77);
					}
					_push(_t93);
					_push(0x432a19);
					_push( *[fs:eax]);
					 *[fs:eax] = _t95;
					_v20 = CreateCompatibleBitmap(_v24, _v16, _v12);
					if(_v20 == 0) {
						E004328A4(_t77);
					}
					_pop(_t85);
					 *[fs:eax] = _t85;
					_push(0x432a20);
					return ReleaseDC(0, _v24);
				} else {
					_v20 = CreateBitmap(_v16, _v12, 1, 1, 0);
					if(_v20 != 0) {
						_t78 = SelectObject(_v28, _v8);
						_t91 = SelectObject(_v32, _v20);
						StretchBlt(_v32, 0, 0, _v16, _v12, _v28, 0, 0, _v52, _v48, 0xcc0020);
						if(_t78 != 0) {
							SelectObject(_v28, _t78);
						}
						if(_t91 != 0) {
							SelectObject(_v32, _t91);
						}
					}
					_pop(_t86);
					 *[fs:eax] = _t86;
					_push(0x432ab1);
					DeleteDC(_v28);
					return DeleteDC(_v32);
				}
			}

0x0043295d
0x0043295f
0x0043296a
0x0043296b
0x0043296c
0x0043296e
0x00432978
0x00432982
0x00432987
0x00432988
0x0043298d
0x00432990
0x0043299d
0x004329a4
0x004329c5
0x004329cc
0x004329ce
0x004329ce
0x004329d5
0x004329d6
0x004329db
0x004329de
0x004329f2
0x004329f9
0x004329fb
0x004329fb
0x00432a02
0x00432a05
0x00432a08
0x00432a18
0x004329a6
0x004329b9
0x00432a24
0x00432a33
0x00432a42
0x00432a69
0x00432a70
0x00432a77
0x00432a77
0x00432a7e
0x00432a85
0x00432a85
0x00432a7e
0x00432a8c
0x00432a8f
0x00432a92
0x00432a9b
0x00432aa9
0x00432aa9

APIs

CreateCompatibleDC.GDI32(00000000), ref: 00432973
CreateCompatibleDC.GDI32(00000000), ref: 0043297D
GetObjectW.GDI32(?,00000018,?,00000000,00432AAA,?,00000000,00000000), ref: 0043299D
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 004329B4
GetDC.USER32(00000000), ref: 004329C0
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 004329ED
ReleaseDC.USER32 ref: 00432A13
SelectObject.GDI32(?,?), ref: 00432A2E
SelectObject.GDI32(?,00000000), ref: 00432A3D
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00432A69
SelectObject.GDI32(?,00000000), ref: 00432A77
SelectObject.GDI32(?,00000000), ref: 00432A85
DeleteDC.GDI32(?), ref: 00432A9B
DeleteDC.GDI32(?), ref: 00432AA4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
String ID:
API String ID: 644427674-0
Opcode ID: 67ab257ed31fe3c35b11b87cb29eb0e762719229e517f1d8f41f5d0c193293e7
Instruction ID: 38e763b2fcd98df08a58da3a1b598358b1fd906435b550cf8b27876f91933237
Opcode Fuzzy Hash: 67ab257ed31fe3c35b11b87cb29eb0e762719229e517f1d8f41f5d0c193293e7
Instruction Fuzzy Hash: 2141D171A44245AFDB10EAE5C942FAFB7BCEF4C704F104426B614F7282D6B85D008B64

Uniqueness

Uniqueness Score: -1.00%

Function 00464A68, Relevance: 19.7, APIs: 13, Instructions: 248
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00464A68(intOrPtr* __eax, intOrPtr __edx, void* __fp0) {
				intOrPtr* _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				int _v20;
				int _v24;
				struct tagPOINT _v32;
				struct tagRECT _v48;
				signed int _v60;
				signed int _v64;
				struct HRGN__* _t166;
				signed int _t191;
				intOrPtr* _t198;
				intOrPtr* _t201;
				intOrPtr _t208;
				signed int _t211;
				intOrPtr _t248;
				signed int _t251;
				void* _t266;
				void* _t269;
				void* _t271;
				intOrPtr _t272;
				void* _t296;

				_t296 = __fp0;
				_t269 = _t271;
				_t272 = _t271 + 0xffffffc4;
				_v12 = __edx;
				_v8 = __eax;
				if( *(_v8 + 0x1a9) != 0 ||  *(_v8 + 0x1b0) > 0) {
					_v16 = GetWindowDC(L00463A10(_v8));
					_push(_t269);
					_push(0x464d13);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t272;
					GetClientRect(L00463A10(_v8),  &_v32);
					GetWindowRect(L00463A10(_v8),  &_v48);
					MapWindowPoints(0, L00463A10(_v8),  &_v48, 2);
					L00409254( &_v32,  ~(_v48.top),  ~(_v48.left));
					ExcludeClipRect(_v16, _v32, _v32.y, _v24, _v20);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					InflateRect( &_v32,  *(_v8 + 0x1b0),  *(_v8 + 0x1b0));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t211 = GetWindowLongW(L00463A10(_v8), 0xfffffff0);
					if((_t211 & 0x00200000) != 0) {
						_t201 =  *0x504bc8; // 0x50aeb0
						_v48.right = _v48.right +  *((intOrPtr*)( *_t201))(0x14);
					}
					if((_t211 & 0x00100000) != 0) {
						_t198 =  *0x504bc8; // 0x50aeb0
						_v48.bottom = _v48.bottom +  *((intOrPtr*)( *_t198))(0x15);
					}
					if( *(_v8 + 0x1a9) != 0) {
						_t266 = 0;
						_t251 =  *(_v8 + 0x1a7) & 0x000000ff;
						if(_t251 != 0) {
							_t266 = 0 +  *((intOrPtr*)(_v8 + 0x1ac));
						}
						_t191 =  *(_v8 + 0x1a8) & 0x000000ff;
						if(_t191 != 0) {
							_t266 = _t266 +  *((intOrPtr*)(_v8 + 0x1ac));
						}
						if(( *(_v8 + 0x1a6) & 0x00000001) != 0) {
							_v48.left = _v48.left - _t266;
						}
						if(( *(_v8 + 0x1a6) & 0x00000002) != 0) {
							_v48.top = _v48.top - _t266;
						}
						if(( *(_v8 + 0x1a6) & 0x00000004) != 0) {
							_v48.right = _v48.right + _t266;
						}
						if(( *(_v8 + 0x1a6) & 0x00000008) != 0) {
							_v48.bottom = _v48.bottom + _t266;
						}
						DrawEdge(_v16,  &_v48,  *(0x503b84 + (_t251 & 0x0000007f) * 4) |  *(0x503b94 + (_t191 & 0x0000007f) * 4),  *(_v8 + 0x1a6) & 0x000000ff |  *(0x503ba4 + ( *(_v8 + 0x1a9) & 0x000000ff) * 4) |  *(0x503bb4 + ( *(_v8 + 0x1e1) & 0x000000ff) * 4) | 0x00002000);
					}
					IntersectClipRect(_v16, _v48.left, _v48.top, _v48.right, _v48.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t166 =  *(_v12 + 4);
					if(_t166 != 1) {
						GetRgnBox(_t166,  &_v32);
						MapWindowPoints(0, L00463A10(_v8),  &_v32, 2);
						L004091DC( &_v48,  &_v32,  &_v48, _t296);
						L00409254( &_v48,  ~_v60,  ~_v64);
					} else {
						L00409254( &_v48,  ~(_v48.top),  ~_v48);
					}
					FillRect(_v16,  &_v48, L0043170C( *((intOrPtr*)(_v8 + 0x1b8))));
					_pop(_t248);
					 *[fs:eax] = _t248;
					_push(0x464d1a);
					return ReleaseDC(L00463A10(_v8), _v16);
				} else {
					 *((intOrPtr*)( *_v8 - 0x10))();
					_t208 = L0046B888(_v8,  *_v8, _v12);
					if(_t208 != 0) {
						_t208 = _v8;
						if(( *(_t208 + 0x52) & 0x00000002) != 0) {
							_t208 = L0046B708(E0046AED4(), 0, _v8);
						}
					}
					return _t208;
				}
			}

0x00464a68
0x00464a69
0x00464a6b
0x00464a71
0x00464a74
0x00464a81
0x00464aa1
0x00464aa6
0x00464aa7
0x00464aac
0x00464aaf
0x00464abf
0x00464ad1
0x00464ae7
0x00464af9
0x00464b12
0x00464b1d
0x00464b1e
0x00464b1f
0x00464b20
0x00464b30
0x00464b3b
0x00464b3c
0x00464b3d
0x00464b3e
0x00464b4f
0x00464b57
0x00464b5b
0x00464b64
0x00464b64
0x00464b6d
0x00464b71
0x00464b7a
0x00464b7a
0x00464b87
0x00464b8d
0x00464b92
0x00464b9b
0x00464ba6
0x00464ba6
0x00464bab
0x00464bb4
0x00464bbf
0x00464bbf
0x00464bcb
0x00464bcd
0x00464bcd
0x00464bda
0x00464bdc
0x00464bdc
0x00464be9
0x00464beb
0x00464beb
0x00464bf8
0x00464bfa
0x00464bfa
0x00464c4d
0x00464c4d
0x00464c66
0x00464c71
0x00464c72
0x00464c73
0x00464c74
0x00464c78
0x00464c7e
0x00464c9c
0x00464cb2
0x00464cc0
0x00464cd2
0x00464c80
0x00464c8d
0x00464c8d
0x00464cee
0x00464cf5
0x00464cf8
0x00464cfb
0x00464d12
0x00464d1a
0x00464d22
0x00464d28
0x00464d2f
0x00464d31
0x00464d38
0x00464d44
0x00464d44
0x00464d38
0x00464d4f
0x00464d4f

APIs

GetWindowDC.USER32(00000000), ref: 00464A9C
GetClientRect.USER32 ref: 00464ABF
GetWindowRect.USER32 ref: 00464AD1
MapWindowPoints.USER32 ref: 00464AE7
ExcludeClipRect.GDI32(?,?,?,?,?,00000000,00000000,?,00000002,00000000,?,00000000,?,00000000,00464D13), ref: 00464B12
InflateRect.USER32(?,00000000,00000000), ref: 00464B30
GetWindowLongW.USER32(00000000,000000F0), ref: 00464B4A
DrawEdge.USER32(?,?,?,00000008), ref: 00464C4D
IntersectClipRect.GDI32(?,?,?,?,?), ref: 00464C66
GetRgnBox.GDI32(?,?), ref: 00464C9C
MapWindowPoints.USER32 ref: 00464CB2
FillRect.USER32 ref: 00464CEE
ReleaseDC.USER32 ref: 00464D0D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Rect$Window$ClipPoints$ClientDrawEdgeExcludeFillInflateIntersectLongRelease
String ID:
API String ID: 2031318930-0
Opcode ID: 929bc25df9136436eb58daf1e673143fc4020073515f4d91462beb04d9145b3c
Instruction ID: 0155a2863fffdc0196f5b0701a23c8aa15aef842e6437626ca87ec07e7373c89
Opcode Fuzzy Hash: 929bc25df9136436eb58daf1e673143fc4020073515f4d91462beb04d9145b3c
Instruction Fuzzy Hash: FDA14871E00108AFCF00DBA9C885EDEB3F9AF49304F1440AAF555BB292D779AE05DB65

Uniqueness

Uniqueness Score: -1.00%

Function 004B4968, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 162
registryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E004B4968(signed int __eax, void* __ebx, signed int __edx, void* __edi, void* __esi) {
				signed int _v5;
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* __ecx;
				void* _t79;
				signed int _t83;
				signed char _t125;
				intOrPtr _t127;
				intOrPtr _t156;
				signed int _t170;
				intOrPtr _t178;
				intOrPtr _t180;
				intOrPtr _t181;

				_t180 = _t181;
				_t127 = 4;
				do {
					_push(0);
					_push(0);
					_t127 = _t127 - 1;
				} while (_t127 != 0);
				_t1 =  &_v8;
				_t128 =  *_t1;
				 *_t1 = _t127;
				_t178 =  *_t1;
				_v5 = __edx;
				_t125 = __eax;
				_push(_t180);
				_push(0x4b4b71);
				_push( *[fs:eax]);
				 *[fs:eax] = _t181;
				if( *((intOrPtr*)(0x50bc74 + ((__eax & 0x000000ff) + (__eax & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)) != 0) {
					L18:
					E00406448(_t178,  *((intOrPtr*)(0x50bc74 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + (_v5 & 0x000000ff) * 4)));
					_pop(_t156);
					 *[fs:eax] = _t156;
					_push(E004B4B78);
					return L00406440( &_v32, 5);
				}
				E004B4814(__eax, _t128,  &_v16, _t180);
				if((_v5 & 0x000000ff) + 0xfe - 2 >= 0 || E0047FD20(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v4.0", 0x80000002,  &_v12, 1, 0) != 0) {
					_t79 = (_v5 & 0x000000ff) - 1;
					if(_t79 == 0 || _t79 == 2) {
						if(E0047FD20(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0", 0x80000002,  &_v12, 1, 0) != 0) {
							goto L10;
						} else {
							_t174 = _t125 & 0x0000007f;
							E0047E290( *((intOrPtr*)(0x50bc68 + (_t125 & 0x0000007f) * 4)),  &_v24);
							E00406914(0x50bc74 + (_t174 + _t174) * 8 + (_v5 & 0x000000ff) * 4, L"v2.0.50727", _v24);
							RegCloseKey(_v12);
							goto L14;
						}
					} else {
						L10:
						_t83 = _v5 & 0x000000ff;
						if(_t83 == 0 || _t83 == 3) {
							if(E0047FD20(_t125, L"SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v1.1", 0x80000002,  &_v12, 1, 0) == 0) {
								_t172 = _t125 & 0x0000007f;
								E0047E290( *((intOrPtr*)(0x50bc68 + (_t125 & 0x0000007f) * 4)),  &_v28);
								E00406914(0x50bc74 + (_t172 + _t172) * 8 + (_v5 & 0x000000ff) * 4, L"v1.1.4322", _v28);
								RegCloseKey(_v12);
							}
						}
						goto L14;
					}
				} else {
					_t176 = _t125 & 0x0000007f;
					E0047E290( *((intOrPtr*)(0x50bc68 + (_t125 & 0x0000007f) * 4)),  &_v20);
					E00406914(0x50bc74 + (_t176 + _t176) * 8 + (_v5 & 0x000000ff) * 4, L"v4.0.30319", _v20);
					RegCloseKey(_v12);
					L14:
					_t170 = _v5 & 0x000000ff;
					if( *((intOrPtr*)(0x50bc74 + ((_t125 & 0x000000ff) + (_t125 & 0x000000ff)) * 8 + _t170 * 4)) == 0) {
						if(_v5 == 3) {
							L004ADAE0(L".NET Framework not found", _t125);
						} else {
							_v40 =  *((intOrPtr*)(0x504388 + _t170 * 4));
							_v36 = 0x11;
							E0040E258(L".NET Framework version %s not found", 0,  &_v40,  &_v32);
							L004ADAE0(_v32, _t125);
						}
					}
					goto L18;
				}
			}

0x004b4969
0x004b496c
0x004b4971
0x004b4971
0x004b4973
0x004b4975
0x004b4975
0x004b4978
0x004b4978
0x004b4978
0x004b497e
0x004b4980
0x004b4983
0x004b4987
0x004b4988
0x004b498d
0x004b4990
0x004b49a7
0x004b4b3c
0x004b4b51
0x004b4b58
0x004b4b5b
0x004b4b5e
0x004b4b70
0x004b4b70
0x004b49b2
0x004b49bf
0x004b4a23
0x004b4a25
0x004b4a46
0x00000000
0x004b4a48
0x004b4a4d
0x004b4a57
0x004b4a76
0x004b4a7f
0x00000000
0x004b4a7f
0x004b4a86
0x004b4a86
0x004b4a86
0x004b4a8c
0x004b4aad
0x004b4ab4
0x004b4abe
0x004b4add
0x004b4ae6
0x004b4ae6
0x004b4aad
0x00000000
0x004b4a8c
0x004b49de
0x004b49e3
0x004b49ed
0x004b4a0c
0x004b4a15
0x004b4aeb
0x004b4aeb
0x004b4aff
0x004b4b05
0x004b4b37
0x004b4b07
0x004b4b12
0x004b4b15
0x004b4b23
0x004b4b2b
0x004b4b2b
0x004b4b05
0x00000000
0x004b4aff

APIs

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,004B4B71,?,004B4800,?,00000000,00000000,00000000,?,?,004B4DDC,00000000), ref: 004B4A15
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,004B4B71,?,004B4800,?,00000000,00000000,00000000,?,?,004B4DDC,00000000), ref: 004B4A7F
RegCloseKey.ADVAPI32(?,?,00000001,00000000,?,00000001,00000000,00000000,004B4B71,?,004B4800,?,00000000,00000000,00000000,?), ref: 004B4AE6

Strings

v2.0.50727, xrefs: 004B4A71
v1.1.4322, xrefs: 004B4AD8
v4.0.30319, xrefs: 004B4A07
SOFTWARE\Microsoft\.NETFramework\Policy\v1.1, xrefs: 004B4A9A
SOFTWARE\Microsoft\.NETFramework\Policy\v4.0, xrefs: 004B49C9
.NET Framework version %s not found, xrefs: 004B4B1E
.NET Framework not found, xrefs: 004B4B32
SOFTWARE\Microsoft\.NETFramework\Policy\v2.0, xrefs: 004B4A33

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Close
String ID: .NET Framework not found$.NET Framework version %s not found$SOFTWARE\Microsoft\.NETFramework\Policy\v1.1$SOFTWARE\Microsoft\.NETFramework\Policy\v2.0$SOFTWARE\Microsoft\.NETFramework\Policy\v4.0$v1.1.4322$v2.0.50727$v4.0.30319
API String ID: 3535843008-446240816
Opcode ID: 3ffa9dc565876da3fe354264447c34bdde2628bf62fac25d623ba6f3cdbb4f2f
Instruction ID: f881368aafa08851e714dee7e30283df294346eba548115743bb45c6a3e968b3
Opcode Fuzzy Hash: 3ffa9dc565876da3fe354264447c34bdde2628bf62fac25d623ba6f3cdbb4f2f
Instruction Fuzzy Hash: D0512830A441455BEF04DBA5C8A1BFE77B6EB89304F15446BE641A7382DB3CAE05C778

Uniqueness

Uniqueness Score: -1.00%

Function 0040A17C, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61
windowregistryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A17C(intOrPtr* __eax, int* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				struct HWND__* _t19;
				int* _t20;
				int* _t26;
				int* _t27;

				_t26 = _t20;
				_t27 = __edx;
				_v8 = __eax;
				_t19 = FindWindowW(L"MouseZ", L"Magellan MSWHEEL");
				 *_v8 = RegisterWindowMessageW(L"MSWHEEL_ROLLMSG");
				 *_t27 = RegisterWindowMessageW(L"MSH_WHEELSUPPORT_MSG");
				 *_t26 = RegisterWindowMessageW(L"MSH_SCROLL_LINES_MSG");
				if( *_t27 == 0 || _t19 == 0) {
					 *_a8 = 0;
				} else {
					 *_a8 = SendMessageW(_t19,  *_t27, 0, 0);
				}
				if( *_t26 == 0 || _t19 == 0) {
					 *_a4 = 3;
				} else {
					 *_a4 = SendMessageW(_t19,  *_t26, 0, 0);
				}
				return _t19;
			}

0x0040a183
0x0040a185
0x0040a187
0x0040a199
0x0040a1a8
0x0040a1b4
0x0040a1c0
0x0040a1c5
0x0040a1e4
0x0040a1cb
0x0040a1db
0x0040a1db
0x0040a1e9
0x0040a206
0x0040a1ef
0x0040a1ff
0x0040a1ff
0x0040a213

APIs

FindWindowW.USER32(MouseZ,Magellan MSWHEEL), ref: 0040A194
RegisterWindowMessageW.USER32(MSWHEEL_ROLLMSG), ref: 0040A1A0
RegisterWindowMessageW.USER32(MSH_WHEELSUPPORT_MSG,MSWHEEL_ROLLMSG), ref: 0040A1AF
RegisterWindowMessageW.USER32(MSH_SCROLL_LINES_MSG,MSH_WHEELSUPPORT_MSG,MSWHEEL_ROLLMSG), ref: 0040A1BB
SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0040A1D3
SendMessageW.USER32(00000000,?,00000000,00000000), ref: 0040A1F7

Strings

MouseZ, xrefs: 0040A18F
MSH_WHEELSUPPORT_MSG, xrefs: 0040A1AA
MSH_SCROLL_LINES_MSG, xrefs: 0040A1B6
Magellan MSWHEEL, xrefs: 0040A18A
MSWHEEL_ROLLMSG, xrefs: 0040A19B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message$Window$Register$Send$Find
String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
API String ID: 3569030445-3736581797
Opcode ID: 0fcbb077c07ff9882cc84d3a635bcd3c9e7a428d890ea6953327f829dce1e87a
Instruction ID: de916b79933dc1f45b9434af41ef309634a34aa5b2f0f2deb7c1e5ace83fab2d
Opcode Fuzzy Hash: 0fcbb077c07ff9882cc84d3a635bcd3c9e7a428d890ea6953327f829dce1e87a
Instruction Fuzzy Hash: 2A114C70244302AFE7109F65C882B66B7A8EF85714F20447AB844AB3C2E7B95D50CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 004C004C, Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 283
windowCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E004C004C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				struct HICON__* _v16;
				char _v17;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _t126;
				intOrPtr _t127;
				signed int _t133;
				signed int _t137;
				void* _t140;
				void* _t143;
				signed int _t147;
				signed int _t150;
				signed int _t153;
				intOrPtr _t160;
				intOrPtr _t163;
				struct HWND__* _t174;
				intOrPtr _t184;
				intOrPtr _t187;
				intOrPtr _t191;
				intOrPtr _t192;
				intOrPtr _t193;
				signed int _t199;
				signed int _t206;
				intOrPtr _t236;
				signed int _t237;
				intOrPtr _t238;
				signed int _t239;
				void* _t247;
				void* _t252;
				void* _t253;
				intOrPtr _t256;
				intOrPtr _t258;
				intOrPtr _t265;
				signed int* _t267;
				void* _t268;
				intOrPtr _t271;
				void* _t272;
				void* _t273;
				void* _t274;
				intOrPtr _t275;
				void* _t276;

				_t273 = _t274;
				_t275 = _t274 + 0xffffffc8;
				_v12 = 0;
				_t212 = __edx;
				_v8 = __eax;
				 *[fs:eax] = _t275;
				 *((intOrPtr*)( *_v8 - 0x10))( *[fs:eax], 0x4c0424, _t273, __edi, __esi, __ebx, _t272);
				_t126 =  *((intOrPtr*)(__edx + 8));
				_t236 =  *((intOrPtr*)(_t126 + 8));
				_t276 = _t236 - 0xfffffe3c;
				if(_t276 > 0) {
					_t237 = _t236 - 0xfffffe3d;
					__eflags = _t237;
					if(_t237 == 0) {
						_t127 = _v8;
						__eflags =  *((char*)(_t127 + 0x260));
						if( *((char*)(_t127 + 0x260)) == 0) {
							L004BFED8(_v8, __edx, __esi);
						}
					} else {
						_t239 = _t237 - 0x24;
						__eflags = _t239;
						if(_t239 == 0) {
							_t265 = _t126;
							__eflags =  *(_t265 + 0x14);
							if( *(_t265 + 0x14) != 0) {
								__eflags =  *(_t265 + 0x3c);
								if( *(_t265 + 0x3c) != 0) {
									_t140 = E0042E2C4(L00463A10(_v8),  *(_t265 + 0x3c));
									_t143 = E0042E2C4(L00463A10(_v8),  *(_t265 + 0x14));
									__eflags = _t140 - _t143;
									if(_t140 != _t143) {
										_t108 = __edx + 0xc;
										 *_t108 =  *(__edx + 0xc) | 0x00000001;
										__eflags =  *_t108;
									}
								}
							}
							_t133 =  *(_t265 + 0x3c);
							__eflags = _t133;
							if(_t133 != 0) {
								_v60 = 8;
								_v56 = _t133;
								_v48 = 0x20;
								_t137 = SendMessageW(L00463A10(_v8), 0x113e, 0,  &_v60);
								__eflags = _t137;
								if(_t137 != 0) {
									__eflags = _v52 & 0x00000020;
									if((_v52 & 0x00000020) != 0) {
										_t119 = _t212 + 0xc;
										 *_t119 =  *(_t212 + 0xc) | 0x00000002;
										__eflags =  *_t119;
									}
								}
							}
						} else {
							__eflags = _t239 - 0x19d;
							if(__eflags == 0) {
								L004BFF68(_t126, __eflags, _t273);
								 *(_t212 + 0xc) = 1;
							}
						}
					}
					L51:
					_pop(_t238);
					 *[fs:eax] = _t238;
					_push(0x4c042b);
					return L00406438( &_v12);
				} else {
					if(_t276 == 0) {
						_t267 = _t126 + 0xc;
						__eflags =  *_t267 & 0x00000002;
						if(( *_t267 & 0x00000002) != 0) {
							_t267[6] =  *((intOrPtr*)( *_v8 + 0xe4))(0);
						}
						__eflags =  *_t267 & 0x00000020;
						if(( *_t267 & 0x00000020) != 0) {
							_t267[7] =  *((intOrPtr*)( *_v8 + 0xe4))(1);
						}
						__eflags =  *_t267 & 0x00000040;
						if(( *_t267 & 0x00000040) != 0) {
							_t147 = E0042E294(L00463A10(_v8), _t267[1]);
							__eflags = _t147;
							_t267[8] = (_t147 & 0xffffff00 | _t147 != 0x00000000) & 0x0000007f;
							__eflags = _t267[8];
							if(_t267[8] == 0) {
								_t150 = _t267[9];
								__eflags =  *((char*)(_t150 + 4));
								if( *((char*)(_t150 + 4)) == 0) {
									_t153 =  *((intOrPtr*)( *_v8 + 0xec))() & 0x0000007f;
									__eflags = _t153;
									_t267[8] = _t153;
								}
							}
						}
						 *_t267 =  *_t267 | 0x00001000;
						goto L51;
					} else {
						_t247 = _t236 - 0xfffffe34;
						if(_t247 == 0) {
							_t268 = _t126 + 0xc;
							_t160 =  *((intOrPtr*)(_t268 + 0x24));
							__eflags =  *((char*)(_t160 + 4));
							if( *((char*)(_t160 + 4)) != 0) {
								__eflags =  *(_t268 + 0x10);
								if( *(_t268 + 0x10) != 0) {
									E00406604( &_v12,  *(_t268 + 0x10));
									_v17 = 1;
									_t163 = _v8;
									__eflags =  *((short*)(_t163 + 0x27a));
									if( *((short*)(_t163 + 0x27a)) != 0) {
										 *((intOrPtr*)(_v8 + 0x278))( &_v17);
									}
									__eflags = _v17;
									if(_v17 != 0) {
										E00406448( *((intOrPtr*)(_t268 + 0x24)), _v12);
										_v60 = 1;
										_v56 =  *(_t268 + 4);
										_v44 = E004064D4(_v12);
										SendMessageW(L00463A10(_v8), 0x113f, 0,  &_v60);
										_t174 = L00463A10(_v8);
										SendMessageW(_t174, 0x1113, 0, E0042E2C4(L00463A10(_v8),  *(_t268 + 4)));
										L004BFED8(_v8, _t174, _t177);
									}
								}
							}
							goto L51;
						} else {
							_t252 = _t247 - 1;
							if(_t252 == 0) {
								_t184 =  *((intOrPtr*)(_t126 + 0x30));
								__eflags =  *((char*)(_t184 + 4));
								if( *((char*)(_t184 + 4)) == 0) {
									 *(__edx + 0xc) = 1;
								}
								goto L51;
							} else {
								_t253 = _t252 - 1;
								if(_t253 == 0) {
									L00407680( *((intOrPtr*)(_t126 + 0x34)));
									goto L51;
								} else {
									if(_t253 == 4) {
										_t187 = _v8;
										__eflags =  *((char*)(_t187 + 0x269));
										if( *((char*)(_t187 + 0x269)) != 0) {
											L00411930(L"Internal error: Item already expanding", 1);
											E00404A74();
										}
										 *((char*)(_v8 + 0x269)) = 1;
										_push(_t273);
										_push(0x4c01e8);
										_push( *[fs:eax]);
										 *[fs:eax] = _t275;
										_t271 =  *((intOrPtr*)(_t212 + 8));
										__eflags =  *((intOrPtr*)(_t271 + 0xc)) - 2;
										if( *((intOrPtr*)(_t271 + 0xc)) != 2) {
											L22:
											__eflags = 0;
											_pop(_t256);
											 *[fs:eax] = _t256;
											_push(0x4c040e);
											_t191 = _v8;
											 *((char*)(_t191 + 0x269)) = 0;
											return _t191;
										} else {
											_t192 =  *((intOrPtr*)(_t271 + 0x5c));
											__eflags =  *((char*)(_t192 + 5));
											if( *((char*)(_t192 + 5)) != 0) {
												goto L22;
											} else {
												_t193 =  *((intOrPtr*)(_t271 + 0x5c));
												__eflags =  *((char*)(_t193 + 4));
												if( *((char*)(_t193 + 4)) != 0) {
													goto L22;
												} else {
													 *((char*)( *((intOrPtr*)(_t271 + 0x5c)) + 5)) = 1;
													_v16 = SetCursor(LoadCursorW(0, 0x7f02));
													 *[fs:eax] = _t275;
													_t199 =  *((intOrPtr*)( *_v8 + 0xe0))( *[fs:eax], 0x4c01c9, _t273);
													__eflags = _t199;
													if(_t199 == 0) {
														 *((char*)( *((intOrPtr*)(_t271 + 0x5c)) + 5)) = 0;
														 *(_t212 + 0xc) = 1;
													} else {
														_t206 = E0042E294(L00463A10(_v8),  *((intOrPtr*)(_t271 + 0x3c)));
														__eflags = _t206;
														if(_t206 == 0) {
															E004C0490(0,  *((intOrPtr*)(_t271 + 0x3c)));
														}
													}
													__eflags = 0;
													_pop(_t258);
													 *[fs:eax] = _t258;
													_push(0x4c01d0);
													return SetCursor(_v16);
												}
											}
										}
									} else {
										goto L51;
									}
								}
							}
						}
					}
				}
			}

0x004c004d
0x004c004f
0x004c0057
0x004c005a
0x004c005c
0x004c006a
0x004c0074
0x004c0077
0x004c007a
0x004c007d
0x004c0083
0x004c00ab
0x004c00ab
0x004c00b1
0x004c027e
0x004c0281
0x004c0288
0x004c0291
0x004c0291
0x004c00b7
0x004c00b7
0x004c00b7
0x004c00ba
0x004c0395
0x004c0397
0x004c039b
0x004c039d
0x004c03a1
0x004c03ae
0x004c03c0
0x004c03c5
0x004c03c7
0x004c03c9
0x004c03c9
0x004c03c9
0x004c03c9
0x004c03c7
0x004c03a1
0x004c03cd
0x004c03d0
0x004c03d2
0x004c03d4
0x004c03db
0x004c03de
0x004c03fb
0x004c0400
0x004c0402
0x004c0404
0x004c0408
0x004c040a
0x004c040a
0x004c040a
0x004c040a
0x004c0408
0x004c0402
0x004c00c0
0x004c00c0
0x004c00c6
0x004c0386
0x004c038c
0x004c038c
0x004c00c6
0x004c00ba
0x004c040e
0x004c0410
0x004c0413
0x004c0416
0x004c0423
0x004c0085
0x004c0085
0x004c01ef
0x004c01f2
0x004c01f5
0x004c020e
0x004c020e
0x004c0211
0x004c0214
0x004c022d
0x004c022d
0x004c0230
0x004c0233
0x004c0240
0x004c0245
0x004c024d
0x004c0250
0x004c0254
0x004c0256
0x004c0259
0x004c025d
0x004c026d
0x004c026d
0x004c0270
0x004c0270
0x004c025d
0x004c0254
0x004c0273
0x00000000
0x004c008b
0x004c008b
0x004c0091
0x004c02b7
0x004c02ba
0x004c02bd
0x004c02c1
0x004c02c7
0x004c02cb
0x004c02d7
0x004c02dc
0x004c02e0
0x004c02e3
0x004c02eb
0x004c0300
0x004c0300
0x004c0306
0x004c030a
0x004c0316
0x004c031b
0x004c0325
0x004c0330
0x004c0349
0x004c0351
0x004c0373
0x004c037b
0x004c037b
0x004c030a
0x004c02cb
0x00000000
0x004c0097
0x004c0097
0x004c0098
0x004c029e
0x004c02a1
0x004c02a5
0x004c02ab
0x004c02ab
0x00000000
0x004c009e
0x004c009e
0x004c009f
0x004c00da
0x00000000
0x004c00a1
0x004c00a4
0x004c00e4
0x004c00e7
0x004c00ee
0x004c00fc
0x004c0101
0x004c0101
0x004c0109
0x004c0112
0x004c0113
0x004c0118
0x004c011b
0x004c011e
0x004c0121
0x004c0125
0x004c01d0
0x004c01d0
0x004c01d2
0x004c01d5
0x004c01d8
0x004c01dd
0x004c01e0
0x004c01e7
0x004c012b
0x004c012b
0x004c012e
0x004c0132
0x00000000
0x004c0138
0x004c0138
0x004c013b
0x004c013f
0x00000000
0x004c0145
0x004c0148
0x004c015e
0x004c016c
0x004c0177
0x004c017d
0x004c017f
0x004c01a7
0x004c01ab
0x004c0181
0x004c018c
0x004c0191
0x004c0193
0x004c019d
0x004c019d
0x004c0193
0x004c01b2
0x004c01b4
0x004c01b7
0x004c01ba
0x004c01c8
0x004c01c8
0x004c013f
0x004c0132
0x004c00a6
0x00000000
0x004c00a6
0x004c00a4
0x004c009f
0x004c0098
0x004c0091
0x004c0085

APIs

LoadCursorW.USER32(00000000,00007F02), ref: 004C0153
SetCursor.USER32(00000000,00000000,00007F02,00000000,004C01E8), ref: 004C0159
SetCursor.USER32(00000001,004C01D0,00007F02,00000000,004C01E8), ref: 004C01C3
SendMessageW.USER32(00000000,0000113F,00000000,00000001), ref: 004C0349
SendMessageW.USER32(00000000,00001113,00000000,00000000), ref: 004C0373

Strings

, xrefs: 004C0404
, xrefs: 004C03DE
Internal error: Item already expanding, xrefs: 004C00F0

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Cursor$MessageSend$Load
String ID: $ $Internal error: Item already expanding
API String ID: 2233766430-1948079669
Opcode ID: 7b26d4c5415fee93f42151a4601620a3889ceccad14e668106a61b5b9d3385e5
Instruction ID: 145e3ce23c7c83ab6dbf7d92bb42d6447e1a84e2db4a49e9c1978b7d2d87e34f
Opcode Fuzzy Hash: 7b26d4c5415fee93f42151a4601620a3889ceccad14e668106a61b5b9d3385e5
Instruction Fuzzy Hash: 2BB19F34600244DFDB65DF69C589F9BBBF1AF04304F1484AEE845AB692C778ED40CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004FC5AC, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 145
fileCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E004FC5AC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				struct HWND__* _v12;
				void* _v16;
				char _v20;
				char _v24;
				char _v28;
				struct HWND__* _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				WCHAR* _t41;
				intOrPtr _t42;
				int _t44;
				intOrPtr _t48;
				intOrPtr* _t54;
				void* _t68;
				intOrPtr _t79;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t107;
				void* _t108;
				intOrPtr _t109;
				void* _t117;

				_t117 = __fp0;
				_t105 = __esi;
				_t104 = __edi;
				_t87 = __ecx;
				_t86 = __ebx;
				_t107 = _t108;
				_t109 = _t108 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v24 = 0;
				_v48 = 0;
				_v44 = 0;
				_v20 = 0;
				_v8 = 0;
				_push(_t107);
				_push(0x4fc79a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t109;
				L0047F8C8( &_v20, __ebx, __ecx, __eflags);
				if(E004AE0F8(_v20, __ebx,  &_v8, __edi, __esi) == 0) {
					_push(_t107);
					_push( *[fs:eax]);
					 *[fs:eax] = _t109;
					E004AE5E8(0, _t86, _v8, __edi, __esi);
					_pop(_t103);
					_t87 = 0x4fc60f;
					 *[fs:eax] = _t103;
				}
				_t41 = E004064D4(_v8);
				_t42 =  *0x50c164; // 0x0
				_t44 = CopyFileW(E004064D4(_t42), _t41, 0);
				_t112 = _t44;
				if(_t44 == 0) {
					_t79 =  *0x504e48; // 0x50b83c
					_t11 = _t79 + 0x1a4; // 0x24ee0ac
					L004FBABC( *_t11, _t86, _t87, _t105, _t112);
				}
				SetFileAttributesW(E004064D4(_v8), 0x80);
				_t48 =  *0x508b50; // 0x400000
				_v12 = E0040A124(0, L"STATIC", 0, _t48, 0, 0, 0, 0, 0, 0, 0);
				 *0x50c190 = SetWindowLongW(_v12, 0xfffffffc, 0x4fbc7c);
				_push(_t107);
				_push(0x4fc763);
				_push( *[fs:eax]);
				 *[fs:eax] = _t109;
				_t54 =  *0x504e38; // 0x50b17c
				SetWindowPos( *( *_t54 + 0x170), 0, 0, 0, 0, 0, 0x97);
				L0047F29C(0, _t86,  &_v44, _t104, _t105);
				_v40 = _v44;
				_v36 = 0x11;
				_v32 = _v12;
				_v28 = 0;
				E0040E258(L"/SECONDPHASE=\"%s\" /FIRSTPHASEWND=$%x ", 1,  &_v40,  &_v24);
				_push( &_v24);
				E0047F17C( &_v48, _t86, _t105, 0);
				_pop(_t68);
				E00406854(_t68, _v48);
				_v16 = L004FBB64(_v8, _t86, _v24, _t104, _t105, _t117);
				do {
				} while (L004FBC40(_t71) == 0 && MsgWaitForMultipleObjects(1,  &_v16, 0, 0xffffffff, 0xff) == 1);
				CloseHandle(_v16);
				_pop(_t101);
				 *[fs:eax] = _t101;
				_push(E004FC76A);
				return DestroyWindow(_v12);
			}

0x004fc5ac
0x004fc5ac
0x004fc5ac
0x004fc5ac
0x004fc5ac
0x004fc5ad
0x004fc5af
0x004fc5b2
0x004fc5b3
0x004fc5b4
0x004fc5b7
0x004fc5ba
0x004fc5bd
0x004fc5c0
0x004fc5c3
0x004fc5c8
0x004fc5c9
0x004fc5ce
0x004fc5d1
0x004fc5d7
0x004fc5e9
0x004fc5ed
0x004fc5f3
0x004fc5f6
0x004fc600
0x004fc607
0x004fc609
0x004fc60a
0x004fc60a
0x004fc61e
0x004fc624
0x004fc62f
0x004fc634
0x004fc636
0x004fc638
0x004fc63d
0x004fc643
0x004fc643
0x004fc656
0x004fc669
0x004fc682
0x004fc695
0x004fc69c
0x004fc69d
0x004fc6a2
0x004fc6a5
0x004fc6b7
0x004fc6c5
0x004fc6d3
0x004fc6db
0x004fc6de
0x004fc6e5
0x004fc6e8
0x004fc6f9
0x004fc701
0x004fc705
0x004fc70d
0x004fc70e
0x004fc71e
0x004fc721
0x004fc726
0x004fc747
0x004fc74e
0x004fc751
0x004fc754
0x004fc762

APIs

Part of subcall function 004AE0F8: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,004AE233), ref: 004AE1E3
Part of subcall function 004AE0F8: CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,004AE233), ref: 004AE1F3

CopyFileW.KERNEL32(00000000,00000000,00000000,00000000,004FC79A), ref: 004FC62F
SetFileAttributesW.KERNEL32(00000000,00000080,00000000,00000000,00000000,00000000,004FC79A), ref: 004FC656
SetWindowLongW.USER32 ref: 004FC690
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004FC763,?,?,000000FC,004FBC7C,00000000,00400000,00000000), ref: 004FC6C5
MsgWaitForMultipleObjects.USER32 ref: 004FC739
CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004FC763,?,?,000000FC,004FBC7C,00000000), ref: 004FC747

Part of subcall function 004AE5E8: WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004AE6CE

DestroyWindow.USER32(?,004FC76A,00000000,00000000,00000000,00000000,00000000,00000097,00000000,004FC763,?,?,000000FC,004FBC7C,00000000,00400000), ref: 004FC75D

Strings

STATIC, xrefs: 004FC676
/SECONDPHASE="%s" /FIRSTPHASEWND=$%x , xrefs: 004FC6F4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileWindow$CloseHandle$AttributesCopyCreateDestroyLongMultipleObjectsPrivateProfileStringWaitWrite
String ID: /SECONDPHASE="%s" /FIRSTPHASEWND=$%x $STATIC
API String ID: 1779715363-2312673372
Opcode ID: 3468b78e9d04de72efb20b0aa90de878342cdb68ffdcdf4b8dca9e0340b7a43b
Instruction ID: 9394d469103984081b8070ca8c9da3098e8e46f8cc4b19dc7d3383a2947fd714
Opcode Fuzzy Hash: 3468b78e9d04de72efb20b0aa90de878342cdb68ffdcdf4b8dca9e0340b7a43b
Instruction Fuzzy Hash: F6418F70A0420DAFDB00EBB5DD82AAE77F8EB49714F11447AF600F7292D7789D048B69

Uniqueness

Uniqueness Score: -1.00%

Function 004AA464, Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 74
libraryCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E004AA464(void* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				intOrPtr _t34;
				intOrPtr _t41;
				intOrPtr _t48;

				_t45 = __esi;
				_push(0);
				_push(0);
				_push(__ebx);
				_push(_t48);
				_push(0x4aa580);
				_push( *[fs:eax]);
				 *[fs:eax] = _t48;
				 *0x50b434 =  *0x50b434 + 1;
				if( *0x50b430 == 0 && (GetVersion() & 0x000000ff) >= 6) {
					E004AA434( &_v12);
					E0047E290(_v12,  &_v8);
					E00406854( &_v8, L"Rstrtmgr.dll");
					 *0x50b430 = LoadLibraryW(E004064D4(_v8));
					if( *0x50b430 != 0) {
						_t24 =  *0x50b430; // 0x0
						 *0x50b414 = E00409620(__ebx, __esi, _t24, L"RmStartSession");
						_t26 =  *0x50b430; // 0x0
						 *0x50b418 = E00409620(__ebx, __esi, _t26, L"RmRegisterResources");
						_t28 =  *0x50b430; // 0x0
						 *0x50b41c = E00409620(__ebx, __esi, _t28, L"RmGetList");
						_t30 =  *0x50b430; // 0x0
						 *0x50b420 = E00409620(__ebx, _t45, _t30, L"RmShutdown");
						_t32 =  *0x50b430; // 0x0
						 *0x50b424 = E00409620(__ebx, _t45, _t32, L"RmRestart");
						_t34 =  *0x50b430; // 0x0
						 *0x50b428 = E00409620(__ebx, _t45, _t34, L"RmEndSession");
					}
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E004AA587);
				return L00406440( &_v12, 2);
			}

0x004aa464
0x004aa467
0x004aa469
0x004aa46b
0x004aa46e
0x004aa46f
0x004aa474
0x004aa477
0x004aa47a
0x004aa487
0x004aa4a4
0x004aa4af
0x004aa4bc
0x004aa4cf
0x004aa4db
0x004aa4e2
0x004aa4ed
0x004aa4f7
0x004aa502
0x004aa50c
0x004aa517
0x004aa521
0x004aa52c
0x004aa536
0x004aa541
0x004aa54b
0x004aa556
0x004aa556
0x004aa4db
0x004aa567
0x004aa56a
0x004aa56d
0x004aa57f

APIs

GetVersion.KERNEL32(00000000,004AA580,?,?,00000000,00000000,?,004E2F01), ref: 004AA48D

Part of subcall function 004AA434: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004AA44C

LoadLibraryW.KERNEL32(00000000,00000000,004AA580,?,?,00000000,00000000,?,004E2F01), ref: 004AA4CA

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,00000000), ref: 00409666

Strings

RmStartSession, xrefs: 004AA4DD
RmGetList, xrefs: 004AA507
RmRestart, xrefs: 004AA531
RmRegisterResources, xrefs: 004AA4F2
RmEndSession, xrefs: 004AA546
Rstrtmgr.dll, xrefs: 004AA4B7
RmShutdown, xrefs: 004AA51C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$DirectoryLibraryLoadSystemVersion
String ID: RmEndSession$RmGetList$RmRegisterResources$RmRestart$RmShutdown$RmStartSession$Rstrtmgr.dll
API String ID: 2754715182-3419246398
Opcode ID: 2a3403fd25ee32033307cc514fbe8d8a9c5a624f265654c8c480e8fefdd99db4
Instruction ID: 20e81082da0d80a83eebd0b282948123d4da6e59cfc27c4d15237d518a3e0bff
Opcode Fuzzy Hash: 2a3403fd25ee32033307cc514fbe8d8a9c5a624f265654c8c480e8fefdd99db4
Instruction Fuzzy Hash: AC217470D10204AFEF10EF61EC86B6D37A9E729708F954A3AB40097293D73C5A18EB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00461058, Relevance: 15.2, APIs: 10, Instructions: 231
windowCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00461058(intOrPtr __eax, void* __ecx, struct HDC__* __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				int _v16;
				intOrPtr _v20;
				int _v24;
				intOrPtr _v28;
				struct tagRECT _v44;
				intOrPtr _t135;
				int _t138;
				void* _t220;
				int _t222;
				intOrPtr _t248;
				void* _t254;
				void* _t255;
				void* _t258;
				void* _t259;
				void* _t262;
				void* _t264;
				intOrPtr _t265;

				_t262 = _t264;
				_t265 = _t264 + 0xffffffd8;
				_t220 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				if( *((char*)(_v8 + 0x1e4)) != 0 &&  *((char*)(_v8 + 0x1e3)) != 0 &&  *((intOrPtr*)(_v8 + 0x1c0)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x1c0)))) + 0x20))();
				}
				_t135 = _v8;
				_t136 =  *((intOrPtr*)(_t135 + 0x1d4));
				if( *((intOrPtr*)(_t135 + 0x1d4)) == 0) {
					L20:
					_t138 =  *(_v8 + 0x1d8);
					if(_t138 != 0) {
						_t254 =  *((intOrPtr*)(_t138 + 8)) - 1;
						if(_t254 >= 0) {
							_t255 = _t254 + 1;
							_v16 = 0;
							do {
								_t138 = L00423514( *(_v8 + 0x1d8), _v16);
								_t222 = _t138;
								if( *((char*)(_t222 + 0x1e1)) != 0 && ( *(_t222 + 0x50) & 0x00000010) != 0) {
									if(( *(_t222 + 0x1c) & 0x00000010) != 0 ||  *((char*)(_t222 + 0x57)) == 0) {
										if(( *(_t222 + 0x1c) & 0x00000010) != 0 && ( *(_t222 + 0x51) & 0x00000004) == 0 && ( *(_t222 + 0x55) & 0x00000008) == 0) {
											goto L30;
										}
									} else {
										L30:
										_t258 = CreateSolidBrush(E004306C0(0xff000010));
										E00409158( *((intOrPtr*)(_t222 + 0x40)) - 1,  *((intOrPtr*)(_t222 + 0x40)) +  *((intOrPtr*)(_t222 + 0x48)),  *((intOrPtr*)(_t222 + 0x44)) - 1,  &_v44,  *((intOrPtr*)(_t222 + 0x44)) +  *((intOrPtr*)(_t222 + 0x4c)));
										FrameRect(_v12,  &_v44, _t258);
										DeleteObject(_t258);
										_t259 = CreateSolidBrush(E004306C0(0xff000014));
										E00409158( *((intOrPtr*)(_t222 + 0x40)),  *((intOrPtr*)(_t222 + 0x40)) +  *((intOrPtr*)(_t222 + 0x48)) + 1,  *((intOrPtr*)(_t222 + 0x44)),  &_v44,  *((intOrPtr*)(_t222 + 0x44)) +  *((intOrPtr*)(_t222 + 0x4c)) + 1);
										FrameRect(_v12,  &_v44, _t259);
										_t138 = DeleteObject(_t259);
									}
								}
								_v16 = _v16 + 1;
								_t255 = _t255 - 1;
							} while (_t255 != 0);
						}
					}
					return _t138;
				} else {
					_v16 = 0;
					if(_t220 != 0) {
						_v16 = L00423570(_t136, _t220);
						if(_v16 < 0) {
							_v16 = 0;
						}
					}
					_v20 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x1d4)) + 8));
					while(_v16 < _v20) {
						_v28 = L00423514( *((intOrPtr*)(_v8 + 0x1d4)), _v16);
						if( *((char*)(_v28 + 0x57)) == 0 || ( *(_v28 + 0x1c) & 0x00000010) != 0 && ( *(_v28 + 0x55) & 0x00000008) != 0) {
							if(( *(_v28 + 0x1c) & 0x00000010) == 0 || ( *(_v28 + 0x55) & 0x00000008) != 0 || ( *(_v28 + 0x51) & 0x00000004) != 0) {
								goto L19;
							} else {
								goto L15;
							}
						} else {
							L15:
							E00409158( *((intOrPtr*)(_v28 + 0x40)),  *((intOrPtr*)(_v28 + 0x40)) +  *(_v28 + 0x48),  *((intOrPtr*)(_v28 + 0x44)),  &_v44,  *((intOrPtr*)(_v28 + 0x44)) +  *(_v28 + 0x4c));
							if(RectVisible(_v12,  &_v44) == 0) {
								goto L19;
							} else {
								if(( *(_v8 + 0x54) & 0x00000080) != 0) {
									 *(_v28 + 0x54) =  *(_v28 + 0x54) | 0x00000080;
								}
								_v24 = SaveDC(_v12);
								_push(_t262);
								_push(0x461205);
								_push( *[fs:eax]);
								 *[fs:eax] = _t265;
								L004595F0(_v12,  *((intOrPtr*)(_v28 + 0x44)),  *((intOrPtr*)(_v28 + 0x40)));
								IntersectClipRect(_v12, 0, 0,  *(_v28 + 0x48),  *(_v28 + 0x4c));
								E0045C458(_v28, _v12, 0xf, 0);
								_pop(_t248);
								 *[fs:eax] = _t248;
								_push(0x46120c);
								return RestoreDC(_v12, _v24);
							}
						}
						goto L33;
						L19:
						_v16 = _v16 + 1;
					}
					goto L20;
				}
				L33:
			}

0x00461059
0x0046105b
0x00461061
0x00461063
0x00461066
0x00461073
0x0046109b
0x0046109b
0x0046109e
0x004610a1
0x004610a9
0x00461224
0x00461227
0x0046122f
0x00461238
0x0046123b
0x00461241
0x00461242
0x00461249
0x00461255
0x0046125a
0x00461263
0x00461277
0x00461283
0x00000000
0x00000000
0x0046129d
0x0046129d
0x004612ad
0x004612c9
0x004612d6
0x004612dc
0x004612f1
0x0046130d
0x0046131a
0x00461320
0x00461320
0x00461277
0x00461325
0x00461328
0x00461328
0x00461249
0x0046123b
0x00461335
0x004610af
0x004610b1
0x004610b6
0x004610bf
0x004610c6
0x004610ca
0x004610ca
0x004610c6
0x004610d9
0x004610e2
0x004610f9
0x00461103
0x0046111e
0x00000000
0x00000000
0x00000000
0x00000000
0x0046113e
0x0046113e
0x00461163
0x00461177
0x00000000
0x0046117d
0x00461184
0x00461189
0x00461189
0x00461198
0x0046119d
0x0046119e
0x004611a3
0x004611a6
0x004611b8
0x004611d3
0x004611e5
0x004611ec
0x004611ef
0x004611f2
0x00461204
0x00461204
0x00461177
0x00000000
0x00461215
0x00461215
0x0046121b
0x00000000
0x004610e2
0x00000000

APIs

RectVisible.GDI32(?,?), ref: 00461170
SaveDC.GDI32(?), ref: 00461193
IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 004611D3
RestoreDC.GDI32(?,00460FF2), ref: 004611FF

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Rect$ClipIntersectRestoreSaveVisible
String ID:
API String ID: 1976014923-0
Opcode ID: 5bae6500ca95418954d825d7738d8aef3fc79c48208f7b9a0dbf1543cda5ba6d
Instruction ID: 70bf75537bb4c82ba56664f7d13cedc9c30fb57d843eda755662797bc73f88d8
Opcode Fuzzy Hash: 5bae6500ca95418954d825d7738d8aef3fc79c48208f7b9a0dbf1543cda5ba6d
Instruction Fuzzy Hash: 9591DA70A002499FDB04DF99C485FAE7BF5AF08314F1844A6E944EB3A6E779ED80CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00438250, Relevance: 15.1, APIs: 10, Instructions: 89
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00438250(void* __eax, long __ecx, struct _CRITICAL_SECTION* __edx) {
				long _v8;
				signed int _v9;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				void* __ebx;
				void* __ebp;
				void* _t39;
				struct _CRITICAL_SECTION* _t51;
				intOrPtr _t59;
				void* _t61;
				intOrPtr _t65;
				void* _t67;
				void* _t69;
				intOrPtr _t70;

				_t53 = __ecx;
				_t67 = _t69;
				_t70 = _t69 + 0xffffffec;
				_v8 = __ecx;
				_t51 = __edx;
				_t61 = __eax;
				if(GetCurrentThreadId() !=  *((intOrPtr*)(_t51 + 0xc))) {
					_v9 = 0;
					return _v9 & 0x000000ff;
				} else {
					_v24 = 0;
					_v20 =  *((intOrPtr*)(_t51 + 0xc));
					_v16 = CreateEventW(0, 0, 0, 0);
					_push(_t67);
					_push(0x438331);
					_push( *[fs:eax]);
					 *[fs:eax] = _t70;
					_t65 =  *((intOrPtr*)(_t51 + 8));
					E0043815C(_t61, _t51, _t53,  &_v24);
					 *((intOrPtr*)(_t51 + 8)) = 1;
					InterlockedExchangeAdd(_t51 + 4,  ~(_t65 - 1));
					LeaveCriticalSection(_t51);
					_t39 = WaitForSingleObject(_v16, _v8) - 1;
					if(_t39 < 0) {
						_v9 = 1;
					} else {
						if(_t39 != 0x101) {
							_v9 = 0;
							SetLastError(0);
						} else {
							_v9 = 0;
							SetLastError(0x5b4);
						}
					}
					EnterCriticalSection(_t51);
					E004381C4(_t61, _t53,  &_v24);
					InterlockedExchangeAdd(_t51 + 4, _t65 - 1);
					 *((intOrPtr*)(_t51 + 8)) = _t65;
					_pop(_t59);
					 *[fs:eax] = _t59;
					_push(0x43833c);
					return CloseHandle(_v16);
				}
			}

0x00438250
0x00438251
0x00438253
0x00438259
0x0043825c
0x0043825e
0x00438268
0x00438338
0x00438346
0x0043826e
0x00438270
0x00438276
0x00438286
0x0043828b
0x0043828c
0x00438291
0x00438294
0x00438297
0x0043829f
0x004382a4
0x004382b5
0x004382bb
0x004382cd
0x004382d0
0x004382e9
0x004382d2
0x004382d7
0x004382ef
0x004382f5
0x004382d9
0x004382d9
0x004382e2
0x004382e2
0x004382d7
0x004382fb
0x00438305
0x00438312
0x00438317
0x0043831c
0x0043831f
0x00438322
0x00438330
0x00438330

APIs

GetCurrentThreadId.KERNEL32 ref: 00438260
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00438281
InterlockedExchangeAdd.KERNEL32(?,?), ref: 004382B5
LeaveCriticalSection.KERNEL32(?,00000000,00438331,?,00000000,00000000,00000000,00000000), ref: 004382BB
WaitForSingleObject.KERNEL32(?,?,?,00000000,00438331,?,00000000,00000000,00000000,00000000), ref: 004382C8
SetLastError.KERNEL32(000005B4,?,?,?,00000000,00438331,?,00000000,00000000,00000000,00000000), ref: 004382E2
SetLastError.KERNEL32(00000000,?,?,?,00000000,00438331,?,00000000,00000000,00000000,00000000), ref: 004382F5
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00438331,?,00000000,00000000,00000000,00000000), ref: 004382FB
InterlockedExchangeAdd.KERNEL32(?,?), ref: 00438312
CloseHandle.KERNEL32(?,0043833C,?,?,?,00000000,00438331,?,00000000,00000000,00000000,00000000), ref: 0043832B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CriticalErrorExchangeInterlockedLastSection$CloseCreateCurrentEnterEventHandleLeaveObjectSingleThreadWait
String ID:
API String ID: 3135347424-0
Opcode ID: 4317fbac339508849a70549e1364c8cb1baa0aa9349f82636f7eca3f1ffe1f83
Instruction ID: fb9ba88145ea954a72c7c5af2f89dabbe07526b79f7e1da62e59565462d38d92
Opcode Fuzzy Hash: 4317fbac339508849a70549e1364c8cb1baa0aa9349f82636f7eca3f1ffe1f83
Instruction Fuzzy Hash: 30219871604304AADB11DFA58C41B9EB7A8DB09704F1484ABF904EB283DA7D9D018769

Uniqueness

Uniqueness Score: -1.00%

Function 0047697C, Relevance: 15.1, APIs: 10, Instructions: 74
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047697C(intOrPtr _a4) {
				intOrPtr _t27;
				struct HMENU__* _t48;

				_t27 =  *((intOrPtr*)(_a4 - 4));
				if( *((char*)(_t27 + 0x281)) != 0) {
					_t27 =  *((intOrPtr*)(_a4 - 4));
					if(( *(_t27 + 0x280) & 0x00000001) != 0) {
						_t27 =  *((intOrPtr*)(_a4 - 4));
						if( *((char*)(_t27 + 0x287)) != 1) {
							_t48 = GetSystemMenu(L00463A10( *((intOrPtr*)(_a4 - 4))), 0);
							if( *((char*)( *((intOrPtr*)(_a4 - 4)) + 0x281)) == 3) {
								DeleteMenu(_t48, 0xf130, 0);
								DeleteMenu(_t48, 7, 0x400);
								DeleteMenu(_t48, 5, 0x400);
								DeleteMenu(_t48, 0xf030, 0);
								DeleteMenu(_t48, 0xf020, 0);
								DeleteMenu(_t48, 0xf000, 0);
								return DeleteMenu(_t48, 0xf120, 0);
							}
							if(( *( *((intOrPtr*)(_a4 - 4)) + 0x280) & 0x00000002) == 0) {
								EnableMenuItem(_t48, 0xf020, 1);
							}
							_t27 =  *((intOrPtr*)(_a4 - 4));
							if(( *(_t27 + 0x280) & 0x00000004) == 0) {
								return EnableMenuItem(_t48, 0xf030, 1);
							}
						}
					}
				}
				return _t27;
			}

0x00476983
0x0047698d
0x00476996
0x004769a0
0x004769a9
0x004769b3
0x004769cc
0x004769db
0x004769e5
0x004769f2
0x004769ff
0x00476a0c
0x00476a19
0x00476a26
0x00000000
0x00476a33
0x00476a47
0x00476a51
0x00476a51
0x00476a59
0x00476a63
0x00000000
0x00476a6d
0x00476a63
0x004769b3
0x004769a0
0x00476a74

APIs

GetSystemMenu.USER32(00000000,00000000), ref: 004769C7
DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 004769E5
DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 004769F2
DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 004769FF
DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00476A0C
DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00476A19
DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00476A26
DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00476A33
EnableMenuItem.USER32 ref: 00476A51
EnableMenuItem.USER32 ref: 00476A6D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Menu$Delete$EnableItem$System
String ID:
API String ID: 3985193851-0
Opcode ID: a1d30e067c49b3b3c213278b205c02e8b56284789c34e07f7c99cda3d534d6d0
Instruction ID: 3e74fcead3795c671015783c1ea3a2708ce59c5f7749655310bb817073437509
Opcode Fuzzy Hash: a1d30e067c49b3b3c213278b205c02e8b56284789c34e07f7c99cda3d534d6d0
Instruction Fuzzy Hash: F0213D703857007AE760EA25CC8EF997AE9AB05718F05C4A5B6487F6E3D6B8A9409708

Uniqueness

Uniqueness Score: -1.00%

Function 0042A928, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 119
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E0042A928(signed int __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				signed int _v9;
				intOrPtr* _v16;
				char _v28;
				void* __ebp;
				long _t31;
				intOrPtr _t38;
				intOrPtr _t57;
				signed char _t63;
				intOrPtr* _t72;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t84;
				void* _t86;
				intOrPtr _t87;

				_t84 = _t86;
				_t87 = _t86 + 0xffffffe8;
				_v9 = __ecx;
				_v8 = __edx;
				_t31 = GetCurrentThreadId();
				_t72 =  *0x50504c; // 0x50603c
				if(_t31 !=  *_t72) {
					if(_v9 == 0) {
						_v16 =  &_v28;
					} else {
						_v16 = E00403018(0xc);
					}
					_t63 = _v9 & 0x000000ff ^ 0x00000001;
					if(_t63 == 0) {
						 *(_v16 + 8) = 0;
					} else {
						 *(_v16 + 8) = CreateEventW(0, 0xffffffff, 0, 0);
					}
					_push(_t84);
					_push(0x42aac5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t87;
					EnterCriticalSection(0x50ae80);
					_push(_t84);
					_push(0x42aa9e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t87;
					 *((char*)(_v16 + 4)) = _v9 & 0x000000ff;
					if( *0x502ec8 == 0) {
						 *0x502ec8 = E00404068(1);
					}
					 *_v16 = _v8;
					_t38 =  *0x502ec8; // 0x0
					L004233BC(_t38, _v16);
					E0042A340();
					if( *0x502eb6 != 0) {
						 *0x502eb4();
					}
					if(_t63 == 0) {
						_pop(_t77);
						 *[fs:eax] = _t77;
						_push(0x42aaa5);
						LeaveCriticalSection(0x50ae80);
						return 0;
					} else {
						LeaveCriticalSection(0x50ae80);
						_push(_t84);
						_push(0x42aa7f);
						_push( *[fs:eax]);
						 *[fs:eax] = _t87;
						WaitForSingleObject( *(_v16 + 8), 0xffffffff);
						_pop(_t78);
						 *[fs:eax] = _t78;
						_push(0x42aa86);
						EnterCriticalSection(0x50ae80);
						return 0;
					}
				} else {
					if( *((short*)(_v8 + 0xa)) == 0) {
						_t57 = _v8;
						if( *((intOrPtr*)(_t57 + 0x10)) != 0) {
							_t57 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x10)))) + 0xc))();
						}
					} else {
						_t57 =  *((intOrPtr*)(_v8 + 8))();
					}
					return _t57;
				}
			}

0x0042a929
0x0042a92b
0x0042a92f
0x0042a932
0x0042a935
0x0042a93a
0x0042a942
0x0042a97d
0x0042a991
0x0042a97f
0x0042a989
0x0042a989
0x0042a998
0x0042a99d
0x0042a9b9
0x0042a99f
0x0042a9af
0x0042a9af
0x0042a9be
0x0042a9bf
0x0042a9c4
0x0042a9c7
0x0042a9cf
0x0042a9d6
0x0042a9d7
0x0042a9dc
0x0042a9df
0x0042a9e9
0x0042a9f3
0x0042aa01
0x0042aa01
0x0042aa0c
0x0042aa11
0x0042aa16
0x0042aa1b
0x0042aa28
0x0042aa37
0x0042aa37
0x0042aa3f
0x0042aa88
0x0042aa8b
0x0042aa8e
0x0042aa98
0x0042aa9d
0x0042aa41
0x0042aa46
0x0042aa4d
0x0042aa4e
0x0042aa53
0x0042aa56
0x0042aa62
0x0042aa69
0x0042aa6c
0x0042aa6f
0x0042aa79
0x0042aa7e
0x0042aa7e
0x0042a944
0x0042a94c
0x0042a95c
0x0042a963
0x0042a971
0x0042a971
0x0042a94e
0x0042a954
0x0042a954
0x0042aaea
0x0042aaea

APIs

GetCurrentThreadId.KERNEL32 ref: 0042A935
CreateEventW.KERNEL32(00000000,000000FF,00000000,00000000), ref: 0042A9A7
EnterCriticalSection.KERNEL32(0050AE80,00000000,0042AAC5), ref: 0042A9CF
LeaveCriticalSection.KERNEL32(0050AE80,00000000,0042AA9E,?,0050AE80,00000000,0042AAC5), ref: 0042AA46
WaitForSingleObject.KERNEL32(?,000000FF,00000000,0042AA7F,?,0050AE80,00000000,0042AA9E,?,0050AE80,00000000,0042AAC5), ref: 0042AA62
EnterCriticalSection.KERNEL32(0050AE80,0042AA86,0042AA7F,?,0050AE80,00000000,0042AA9E,?,0050AE80,00000000,0042AAC5), ref: 0042AA79

Strings

<`P, xrefs: 0042A93A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CriticalSection$Enter$CreateCurrentEventLeaveObjectSingleThreadWait
String ID: <`P
API String ID: 1504017990-3701931957
Opcode ID: a0a868ddf7b571b4cfe4ed518fc0739341e7f410b2c26d0775e730190c8cbfbf
Instruction ID: 17154e124857e5c90f5ddf3bfa5372f0e28820bbf0dea9b126f489a5461829d8
Opcode Fuzzy Hash: a0a868ddf7b571b4cfe4ed518fc0739341e7f410b2c26d0775e730190c8cbfbf
Instruction Fuzzy Hash: 0B41EF30B04200EFD711DFA5D941A6DBBF5EF49300FA584A6EC04A73A2C3799D54DB2A

Uniqueness

Uniqueness Score: -1.00%

Function 004802FC, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 82
registryCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E004802FC(void* __ebx, void* __esi, void* __eflags) {
				char _v8;
				void* _v12;
				char _v16;
				char _v20;
				intOrPtr* _t21;
				intOrPtr* _t22;
				intOrPtr _t61;
				void* _t68;

				_push(__ebx);
				_v20 = 0;
				_v8 = 0;
				_push(_t68);
				_push(0x4803f6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffff0;
				_t21 = E00409620(__ebx, __esi, GetModuleHandleW(L"kernel32.dll"), L"GetUserDefaultUILanguage");
				if(_t21 == 0) {
					_t22 =  *0x505038; // 0x502914
					if( *_t22 != 2) {
						if(E0047FD20(0, L"Control Panel\\Desktop\\ResourceLocale", 0x80000001,  &_v12, 1, 0) == 0) {
							E0047FC48();
							RegCloseKey(_v12);
						}
					} else {
						if(E0047FD20(0, L".DEFAULT\\Control Panel\\International", 0x80000003,  &_v12, 1, 0) == 0) {
							E0047FC48();
							RegCloseKey(_v12);
						}
					}
					E00406914( &_v20, _v8, 0x48050c);
					L00403648(_v20,  &_v16);
					if(_v16 != 0) {
					}
				} else {
					 *_t21();
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(E004803FD);
				L00406438( &_v20);
				return L00406438( &_v8);
			}

0x00480302
0x00480305
0x00480308
0x0048030d
0x0048030e
0x00480313
0x00480316
0x00480329
0x00480330
0x0048033b
0x00480343
0x00480398
0x004803a5
0x004803ae
0x004803ae
0x00480345
0x00480360
0x0048036d
0x00480376
0x00480376
0x00480360
0x004803be
0x004803c9
0x004803d4
0x004803d4
0x00480332
0x00480332
0x00480334
0x004803da
0x004803dd
0x004803e0
0x004803e8
0x004803f5

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6,?,00000000), ref: 00480323

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

RegCloseKey.ADVAPI32(00000001,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6,?,00000000), ref: 00480376

Strings

kernel32.dll, xrefs: 0048031E
Locale, xrefs: 00480365
.DEFAULT\Control Panel\International, xrefs: 0048034D
GetUserDefaultUILanguage, xrefs: 00480319
Control Panel\Desktop\ResourceLocale, xrefs: 00480385

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: c5e829451cd05b18ee2f2a9ff1e00738ed66af31cb2052497c1b5869e93cb722
Instruction ID: 04bd3f871a73b1d1c362cdd5e7ddb51ae15ac1bd370bfaf3e4d8d8d317905ba8
Opcode Fuzzy Hash: c5e829451cd05b18ee2f2a9ff1e00738ed66af31cb2052497c1b5869e93cb722
Instruction Fuzzy Hash: CE214630A50209AFDB50FBE5CD51B9EB7E9EB44704F514877AA00E7281E77CAE09CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0045ACF8, Relevance: 13.7, APIs: 9, Instructions: 154
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0045ACF8(intOrPtr* __eax, int __ecx, int __edx) {
				signed int _t58;
				signed char _t108;
				int _t121;
				intOrPtr* _t122;
				int _t123;
				int* _t125;

				 *_t125 = __ecx;
				_t121 = __edx;
				_t122 = __eax;
				if(__edx ==  *_t125) {
					L29:
					_t58 =  *0x45aeb8 & 0x000000ff;
					 *(_t122 + 0x88) = _t58;
					return _t58;
				}
				if(( *(__eax + 0x1c) & 0x00000001) == 0) {
					_t108 =  *0x45aeb0 & 0x000000ff;
				} else {
					_t108 =  *(__eax + 0x88) & 0x000000ff;
				}
				if((_t108 & 0x00000001) == 0) {
					_t123 =  *(_t122 + 0x40);
				} else {
					_t123 = MulDiv( *(_t122 + 0x40), _t121,  *_t125);
				}
				if((_t108 & 0x00000002) == 0) {
					_t125[1] =  *(_t122 + 0x44);
				} else {
					_t125[1] = MulDiv( *(_t122 + 0x44), _t121,  *_t125);
				}
				if((_t108 & 0x00000004) == 0 || ( *(_t122 + 0x51) & 0x00000001) != 0) {
					_t125[2] =  *(_t122 + 0x48);
				} else {
					if((_t108 & 0x00000001) == 0) {
						_t125[2] = MulDiv( *(_t122 + 0x48), _t121,  *_t125);
					} else {
						_t125[2] = MulDiv( *(_t122 + 0x40) +  *(_t122 + 0x48), _t121,  *_t125) - _t123;
					}
				}
				if((_t108 & 0x00000008) == 0 || ( *(_t122 + 0x51) & 0x00000002) != 0) {
					_t125[3] =  *(_t122 + 0x4c);
				} else {
					if((_t108 & 0x00000002) == 0) {
						_t125[3] = MulDiv( *(_t122 + 0x4c), _t121,  *_t125);
					} else {
						_t125[3] = MulDiv( *(_t122 + 0x44) +  *(_t122 + 0x4c), _t121,  *_t125) - _t125[1];
					}
				}
				E0045AB18(_t122,  *_t125, _t121);
				E0045AB9C(_t122,  *_t125, _t121);
				 *((intOrPtr*)( *_t122 + 0x88))(_t125[4], _t125[2]);
				if(( *0x45aeb8 & 0x000000ff) != (_t108 &  *0x45aeb4)) {
					 *(_t122 + 0x184) = MulDiv( *(_t122 + 0x184), _t121,  *_t125);
				}
				if(( *0x45aeb8 & 0x000000ff) != (_t108 &  *0x45aebc)) {
					 *(_t122 + 0x188) = MulDiv( *(_t122 + 0x188), _t121,  *_t125);
				}
				if( *((char*)(_t122 + 0x59)) == 0 && (_t108 & 0x00000010) != 0) {
					E004310D8( *((intOrPtr*)(_t122 + 0x64)), MulDiv(E004310BC( *((intOrPtr*)(_t122 + 0x64))), _t121,  *_t125));
				}
				goto L29;
			}

0x0045acff
0x0045ad02
0x0045ad04
0x0045ad09
0x0045ae98
0x0045ae98
0x0045ae9f
0x0045aeac
0x0045aeac
0x0045ad13
0x0045ad1e
0x0045ad15
0x0045ad15
0x0045ad15
0x0045ad28
0x0045ad3c
0x0045ad2a
0x0045ad38
0x0045ad38
0x0045ad42
0x0045ad5b
0x0045ad44
0x0045ad52
0x0045ad52
0x0045ad62
0x0045ad9f
0x0045ad6a
0x0045ad6d
0x0045ad96
0x0045ad6f
0x0045ad82
0x0045ad82
0x0045ad6d
0x0045ada6
0x0045ade5
0x0045adae
0x0045adb1
0x0045addc
0x0045adb3
0x0045adc8
0x0045adc8
0x0045adb1
0x0045adf0
0x0045adfc
0x0045ae15
0x0045ae2c
0x0045ae3f
0x0045ae3f
0x0045ae56
0x0045ae69
0x0045ae69
0x0045ae73
0x0045ae93
0x0045ae93
0x00000000

APIs

MulDiv.KERNEL32(?,?,?), ref: 0045AD33
MulDiv.KERNEL32(?,?,?), ref: 0045AD4D
MulDiv.KERNEL32(?,?,?), ref: 0045AD7B
MulDiv.KERNEL32(?,?,?), ref: 0045AD91
MulDiv.KERNEL32(?,?,?), ref: 0045ADBF
MulDiv.KERNEL32(?,?,?), ref: 0045ADD7

Part of subcall function 004310BC: MulDiv.KERNEL32(00000000,00000048,?), ref: 004310CD

MulDiv.KERNEL32(?), ref: 0045AE3A
MulDiv.KERNEL32(?), ref: 0045AE64
MulDiv.KERNEL32(00000000), ref: 0045AE8A

Part of subcall function 004310D8: MulDiv.KERNEL32(00000000,?,00000048), ref: 004310E5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdb277bad611c346ff1991370ca033b106477e3967459932ce9857668bd030e1
Instruction ID: cbcf29d1df717e5467e7b58d9b1f3f7bb140d44b15be0f5f3a5574123752bf6b
Opcode Fuzzy Hash: cdb277bad611c346ff1991370ca033b106477e3967459932ce9857668bd030e1
Instruction Fuzzy Hash: A7513D716043509FC320EB69C845A6AFBFA9F49342F04491EB9D6C7763C678EC588B16

Uniqueness

Uniqueness Score: -1.00%

Function 004B3054, Relevance: 13.6, APIs: 1, Strings: 8, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E004B3054(char __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v13;
				char _v84;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				void* _t58;
				void* _t91;
				char _t92;
				intOrPtr _t110;
				void* _t120;
				void* _t123;

				_t118 = __edi;
				_v116 = 0;
				_v120 = 0;
				_v112 = 0;
				_v108 = 0;
				_v104 = 0;
				_v8 = 0;
				_v12 = 0;
				_t120 = __ecx;
				_t91 = __edx;
				_v13 = __eax;
				_push(_t123);
				_push(0x4b31e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t123 + 0xffffff84;
				L0047F740( &_v8);
				_push(0x4b3204);
				E0047E290(_v8,  &_v104);
				_push(_v104);
				_push(L"regsvr32.exe\"");
				E004069F8( &_v12, 3, __edi);
				if(_v13 != 0) {
					E00406854( &_v12, 0x4b323c);
				}
				_push(_v12);
				_push(L" /s \"");
				_push(_t120);
				_push(0x4b3204);
				E004069F8( &_v12, 4, _t118);
				_t126 = _t91;
				if(_t91 == 0) {
					E00406914( &_v112, _v12, L"Spawning 32-bit RegSvr32: ");
					E004B2BC8(_v112, _t91, _v12, _t118, _t120);
				} else {
					E00406914( &_v108, _v12, L"Spawning 64-bit RegSvr32: ");
					E004B2BC8(_v108, _t91, _v12, _t118, _t120);
				}
				L00403540( &_v84, 0x44);
				_v84 = 0x44;
				_t58 = E004064D4(_v8);
				if(E004AD01C(_t91, E004064D4(_v12), 0, _t126,  &_v100,  &_v84, _t58, 0, 0x4000000, 0, 0, 0) == 0) {
					L004ADC34(L"CreateProcess");
				}
				CloseHandle(_v96);
				_t92 = E004B2F50( &_v100);
				if(_t92 != 0) {
					_v128 = _t92;
					_v124 = 0;
					E0040E258(L"0x%x", 0,  &_v128,  &_v120);
					L004ABB3C(0x45,  &_v116, _v120);
					L00411930(_v116, 1);
					E00404A74();
				}
				_pop(_t110);
				 *[fs:eax] = _t110;
				_push(0x4b31ef);
				L00406440( &_v120, 5);
				return L00406440( &_v12, 2);
			}

0x004b3054
0x004b305e
0x004b3061
0x004b3064
0x004b3067
0x004b306a
0x004b306d
0x004b3070
0x004b3073
0x004b3075
0x004b3077
0x004b307c
0x004b307d
0x004b3082
0x004b3085
0x004b308b
0x004b3090
0x004b309b
0x004b30a0
0x004b30a3
0x004b30b0
0x004b30b9
0x004b30c3
0x004b30c3
0x004b30c8
0x004b30cb
0x004b30d0
0x004b30d1
0x004b30de
0x004b30e3
0x004b30e5
0x004b310c
0x004b3114
0x004b30e7
0x004b30f2
0x004b30fa
0x004b30fa
0x004b3123
0x004b3128
0x004b313f
0x004b3162
0x004b3169
0x004b3169
0x004b3172
0x004b317f
0x004b3183
0x004b3189
0x004b318c
0x004b319a
0x004b31a7
0x004b31b6
0x004b31bb
0x004b31bb
0x004b31c2
0x004b31c5
0x004b31c8
0x004b31d5
0x004b31e7

APIs

Part of subcall function 0047F740: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0047F753

CloseHandle.KERNEL32(?,?,00000044,00000000,00000000,04000000,00000000,00000000,00000000,004B3204,00000000, /s ",?,regsvr32.exe",?,004B3204), ref: 004B3172

Strings

D, xrefs: 004B3128
regsvr32.exe", xrefs: 004B30A3
/s ", xrefs: 004B30CB
Spawning 32-bit RegSvr32: , xrefs: 004B3107
Spawning 64-bit RegSvr32: , xrefs: 004B30ED
CreateProcess, xrefs: 004B3164
0x%x, xrefs: 004B3195
/u, xrefs: 004B30BE

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseDirectoryHandleSystem
String ID: /s "$ /u$0x%x$CreateProcess$D$Spawning 32-bit RegSvr32: $Spawning 64-bit RegSvr32: $regsvr32.exe"
API String ID: 2051275411-1862435767
Opcode ID: 4a4216e9cba8efc83ad9d38cc23a80e9a01608fb49758848ca873c5d5335f169
Instruction ID: 66d8bbeefab001e93fd0daa37c0fcf61f05cf9f06ca673b2bfef83fab24dbd4d
Opcode Fuzzy Hash: 4a4216e9cba8efc83ad9d38cc23a80e9a01608fb49758848ca873c5d5335f169
Instruction Fuzzy Hash: C0415570A00308ABDB14EFE6C882BCDB7B9AF48704F61417FA515B7681D7789A05CB29

Uniqueness

Uniqueness Score: -1.00%

Function 00412F90, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 203
threadCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00412F90(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t135;
				intOrPtr _t187;
				intOrPtr _t197;
				intOrPtr _t198;

				_t195 = __esi;
				_t194 = __edi;
				_t197 = _t198;
				_t135 = 8;
				do {
					_push(0);
					_push(0);
					_t135 = _t135 - 1;
				} while (_t135 != 0);
				_push(__ebx);
				_push(_t197);
				_push(0x41326e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t198;
				E00412ED8();
				E00411074(__ebx, __edi, __esi);
				_t200 =  *0x508c60;
				if( *0x508c60 != 0) {
					L0041124C(__esi, _t200);
				}
				_t134 = GetThreadLocale();
				E00410FC0(_t43, 0, 0x14,  &_v20);
				E00406448(0x508b90, _v20);
				E00410FC0(_t43, 0x413288, 0x1b,  &_v24);
				 *0x508b94 = L0040D1E8(0x413288, 0, _t200);
				E00410FC0(_t134, 0x413288, 0x1c,  &_v28);
				 *0x508b95 = L0040D1E8(0x413288, 0, _t200);
				 *0x508b96 = E0041100C(_t134, 0x2c, 0xf);
				 *0x508b98 = E0041100C(_t134, 0x2e, 0xe);
				E00410FC0(_t134, 0x413288, 0x19,  &_v32);
				 *0x508b9a = L0040D1E8(0x413288, 0, _t200);
				 *0x508b9c = E0041100C(_t134, 0x2f, 0x1d);
				E00410FC0(_t134, L"m/d/yy", 0x1f,  &_v40);
				L00411300(_v40, _t134,  &_v36, _t194, _t195, _t200);
				E00406448(0x508ba0, _v36);
				E00410FC0(_t134, L"mmmm d, yyyy", 0x20,  &_v48);
				L00411300(_v48, _t134,  &_v44, _t194, _t195, _t200);
				E00406448(0x508ba4, _v44);
				 *0x508ba8 = E0041100C(_t134, 0x3a, 0x1e);
				E00410FC0(_t134, 0x4132dc, 0x28,  &_v52);
				E00406448(0x508bac, _v52);
				E00410FC0(_t134, 0x4132f0, 0x29,  &_v56);
				E00406448(0x508bb0, _v56);
				E0040649C( &_v12, 0);
				E0040649C( &_v16, 0);
				E00410FC0(_t134, 0x413288, 0x25,  &_v60);
				_t104 = L0040D1E8(0x413288, 0, _t200);
				_t201 = _t104;
				if(_t104 != 0) {
					E0040649C( &_v8, 0x413314);
				} else {
					E0040649C( &_v8, 0x413304);
				}
				E00410FC0(_t134, 0x413288, 0x23,  &_v64);
				_t111 = L0040D1E8(0x413288, 0, _t201);
				_t202 = _t111;
				if(_t111 == 0) {
					E00410FC0(_t134, 0x413288, 0x1005,  &_v68);
					if(L0040D1E8(0x413288, 0, _t202) != 0) {
						E0040649C( &_v12, L"AMPM ");
					} else {
						E0040649C( &_v16, L" AMPM");
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E004069F8(0x508bb4, 4, _t194);
				_push(_v12);
				_push(_v8);
				_push(L":mm:ss");
				_push(_v16);
				E004069F8(0x508bb8, 4, _t194);
				 *0x508c62 = E0041100C(_t134, 0x2c, 0xc);
				_pop(_t187);
				 *[fs:eax] = _t187;
				_push(0x413275);
				return L00406440( &_v68, 0x10);
			}

0x00412f90
0x00412f90
0x00412f91
0x00412f93
0x00412f98
0x00412f98
0x00412f9a
0x00412f9c
0x00412f9c
0x00412f9f
0x00412fa2
0x00412fa3
0x00412fa8
0x00412fab
0x00412fae
0x00412fb3
0x00412fb8
0x00412fbf
0x00412fc1
0x00412fc1
0x00412fcb
0x00412fda
0x00412fe7
0x00412ffc
0x0041300b
0x00413020
0x0041302f
0x00413044
0x0041305a
0x00413070
0x0041307f
0x00413094
0x004130aa
0x004130b5
0x004130c2
0x004130d7
0x004130e2
0x004130ef
0x00413104
0x0041311a
0x00413127
0x0041313c
0x00413149
0x00413153
0x0041315d
0x00413172
0x0041317c
0x00413181
0x00413183
0x0041319c
0x00413185
0x0041318d
0x0041318d
0x004131b1
0x004131bb
0x004131c0
0x004131c2
0x004131d4
0x004131e5
0x004131fe
0x004131e7
0x004131ef
0x004131ef
0x004131e5
0x00413203
0x00413206
0x00413209
0x0041320e
0x0041321b
0x00413220
0x00413223
0x00413226
0x0041322b
0x00413238
0x0041324d
0x00413255
0x00413258
0x0041325b
0x0041326d

APIs

GetThreadLocale.KERNEL32(00000000,0041326E,?,?,00000000,00000000), ref: 00412FC6

Part of subcall function 00410FC0: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 00410FDE

Strings

mmmm d, yyyy, xrefs: 004130CB
AMPM, xrefs: 004131EA
:mm, xrefs: 00413209
m/d/yy, xrefs: 0041309E
AMPM , xrefs: 004131F9
:mm:ss, xrefs: 00413226

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Locale$InfoThread
String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
API String ID: 4232894706-2493093252
Opcode ID: 509fd217e86747cf4497de6bfe02dd89315d88281094d8e9674e5b4908f219ef
Instruction ID: 7c054af7a516aab345ac8521e9f423a8792475cef51cfb87fefa8a466171e700
Opcode Fuzzy Hash: 509fd217e86747cf4497de6bfe02dd89315d88281094d8e9674e5b4908f219ef
Instruction Fuzzy Hash: 0F7187307001089BD700FBA5D842ADE76B5EB88308F50847BB501AB786CE7DDE86975D

Uniqueness

Uniqueness Score: -1.00%

Function 004169E4, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E004169E4(short* __eax, intOrPtr __ecx, signed short* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				signed short* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E00416574(0x80070057);
				}
				_t47 =  *_t91 & 0x0000ffff;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L00415144();
					return E00416574(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 = _t91[4];
					} else {
						_v792 =  *(_t91[4]);
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L004155A4();
						_t113 = _t54;
						if(_t113 == 0) {
							E004162CC(_t100);
						}
						E0041693C(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E00416958(_v788 - 1, _t115) != 0) {
								L004155CC();
								E00416574(_v792);
								L004155CC();
								E00416574( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E00416988(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L004155AC();
							E00416574(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L004155B4();
							E00416574(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}

0x004169e4
0x004169f0
0x004169f6
0x004169f8
0x00416a02
0x00416a09
0x00416a09
0x00416a0e
0x00416a1c
0x00416b95
0x00416b9c
0x00416b9d
0x00000000
0x00416a22
0x00416a25
0x00416a37
0x00416a27
0x00416a2c
0x00416a2c
0x00416a46
0x00416a52
0x00416a55
0x00416ac2
0x00416ac8
0x00416ac9
0x00416acf
0x00416ad0
0x00416ad2
0x00416ad7
0x00416adb
0x00416add
0x00416add
0x00416ae8
0x00416af3
0x00416afe
0x00416b07
0x00416b0a
0x00416b26
0x00416b2d
0x00416b38
0x00416b4f
0x00416b54
0x00416b68
0x00416b6d
0x00416b80
0x00416b80
0x00416b89
0x00416b0c
0x00416b0c
0x00416b0d
0x00416b13
0x00416b19
0x00416b1b
0x00416b1d
0x00416b20
0x00416b23
0x00416b23
0x00416b26
0x00000000
0x00000000
0x00000000
0x00416b26
0x00416a57
0x00416a57
0x00416a58
0x00416a5a
0x00416a60
0x00416a62
0x00416a71
0x00416a72
0x00416a7c
0x00416a7d
0x00416a82
0x00416a8d
0x00416a8e
0x00416a98
0x00416a99
0x00416a9e
0x00416ab9
0x00416abb
0x00416abc
0x00416abf
0x00416abf
0x00000000
0x00416a60
0x00416a55

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00416A7D
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00416A99
SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00416AD2
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00416B4F
SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00416B68
VariantCopy.OLEAUT32(?), ref: 00416B9D

Strings

, xrefs: 004169FE

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ArraySafe$BoundIndex$CopyCreateVariant
String ID:
API String ID: 351091851-3916222277
Opcode ID: cb83866fc7136a6878018b286a1c02c2e34de7550b6684809434eb0022da1d5c
Instruction ID: 073c607dc89d15d92b45d7eff1d1d7c35c10424ae1d92f49a1c29152ec58865f
Opcode Fuzzy Hash: cb83866fc7136a6878018b286a1c02c2e34de7550b6684809434eb0022da1d5c
Instruction Fuzzy Hash: AE511CB590162D9BCB22DB59C881AD9B7FDAF49304F4141DAF508E7206D638EFC48F68

Uniqueness

Uniqueness Score: -1.00%

Function 0042A364, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119
threadCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E0042A364(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v5;
				intOrPtr* _v12;
				long _v16;
				char _v20;
				char _v24;
				long _t27;
				char _t34;
				void* _t62;
				intOrPtr _t63;
				intOrPtr _t70;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t76;
				void* _t82;
				void* _t83;
				intOrPtr _t84;

				_t82 = _t83;
				_t84 = _t83 + 0xffffffec;
				_push(__esi);
				_push(__edi);
				_t62 = __eax;
				_t27 = GetCurrentThreadId();
				_t71 =  *0x50504c; // 0x50603c
				if(_t27 !=  *_t71) {
					_v24 = GetCurrentThreadId();
					_v20 = 0;
					_t70 =  *0x504e34; // 0x40a78c
					L00411A28(_t62, _t70, 1, __edi, __esi, 0,  &_v24);
					E00404A74();
				}
				if(_t62 <= 0) {
					E0042A318();
				} else {
					E0042A324(_t62);
				}
				_v16 = 0;
				EnterCriticalSection(0x50ae80);
				_push(_t82);
				_push(0x42a546);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				_v16 = InterlockedExchange(0x502ec8, _v16);
				_push(_t82);
				_push(0x42a527);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				if(_v16 == 0 ||  *((intOrPtr*)(_v16 + 8)) <= 0) {
					_t34 = 0;
				} else {
					_t34 = 1;
				}
				_v5 = _t34;
				if(_v5 == 0 ||  *((intOrPtr*)(_v16 + 8)) <= 0) {
					_pop(_t72);
					 *[fs:eax] = _t72;
					_push(0x42a52e);
					return E00404098(_v16);
				} else {
					_v12 = L00423514(_v16, 0);
					L00423408(_v16, 0);
					LeaveCriticalSection(0x50ae80);
					_push(_t82);
					_push(0x42a4c9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t84;
					_push(_t82);
					_push(0x42a48a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t84;
					_t63 =  *_v12;
					if( *((short*)(_t63 + 0xa)) == 0) {
						if( *((intOrPtr*)(_t63 + 0x10)) != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x10)))) + 0xc))();
						}
					} else {
						 *((intOrPtr*)(_t63 + 8))();
					}
					_pop(_t75);
					 *[fs:eax] = _t75;
					_pop(_t76);
					 *[fs:eax] = _t76;
					_push(0x42a4d0);
					EnterCriticalSection(0x50ae80);
					return 0;
				}
			}

0x0042a365
0x0042a367
0x0042a36b
0x0042a36c
0x0042a36d
0x0042a36f
0x0042a374
0x0042a37c
0x0042a383
0x0042a386
0x0042a390
0x0042a39d
0x0042a3a2
0x0042a3a2
0x0042a3a9
0x0042a3b4
0x0042a3ab
0x0042a3ad
0x0042a3ad
0x0042a3bb
0x0042a3c3
0x0042a3ca
0x0042a3cb
0x0042a3d0
0x0042a3d3
0x0042a3e4
0x0042a3e9
0x0042a3ea
0x0042a3ef
0x0042a3f2
0x0042a3f9
0x0042a404
0x0042a408
0x0042a408
0x0042a408
0x0042a40a
0x0042a411
0x0042a513
0x0042a516
0x0042a519
0x0042a526
0x0042a41c
0x0042a426
0x0042a42e
0x0042a438
0x0042a43f
0x0042a440
0x0042a445
0x0042a448
0x0042a44d
0x0042a44e
0x0042a453
0x0042a456
0x0042a45c
0x0042a463
0x0042a471
0x0042a47d
0x0042a47d
0x0042a465
0x0042a468
0x0042a468
0x0042a482
0x0042a485
0x0042a4b3
0x0042a4b6
0x0042a4b9
0x0042a4c3
0x0042a4c8
0x0042a4c8

APIs

GetCurrentThreadId.KERNEL32 ref: 0042A36F
GetCurrentThreadId.KERNEL32 ref: 0042A37E

Part of subcall function 0042A318: ResetEvent.KERNEL32(0000021C,0042A3B9), ref: 0042A31E

EnterCriticalSection.KERNEL32(0050AE80), ref: 0042A3C3
InterlockedExchange.KERNEL32(00502EC8,?), ref: 0042A3DF
LeaveCriticalSection.KERNEL32(0050AE80,00000000,0042A527,?,00502EC8,?,00000000,0042A546,?,0050AE80), ref: 0042A438
EnterCriticalSection.KERNEL32(0050AE80,0042A4D0,0050AE80,00000000,0042A527,?,00502EC8,?,00000000,0042A546,?,0050AE80), ref: 0042A4C3

Strings

<`P, xrefs: 0042A374

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CriticalSection$CurrentEnterThread$EventExchangeInterlockedLeaveReset
String ID: <`P
API String ID: 2189153385-3701931957
Opcode ID: bd7b8ebf7e62c471217bab9fd84c79d5e2d97499c809078ca5d24df3921ba1f5
Instruction ID: 42fa02cbf40a98ce2fd9b3a1e65ae42f65c158ee23ab3f7ba28234894369a059
Opcode Fuzzy Hash: bd7b8ebf7e62c471217bab9fd84c79d5e2d97499c809078ca5d24df3921ba1f5
Instruction Fuzzy Hash: 1B41CF30704310AFD711EF65E845A6EB7F8EB49304FA184A6EC0097692C77C9D55DB2A

Uniqueness

Uniqueness Score: -1.00%

Function 00404FF4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38
filewindowCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00404FF4(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x506054 == 0) {
					if( *0x502030 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x506330 == 0xd7b2 &&  *0x506338 > 0) {
						 *0x506348();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00405080, 2,  &_v4, 0);
				}
			}

0x00404ffc
0x0040505c
0x0040506c
0x0040506c
0x00405072
0x00404ffe
0x00405007
0x00405017
0x00405017
0x00405033
0x00405054
0x00405054

APIs

GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004050A5,?,?,?,00000002,004051BA,00403127,0040316E,?,00000000), ref: 0040502D
WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004050A5,?,?,?,00000002,004051BA,00403127,0040316E,?), ref: 00405033
GetStdHandle.KERNEL32(000000F5,00405080,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004050A5), ref: 00405048
WriteFile.KERNEL32(00000000,000000F5,00405080,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004050A5), ref: 0040504E
MessageBoxA.USER32 ref: 0040506C

Strings

Runtime error at 00000000, xrefs: 00405026, 00405065
Error, xrefs: 00405060

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileHandleWrite$Message
String ID: Error$Runtime error at 00000000
API String ID: 1570097196-2970929446
Opcode ID: 6c7604eda5c4a0ce1aa4cc839e6402abadb8f35502979381c1b1512bad27fe2a
Instruction ID: aff957db733e422e874226c42b257deaddd16d96984e274b0132c5c61b15b77c
Opcode Fuzzy Hash: 6c7604eda5c4a0ce1aa4cc839e6402abadb8f35502979381c1b1512bad27fe2a
Instruction Fuzzy Hash: 47F0246165434078EA20B3644C5AFDF2A589340F24F10067FF610F60E3C3BC44D8AAAA

Uniqueness

Uniqueness Score: -1.00%

Function 0046C2BC, Relevance: 12.2, APIs: 8, Instructions: 170
windowCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E0046C2BC(void* __eax, void* __ecx, intOrPtr __edx, void* __eflags, char _a4, intOrPtr _a8, int _a12, int _a16) {
				intOrPtr _v8;
				struct HDC__* _v12;
				char _v28;
				char _v44;
				void* __edi;
				void* __ebp;
				void* _t46;
				void* _t57;
				int _t85;
				void* _t119;
				void* _t120;
				void* _t129;
				struct HDC__* _t138;
				struct HDC__* _t139;
				int _t140;
				void* _t141;

				_t121 = __ecx;
				_t137 = __ecx;
				_v8 = __edx;
				_t120 = __eax;
				_t46 = L0046BD58(__eax);
				if(_t46 != 0) {
					_t144 = _a4;
					if(_a4 == 0) {
						__eflags =  *(_t120 + 0x54);
						if( *(_t120 + 0x54) == 0) {
							_t140 = E00434D1C(1);
							 *(_t120 + 0x54) = _t140;
							E004366DC(_t140, 1);
							 *((intOrPtr*)( *_t140 + 0x44))();
							_t121 =  *_t140;
							 *((intOrPtr*)( *_t140 + 0x38))();
						}
						L004316B8( *((intOrPtr*)(L00435634( *(_t120 + 0x54)) + 0x14)), _t121, 0xffffff, _t137, _t141);
						E00422030(0,  *(_t120 + 0x34), 0,  &_v44,  *(_t120 + 0x30));
						_push( &_v44);
						_t57 = L00435634( *(_t120 + 0x54));
						_pop(_t129);
						L00431E8C(_t57, _t129, _t137);
						_push(0);
						_push(0);
						_push(0xffffffff);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(E00432554(L00435634( *(_t120 + 0x54))));
						_push(_v8);
						_push(L0046BF28(_t120));
						L0042E22C();
						E00422030(_a16, _a16 +  *(_t120 + 0x34), _a12,  &_v28, _a12 +  *(_t120 + 0x30));
						_v12 = E00432554(L00435634( *(_t120 + 0x54)));
						L004316B8( *((intOrPtr*)(_t137 + 0x14)), _a16 +  *(_t120 + 0x34), 0xff000014, _t137, _t141);
						_t138 = E00432554(_t137);
						SetTextColor(_t138, 0xffffff);
						SetBkColor(_t138, 0);
						_t85 = _a16 + 1;
						__eflags = _t85;
						BitBlt(_t138, _t85, _a12 + 1,  *(_t120 + 0x34),  *(_t120 + 0x30), _v12, 0, 0, 0xe20746);
						L004316B8( *((intOrPtr*)(_t137 + 0x14)), _a16 +  *(_t120 + 0x34), 0xff000010, _t137, _t141);
						_t139 = E00432554(_t137);
						SetTextColor(_t139, 0xffffff);
						SetBkColor(_t139, 0);
						return BitBlt(_t139, _a16, _a12,  *(_t120 + 0x34),  *(_t120 + 0x30), _v12, 0, 0, 0xe20746);
					}
					_push(_a8);
					_push(L0046BBA4(_t144));
					E0046C294(_t120, _t144);
					_push(L0046BBA4(_t144));
					_push(0);
					_push(0);
					_push(_a12);
					_push(_a16);
					_push(E00432554(__ecx));
					_push(_v8);
					_t119 = L0046BF28(_t120);
					_push(_t119);
					L0042E22C();
					return _t119;
				}
				return _t46;
			}

0x0046c2bc
0x0046c2c5
0x0046c2c7
0x0046c2ca
0x0046c2ce
0x0046c2d5
0x0046c2db
0x0046c2df
0x0046c325
0x0046c329
0x0046c337
0x0046c339
0x0046c340
0x0046c34c
0x0046c354
0x0046c356
0x0046c356
0x0046c369
0x0046c37d
0x0046c385
0x0046c389
0x0046c38e
0x0046c38f
0x0046c394
0x0046c396
0x0046c398
0x0046c39a
0x0046c39c
0x0046c39e
0x0046c3a0
0x0046c3af
0x0046c3b3
0x0046c3bb
0x0046c3bc
0x0046c3d8
0x0046c3ea
0x0046c3f5
0x0046c401
0x0046c409
0x0046c411
0x0046c433
0x0046c433
0x0046c436
0x0046c443
0x0046c44f
0x0046c457
0x0046c45f
0x00000000
0x0046c482
0x0046c2e4
0x0046c2ed
0x0046c2f0
0x0046c2fa
0x0046c2fb
0x0046c2fd
0x0046c302
0x0046c306
0x0046c30e
0x0046c312
0x0046c315
0x0046c31a
0x0046c31b
0x00000000
0x0046c31b
0x0046c48d

APIs

ImageList_DrawEx.COMCTL32(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 0046C31B
ImageList_DrawEx.COMCTL32(00000000,?,00000000,00000000,00000000,00000000,00000000,000000FF,00000000,00000000,?,?), ref: 0046C3BC
SetTextColor.GDI32(00000000,00FFFFFF), ref: 0046C409
SetBkColor.GDI32(00000000,00000000), ref: 0046C411
BitBlt.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,00E20746), ref: 0046C436

Part of subcall function 0046C294: ImageList_GetBkColor.COMCTL32(00000000,?,0046C2F5,00000000,?), ref: 0046C2AA

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ColorImageList_$Draw$Text
String ID:
API String ID: 2027629008-0
Opcode ID: e5902e12248b077f5dcf303b7e502621638e328100d3871dcddeedb462ad1493
Instruction ID: 0572dc63e4f83b290eea8cf668f5d6a7550ba7143290c0555269fa3e812d361c
Opcode Fuzzy Hash: e5902e12248b077f5dcf303b7e502621638e328100d3871dcddeedb462ad1493
Instruction Fuzzy Hash: EB512B71701105AFCB40EFAACDC2F9E37ACAF08314F54115AB904EB296CA78EC418B69

Uniqueness

Uniqueness Score: -1.00%

Function 0047C01C, Relevance: 12.1, APIs: 8, Instructions: 99
windowthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047C01C(void* __eax, struct HWND__** __edx) {
				long _v20;
				intOrPtr _t17;
				intOrPtr _t30;
				void* _t46;
				void* _t50;
				struct HWND__** _t51;
				struct HWND__* _t52;
				struct HWND__* _t53;
				void* _t54;
				DWORD* _t55;

				_t55 = _t54 + 0xfffffff8;
				_t51 = __edx;
				_t50 = __eax;
				_t46 = 0;
				_t17 =  *((intOrPtr*)(__edx + 4));
				if(_t17 < 0x100 || _t17 > 0x109) {
					L19:
					return _t46;
				} else {
					_t52 = GetCapture();
					if(_t52 != 0) {
						GetWindowThreadProcessId(_t52, _t55);
						GetWindowThreadProcessId( *(_t50 + 0x170),  &_v20);
						if( *_t55 == _v20 && SendMessageW(_t52, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
							_t46 = 1;
						}
						goto L19;
					}
					_t53 =  *_t51;
					_t30 =  *((intOrPtr*)(_t50 + 0x40));
					if(_t30 == 0 || _t53 !=  *((intOrPtr*)(_t30 + 0x36c))) {
						L7:
						if(L004578CC(_t53) == 0 && _t53 != 0) {
							_t53 = GetParent(_t53);
							goto L7;
						}
						if(_t53 == 0) {
							_t53 =  *_t51;
						}
						goto L11;
					} else {
						_t53 = L00463A10(_t30);
						L11:
						if(IsWindowUnicode(_t53) == 0) {
							if(SendMessageA(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						} else {
							if(SendMessageW(_t53, _t51[1] + 0xbc00, _t51[2], _t51[3]) != 0) {
								_t46 = 1;
							}
						}
						goto L19;
					}
				}
			}

0x0047c020
0x0047c023
0x0047c025
0x0047c027
0x0047c029
0x0047c031
0x0047c10a
0x0047c112
0x0047c042
0x0047c047
0x0047c04b
0x0047c0ce
0x0047c0df
0x0047c0eb
0x0047c108
0x0047c108
0x00000000
0x0047c0eb
0x0047c04d
0x0047c04f
0x0047c054
0x0047c06f
0x0047c078
0x0047c06d
0x00000000
0x0047c06d
0x0047c080
0x0047c082
0x0047c082
0x00000000
0x0047c05e
0x0047c063
0x0047c084
0x0047c08c
0x0047c0c6
0x0047c0c8
0x0047c0c8
0x0047c08e
0x0047c0a7
0x0047c0a9
0x0047c0a9
0x0047c0a7
0x00000000
0x0047c08c
0x0047c054

APIs

GetCapture.USER32 ref: 0047C042
IsWindowUnicode.USER32(00000000), ref: 0047C085
SendMessageW.USER32(00000000,-0000BBEE,025B4140,00000000), ref: 0047C0A0
SendMessageA.USER32(00000000,-0000BBEE,025B4140,00000000), ref: 0047C0BF
GetWindowThreadProcessId.USER32(00000000), ref: 0047C0CE
GetWindowThreadProcessId.USER32(?,?), ref: 0047C0DF
SendMessageW.USER32(00000000,-0000BBEE,025B4140,00000000), ref: 0047C0FF

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessageSendWindow$ProcessThread$CaptureUnicode
String ID:
API String ID: 1994056952-0
Opcode ID: 5ad7e739a11c1de0ba7bd1ff9b3dec43e2974d157b62f9ac315e289ccf3a9b78
Instruction ID: 61dab7ecd4aef365e16f5b47f15cac0b2b796b678c0681677c6b1ce3be4e1523
Opcode Fuzzy Hash: 5ad7e739a11c1de0ba7bd1ff9b3dec43e2974d157b62f9ac315e289ccf3a9b78
Instruction Fuzzy Hash: 02211E71204649AFD760EAA9CD81FA773DCDB14314B14C83EF95ED7283D629EC4087A9

Uniqueness

Uniqueness Score: -1.00%

Function 00432E94, Relevance: 12.1, APIs: 8, Instructions: 79
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00432E94(void* __ebx) {
				struct HDC__* _v8;
				struct tagPALETTEENTRY _v1000;
				struct tagPALETTEENTRY _v1004;
				struct tagPALETTEENTRY _v1032;
				signed int _v1034;
				short _v1036;
				void* _t24;
				int _t53;
				intOrPtr _t60;
				void* _t62;
				void* _t63;

				_t62 = _t63;
				_v1036 = 0x300;
				_v1034 = 0x10;
				E004031D0(_t24, 0x40,  &_v1032);
				_v8 = GetDC(0);
				_push(_t62);
				_push(0x432f91);
				_push( *[fs:eax]);
				 *[fs:eax] = _t63 + 0xfffffbf8;
				_t53 = GetDeviceCaps(_v8, 0x68);
				if(_t53 >= 0x10) {
					GetSystemPaletteEntries(_v8, 0, 8,  &_v1032);
					if(_v1004 != 0xc0c0c0) {
						GetSystemPaletteEntries(_v8, _t53 - 8, 8, _t62 + (_v1034 & 0x0000ffff) * 4 - 0x424);
					} else {
						GetSystemPaletteEntries(_v8, _t53 - 8, 1,  &_v1004);
						GetSystemPaletteEntries(_v8, _t53 - 7, 7, _t62 + (_v1034 & 0x0000ffff) * 4 - 0x420);
						GetSystemPaletteEntries(_v8, 7, 1,  &_v1000);
					}
				}
				_pop(_t60);
				 *[fs:eax] = _t60;
				_push(0x432f98);
				return ReleaseDC(0, _v8);
			}

0x00432e95
0x00432e9e
0x00432ea7
0x00432ebb
0x00432ec7
0x00432ecc
0x00432ecd
0x00432ed2
0x00432ed5
0x00432ee3
0x00432ee8
0x00432efd
0x00432f0c
0x00432f73
0x00432f0e
0x00432f21
0x00432f3f
0x00432f53
0x00432f53
0x00432f0c
0x00432f7a
0x00432f7d
0x00432f80
0x00432f90

APIs

GetDC.USER32(00000000), ref: 00432EC2
GetDeviceCaps.GDI32(?,00000068), ref: 00432EDE
GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 00432EFD
GetSystemPaletteEntries.GDI32(?,-00000008,00000001,00C0C0C0), ref: 00432F21
GetSystemPaletteEntries.GDI32(?,00000000,00000007,?), ref: 00432F3F
GetSystemPaletteEntries.GDI32(?,00000007,00000001,?), ref: 00432F53
GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 00432F73
ReleaseDC.USER32 ref: 00432F8B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: EntriesPaletteSystem$CapsDeviceRelease
String ID:
API String ID: 1781840570-0
Opcode ID: b792980786c42040da24eeb03558754ace334723f50328ca1c6c73013d4e6fa9
Instruction ID: 0fb3abe7e5a41bd5da015c9731a084f43fd291a6ac1a4f8aaa109c0561839734
Opcode Fuzzy Hash: b792980786c42040da24eeb03558754ace334723f50328ca1c6c73013d4e6fa9
Instruction Fuzzy Hash: 382186B1A00218AADB10DBA9CD81FAE73BCEB4C708F5004A6F704F71D1D6799E409B28

Uniqueness

Uniqueness Score: -1.00%

Function 00402088, Relevance: 10.9, APIs: 7, Instructions: 407
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00402088(signed int __eax, intOrPtr __edx, void* __edi) {
				signed int __ebx;
				void* __esi;
				signed int _t69;
				signed int _t78;
				signed int _t93;
				long _t94;
				void* _t100;
				signed int _t102;
				signed int _t109;
				signed int _t115;
				signed int _t123;
				signed int _t129;
				void* _t131;
				signed int _t140;
				unsigned int _t148;
				signed int _t150;
				long _t152;
				signed int _t156;
				intOrPtr _t161;
				signed int _t166;
				signed int _t170;
				unsigned int _t171;
				intOrPtr _t174;
				intOrPtr _t180;
				intOrPtr _t193;
				signed int _t196;
				signed int _t197;
				signed int _t198;
				void* _t206;
				unsigned int _t208;
				intOrPtr _t214;
				void* _t226;
				intOrPtr _t228;
				void* _t229;
				signed int _t231;
				void* _t233;
				signed int _t234;
				signed int _t235;
				signed int _t239;
				signed int _t242;
				void* _t244;
				intOrPtr* _t245;

				_t176 = __edx;
				_t66 = __eax;
				_t166 =  *(__eax - 4);
				_t218 = __eax;
				if((_t166 & 0x00000007) != 0) {
					__eflags = _t166 & 0x00000005;
					if((_t166 & 0x00000005) != 0) {
						_pop(_t218);
						_pop(_t145);
						__eflags = _t166 & 0x00000003;
						if((_t166 & 0x00000003) == 0) {
							_push(_t145);
							_push(__eax);
							_push(__edi);
							_push(_t226);
							_t245 = _t244 + 0xffffffe0;
							_t219 = __edx;
							_t203 = __eax;
							_t69 =  *(__eax - 4);
							_t148 = (_t69 & 0xfffffff0) - 0x14;
							if(_t148 >= __edx) {
								__eflags = __edx - _t148 >> 1;
								if(__edx < _t148 >> 1) {
									_t150 = L00401B0C(__edx);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t219 - 0x40a2c;
										if(_t219 > 0x40a2c) {
											_t78 = _t203 - 0x10;
											__eflags = _t78;
											 *((intOrPtr*)(_t78 + 8)) = _t219;
										}
										L004016D0(_t203, _t219, _t150);
										L00401E90(_t203, _t203, _t226);
									}
								} else {
									_t150 = __eax;
									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
								}
							} else {
								_t180 = (_t148 >> 2) + _t148;
								if(_t180 <= __edx) {
									_t228 = __edx;
								} else {
									_t228 = _t180;
								}
								 *_t245 = _t203 - 0x10 + (_t69 & 0xfffffff0);
								VirtualQuery( *(_t245 + 8), _t245 + 8, 0x1c);
								if( *((intOrPtr*)(_t245 + 0x14)) != 0x10000) {
									L12:
									_t150 = L00401B0C(_t228);
									__eflags = _t150;
									if(_t150 != 0) {
										__eflags = _t228 - 0x40a2c;
										if(_t228 > 0x40a2c) {
											_t93 = _t150 - 0x10;
											__eflags = _t93;
											 *((intOrPtr*)(_t93 + 8)) = _t219;
										}
										L004016A0(_t203,  *((intOrPtr*)(_t203 - 0x10 + 8)), _t150);
										L00401E90(_t203, _t203, _t228);
									}
								} else {
									 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0xffff0000;
									_t94 =  *(_t245 + 0x10);
									if(_t219 - _t148 >= _t94) {
										goto L12;
									} else {
										_t152 = _t228 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
										if(_t94 < _t152) {
											_t152 = _t94;
										}
										if(VirtualAlloc( *(_t245 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t245 + 0xc), _t152, 0x1000, 4) == 0) {
											goto L12;
										} else {
											_t100 = _t203 - 0x10;
											 *((intOrPtr*)(_t100 + 8)) = _t219;
											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
											_t150 = _t203;
										}
									}
								}
							}
							return _t150;
						} else {
							__eflags = 0;
							return 0;
						}
					} else {
						_t170 = _t166 & 0xfffffff0;
						_push(__edi);
						_t206 = _t170 + __eax;
						_t171 = _t170 - 4;
						_t156 = _t166 & 0x0000000f;
						__eflags = __edx - _t171;
						_push(_t226);
						if(__edx > _t171) {
							_t102 =  *(_t206 - 4);
							__eflags = _t102 & 0x00000001;
							if((_t102 & 0x00000001) == 0) {
								L75:
								asm("adc edi, 0xffffffff");
								_t229 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
								_t208 = _t171;
								_t109 = L00401B0C(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
								_t193 = _t176;
								__eflags = _t109;
								if(_t109 == 0) {
									goto L73;
								} else {
									__eflags = _t229 - 0x40a2c;
									if(_t229 > 0x40a2c) {
										 *((intOrPtr*)(_t109 - 8)) = _t193;
									}
									_t231 = _t109;
									L004016A0(_t218, _t208, _t109);
									L00401E90(_t218, _t208, _t231);
									return _t231;
								}
							} else {
								_t115 = _t102 & 0xfffffff0;
								_t233 = _t171 + _t115;
								__eflags = __edx - _t233;
								if(__edx > _t233) {
									goto L75;
								} else {
									__eflags =  *0x506055;
									if(__eflags == 0) {
										L66:
										__eflags = _t115 - 0xb30;
										if(_t115 >= 0xb30) {
											L004016EC(_t206);
											_t176 = _t176;
											_t171 = _t171;
										}
										asm("adc edi, 0xffffffff");
										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
										_t196 = _t233 + 4 - _t123;
										__eflags = _t196;
										if(_t196 > 0) {
											 *(_t218 + _t233 - 4) = _t196;
											 *((intOrPtr*)(_t218 - 4 + _t123)) = _t196 + 3;
											_t234 = _t123;
											__eflags = _t196 - 0xb30;
											if(_t196 >= 0xb30) {
												__eflags = _t123 + _t218;
												L0040172C(_t123 + _t218, _t171, _t196);
											}
										} else {
											 *(_t218 + _t233) =  *(_t218 + _t233) & 0xfffffff7;
											_t234 = _t233 + 4;
										}
										_t235 = _t234 | _t156;
										__eflags = _t235;
										 *(_t218 - 4) = _t235;
										 *0x506a3c = 0;
										_t109 = _t218;
										L73:
										return _t109;
									} else {
										while(1) {
											asm("lock cmpxchg [0x506a3c], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x5068dd;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t176 = _t176;
												_t171 = _t171;
												asm("lock cmpxchg [0x506a3c], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t176 = _t176;
													_t171 = _t171;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										_t129 =  *(_t206 - 4);
										__eflags = _t129 & 0x00000001;
										if((_t129 & 0x00000001) == 0) {
											L74:
											 *0x506a3c = 0;
											goto L75;
										} else {
											_t115 = _t129 & 0xfffffff0;
											_t233 = _t171 + _t115;
											__eflags = _t176 - _t233;
											if(_t176 > _t233) {
												goto L74;
											} else {
												goto L66;
											}
										}
									}
								}
							}
						} else {
							__eflags = __edx + __edx - _t171;
							if(__edx + __edx < _t171) {
								__eflags = __edx - 0xb2c;
								if(__edx >= 0xb2c) {
									L41:
									_t32 = _t176 + 0xd3; // 0xbff
									_t239 = (_t32 & 0xffffff00) + 0x30;
									_t174 = _t171 + 4 - _t239;
									__eflags =  *0x506055;
									if(__eflags != 0) {
										while(1) {
											asm("lock cmpxchg [0x506a3c], ah");
											if(__eflags == 0) {
												break;
											}
											asm("pause");
											__eflags =  *0x5068dd;
											if(__eflags != 0) {
												continue;
											} else {
												Sleep(0);
												_t174 = _t174;
												asm("lock cmpxchg [0x506a3c], ah");
												if(__eflags != 0) {
													Sleep(0xa);
													_t174 = _t174;
													continue;
												}
											}
											break;
										}
										_t156 = 0x0000000f &  *(_t218 - 4);
										__eflags = 0xf;
									}
									 *(_t218 - 4) = _t156 | _t239;
									_t161 = _t174;
									_t197 =  *(_t206 - 4);
									__eflags = _t197 & 0x00000001;
									if((_t197 & 0x00000001) != 0) {
										_t131 = _t206;
										_t198 = _t197 & 0xfffffff0;
										_t161 = _t161 + _t198;
										_t206 = _t206 + _t198;
										__eflags = _t198 - 0xb30;
										if(_t198 >= 0xb30) {
											L004016EC(_t131);
										}
									} else {
										 *(_t206 - 4) = _t197 | 0x00000008;
									}
									 *((intOrPtr*)(_t206 - 8)) = _t161;
									 *((intOrPtr*)(_t218 + _t239 - 4)) = _t161 + 3;
									__eflags = _t161 - 0xb30;
									if(_t161 >= 0xb30) {
										L0040172C(_t218 + _t239, _t174, _t161);
									}
									 *0x506a3c = 0;
									return _t218;
								} else {
									__eflags = __edx - 0x2cc;
									if(__edx < 0x2cc) {
										_t214 = __edx;
										_t140 = L00401B0C(__edx);
										__eflags = _t140;
										if(_t140 != 0) {
											_t242 = _t140;
											L004016D0(_t218, _t214, _t140);
											L00401E90(_t218, _t214, _t242);
											_t140 = _t242;
										}
										return _t140;
									} else {
										_t176 = 0xb2c;
										__eflags = _t171 - 0xb2c;
										if(_t171 <= 0xb2c) {
											goto L37;
										} else {
											goto L41;
										}
									}
								}
							} else {
								L37:
								return _t66;
							}
						}
					}
				} else {
					__ebx =  *__ecx;
					__ecx =  *(__ebx + 2) & 0x0000ffff;
					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
					__eflags = __ecx - __edx;
					if(__ecx < __edx) {
						__ecx = __ecx + __ecx + 0x20;
						_push(__edi);
						__edi = __edx;
						__eax = 0;
						__ecx = __ecx - __edx;
						asm("adc eax, 0xffffffff");
						__eax = 0 & __ecx;
						__eax = (0 & __ecx) + __edx;
						__eax = L00401B0C((0 & __ecx) + __edx);
						__eflags = __eax;
						if(__eax != 0) {
							__eflags = __edi - 0x40a2c;
							if(__edi > 0x40a2c) {
								 *(__eax - 8) = __edi;
							}
							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
							__edx = __eax;
							__edi = __eax;
							 *((intOrPtr*)(__ebx + 0x1c))() = L00401E90(__esi, __edi, __ebp);
							__eax = __edi;
						}
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						return __eax;
					} else {
						__ebx = 0x40 + __edx * 4;
						__eflags = 0x40 + __edx * 4 - __ecx;
						if(0x40 + __edx * 4 < __ecx) {
							__ebx = __edx;
							__eax = __edx;
							__eax = L00401B0C(__edx);
							__eflags = __eax;
							if(__eax != 0) {
								__ecx = __ebx;
								__edx = __eax;
								__ebx = __eax;
								__esi = L00401E90(__esi, __edi, __ebp);
								__eax = __ebx;
							}
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						} else {
							_pop(__esi);
							_pop(__ebx);
							return __eax;
						}
					}
				}
			}

0x00402088
0x00402088
0x00402088
0x00402090
0x00402092
0x00402120
0x00402123
0x00402390
0x00402391
0x00402392
0x00402395
0x004019c0
0x004019c1
0x004019c2
0x004019c3
0x004019c4
0x004019c7
0x004019c9
0x004019d0
0x004019d7
0x004019dc
0x00401ac5
0x00401ac7
0x00401ada
0x00401adc
0x00401ade
0x00401ae0
0x00401ae6
0x00401aea
0x00401aea
0x00401aed
0x00401aed
0x00401af6
0x00401afd
0x00401afd
0x00401ac9
0x00401ac9
0x00401ace
0x00401ace
0x004019e2
0x004019e7
0x004019eb
0x004019f1
0x004019ed
0x004019ed
0x004019ed
0x004019fd
0x00401a0c
0x00401a19
0x00401a8b
0x00401a92
0x00401a94
0x00401a96
0x00401a98
0x00401a9e
0x00401aa2
0x00401aa2
0x00401aa5
0x00401aa5
0x00401ab5
0x00401abc
0x00401abc
0x00401a1b
0x00401a1b
0x00401a27
0x00401a2d
0x00000000
0x00401a2f
0x00401a40
0x00401a44
0x00401a46
0x00401a46
0x00401a5c
0x00000000
0x00401a74
0x00401a76
0x00401a79
0x00401a84
0x00401a87
0x00401a87
0x00401a5c
0x00401a2d
0x00401a19
0x00401b0b
0x0040239b
0x0040239b
0x0040239d
0x0040239d
0x00402129
0x0040212b
0x0040212e
0x0040212f
0x00402132
0x00402135
0x00402138
0x0040213a
0x0040213b
0x00402250
0x00402253
0x00402255
0x00402348
0x00402353
0x0040235a
0x0040235c
0x0040235f
0x00402364
0x00402365
0x00402367
0x00000000
0x00402369
0x00402369
0x0040236f
0x00402371
0x00402371
0x00402374
0x0040237c
0x00402383
0x0040238e
0x0040238e
0x0040225b
0x0040225b
0x0040225e
0x00402261
0x00402263
0x00000000
0x00402269
0x00402269
0x00402270
0x004022cd
0x004022cd
0x004022d2
0x004022d8
0x004022dd
0x004022de
0x004022de
0x004022ea
0x004022fb
0x00402301
0x00402301
0x00402303
0x00402310
0x00402317
0x0040231b
0x0040231d
0x00402323
0x00402325
0x00402327
0x00402327
0x00402305
0x00402305
0x00402309
0x00402309
0x0040232c
0x0040232c
0x0040232e
0x00402331
0x00402338
0x0040233a
0x0040233e
0x00402272
0x00402272
0x00402277
0x0040227f
0x00000000
0x00000000
0x00402281
0x00402283
0x0040228a
0x00000000
0x0040228c
0x00402290
0x00402295
0x00402296
0x0040229c
0x004022a4
0x004022aa
0x004022af
0x004022b0
0x00000000
0x004022b0
0x004022a4
0x00000000
0x0040228a
0x004022b9
0x004022bc
0x004022bf
0x004022c1
0x00402341
0x00402341
0x00000000
0x004022c3
0x004022c3
0x004022c6
0x004022c9
0x004022cb
0x00000000
0x00000000
0x00000000
0x00000000
0x004022cb
0x004022c1
0x00402270
0x00402263
0x00402141
0x00402144
0x00402146
0x00402150
0x00402156
0x0040216d
0x0040216d
0x00402179
0x0040217f
0x00402181
0x00402188
0x0040218a
0x0040218f
0x00402197
0x00000000
0x00000000
0x00402199
0x0040219b
0x004021a2
0x00000000
0x004021a4
0x004021a7
0x004021ac
0x004021b2
0x004021ba
0x004021bf
0x004021c4
0x00000000
0x004021c4
0x004021ba
0x00000000
0x004021a2
0x004021cd
0x004021cd
0x004021cd
0x004021d2
0x004021d5
0x004021d7
0x004021da
0x004021dd
0x004021e8
0x004021ea
0x004021ed
0x004021ef
0x004021f1
0x004021f7
0x004021f9
0x004021f9
0x004021df
0x004021e2
0x004021e2
0x004021fe
0x00402204
0x00402208
0x0040220e
0x00402215
0x00402215
0x0040221a
0x00402227
0x00402158
0x00402158
0x0040215e
0x00402228
0x0040222c
0x00402231
0x00402233
0x00402235
0x0040223d
0x00402244
0x00402249
0x00402249
0x0040224f
0x00402164
0x00402164
0x00402169
0x0040216b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040216b
0x0040215e
0x00402148
0x00402148
0x0040214c
0x0040214c
0x00402146
0x0040213b
0x00402098
0x00402098
0x0040209a
0x0040209e
0x004020a1
0x004020a3
0x004020dc
0x004020e0
0x004020e1
0x004020e3
0x004020e5
0x004020e7
0x004020ea
0x004020ec
0x004020ee
0x004020f3
0x004020f5
0x004020f7
0x004020fd
0x004020ff
0x004020ff
0x00402106
0x00402106
0x00402109
0x0040210b
0x00402114
0x00402119
0x00402119
0x0040211b
0x0040211c
0x0040211d
0x0040211e
0x004020a5
0x004020a5
0x004020ac
0x004020ae
0x004020b4
0x004020b6
0x004020b8
0x004020bd
0x004020bf
0x004020c1
0x004020c3
0x004020c5
0x004020d0
0x004020d5
0x004020d5
0x004020d7
0x004020d8
0x004020d9
0x004020b0
0x004020b0
0x004020b1
0x004020b2
0x004020b2
0x004020ae
0x004020a3

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15e564b932a5f1a7030e953fdf53f5065d19ad7c6e59cc17798857a132f335c3
Instruction ID: 3a69dfe832a6f357556f7e76a11f9f7263626d9ba2b87e85491605003e011a55
Opcode Fuzzy Hash: 15e564b932a5f1a7030e953fdf53f5065d19ad7c6e59cc17798857a132f335c3
Instruction Fuzzy Hash: 28C134727006004BD715AABD9D8936EB3869BC4325F18827FF604EB3E6DABCDC458758

Uniqueness

Uniqueness Score: -1.00%

Function 004AE5E8, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 216
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E004AE5E8(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v41;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				void* __ecx;
				char _t90;
				char _t167;
				char _t168;
				intOrPtr _t171;
				intOrPtr _t179;
				intOrPtr _t186;
				intOrPtr _t207;
				intOrPtr _t217;
				intOrPtr _t218;

				_t215 = __esi;
				_t214 = __edi;
				_t217 = _t218;
				_t171 = 8;
				goto L1;
				L4:
				if(L0047FAF0() != 0) {
					__eflags = _t167;
					if(__eflags == 0) {
						E004AE390(_v8, _t167,  &_v68, _t214, _t215, __eflags);
						E0040649C( &_v8, _v68);
						__eflags = _v12;
						if(__eflags != 0) {
							E004AE390(_v12, _t167,  &_v72, _t214, _t215, __eflags);
							E0040649C( &_v12, _v72);
						}
					}
					_t90 = L004AD53C(_t167, _v12, _v8, 5);
					__eflags = _t90;
					if(_t90 == 0) {
						L004ADC34(L"MoveFileEx");
					}
					__eflags = 0;
					_pop(_t186);
					 *[fs:eax] = _t186;
					_push(E004AE91D);
					L00406440( &_v72, 7);
					return L00406440( &_v32, 7);
				} else {
					L0047F714( &_v16);
					E0047E290(_v16,  &_v56);
					E00406914( &_v20, L"WININIT.INI", _v56);
					E004ADFDC(0, _t167, L".tmp", _v16, _t214, _t215,  &_v24);
					_push(_t217);
					_push(0x4ae87c);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					_v36 = 0;
					_v40 = 0;
					_push(_t217);
					_push(0x4ae81a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t218;
					WritePrivateProfileStringW(0, 0, 0, E004064D4(_v20));
					_v36 = E004AAA68(1, 1, 0, 3);
					_t179 = _v24;
					_v40 = E004AAA68(1, 0, 1, 0);
					_v41 = 0;
					_t168 = 0;
					while(E004AAD08(_v36) == 0) {
						E004AAD18(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E0040C6B4(_v28, 1, _t179,  &_v32, _t214, _t215);
						__eflags = _v32;
						if(__eflags == 0) {
							L11:
							E004AB070(_v40, 1, _v28, _t214, _t215, __eflags);
							_t168 = 0;
							__eflags = 0;
							continue;
						} else {
							__eflags =  *_v32 - 0x5b;
							if(__eflags != 0) {
								goto L11;
							} else {
								__eflags = E0040C24C(_v32, _t179, L"[rename]");
								if(__eflags != 0) {
									__eflags = _v41;
									if(__eflags == 0) {
										goto L11;
									}
								} else {
									_v41 = 1;
									goto L11;
								}
							}
						}
						break;
					}
					_t223 = _v41;
					if(_v41 == 0) {
						E004AB070(_v40, _t168, L"[rename]", _t214, _t215, _t223);
					}
					_t224 = _v12;
					if(_v12 == 0) {
						E0040649C( &_v32, 0x4ae98c);
					} else {
						L0047F6B4(_v12, _t179,  &_v32, _t224);
					}
					_push(_v32);
					_push(0x4ae9a0);
					L0047F6B4(_v8, _t179,  &_v64, _t224);
					_push(_v64);
					E004069F8( &_v60, 3, _t214);
					E004AB070(_v40, _t168, _v60, _t214, _t215, _t224);
					_t225 = _t168;
					if(_t168 != 0) {
						E004AB070(_v40, _t168, _v28, _t214, _t215, _t225);
					}
					while(E004AAD08(_v36) == 0) {
						E004AAD18(_v36, _t168,  &_v28, _t214, _t215, __eflags);
						E004AB070(_v40, _t168, _v28, _t214, _t215, __eflags);
					}
					_pop(_t207);
					 *[fs:eax] = _t207;
					_push(E004AE821);
					E00404098(_v40);
					return E00404098(_v36);
				}
				L1:
				_push(0);
				_push(0);
				_t171 = _t171 - 1;
				if(_t171 != 0) {
					goto L1;
				} else {
					_t1 =  &_v8;
					 *_t1 = _t171;
					_push(__esi);
					_push(__edi);
					_v12 =  *_t1;
					_v8 = __edx;
					_t167 = __eax;
					L00406430(_v8);
					L00406430(_v12);
					_push(_t217);
					 *[fs:eax] = _t218;
					E0047E6BC(_v8,  &_v48,  *[fs:eax]);
					E0040649C( &_v8, _v48, 0x4ae916);
					if(_v12 != 0) {
						E0047E6BC(_v12,  &_v52);
						E0040649C( &_v12, _v52);
					}
				}
				goto L4;
			}

0x004ae5e8
0x004ae5e8
0x004ae5e9
0x004ae5ec
0x004ae5ec
0x004ae656
0x004ae65d
0x004ae89b
0x004ae89d
0x004ae8a5
0x004ae8b0
0x004ae8b5
0x004ae8b9
0x004ae8c1
0x004ae8cc
0x004ae8cc
0x004ae8b9
0x004ae8db
0x004ae8e0
0x004ae8e2
0x004ae8e9
0x004ae8e9
0x004ae8ee
0x004ae8f0
0x004ae8f3
0x004ae8f6
0x004ae903
0x004ae915
0x004ae663
0x004ae666
0x004ae671
0x004ae681
0x004ae694
0x004ae69b
0x004ae69c
0x004ae6a1
0x004ae6a4
0x004ae6a9
0x004ae6ae
0x004ae6b3
0x004ae6b4
0x004ae6b9
0x004ae6bc
0x004ae6ce
0x004ae6e8
0x004ae6f1
0x004ae700
0x004ae703
0x004ae707
0x004ae75c
0x004ae711
0x004ae71e
0x004ae723
0x004ae727
0x004ae74f
0x004ae755
0x004ae75a
0x004ae75a
0x00000000
0x004ae729
0x004ae72c
0x004ae730
0x00000000
0x004ae732
0x004ae73f
0x004ae741
0x004ae749
0x004ae74d
0x00000000
0x00000000
0x004ae743
0x004ae743
0x00000000
0x004ae743
0x004ae741
0x004ae730
0x00000000
0x004ae727
0x004ae768
0x004ae76c
0x004ae776
0x004ae776
0x004ae77b
0x004ae77f
0x004ae796
0x004ae781
0x004ae787
0x004ae787
0x004ae79b
0x004ae79e
0x004ae7a9
0x004ae7ae
0x004ae7b9
0x004ae7c4
0x004ae7c9
0x004ae7cb
0x004ae7d3
0x004ae7d3
0x004ae7f0
0x004ae7e0
0x004ae7eb
0x004ae7eb
0x004ae7fe
0x004ae801
0x004ae804
0x004ae80c
0x004ae819
0x004ae819
0x004ae5f1
0x004ae5f1
0x004ae5f3
0x004ae5f5
0x004ae5f6
0x00000000
0x004ae5f8
0x004ae5f8
0x004ae5f8
0x004ae5fc
0x004ae5fd
0x004ae5fe
0x004ae601
0x004ae604
0x004ae609
0x004ae611
0x004ae618
0x004ae621
0x004ae62a
0x004ae635
0x004ae63e
0x004ae646
0x004ae651
0x004ae651
0x004ae63e
0x00000000

APIs

WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,00000000), ref: 004AE6CE

Strings

WININIT.INI, xrefs: 004AE67C
[rename], xrefs: 004AE732, 004AE76E
NUL, xrefs: 004AE791
.tmp, xrefs: 004AE68A
MoveFileEx, xrefs: 004AE8E4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID: .tmp$MoveFileEx$NUL$WININIT.INI$[rename]
API String ID: 390214022-3304407042
Opcode ID: 5892665b243cbbe77c90762a20a5031f06fcf45b9b75e045fd2ef13210ea485d
Instruction ID: 4f9e6d17b67b38806c5b220eb31912b83165e38f549e9769f448a7a62be43be8
Opcode Fuzzy Hash: 5892665b243cbbe77c90762a20a5031f06fcf45b9b75e045fd2ef13210ea485d
Instruction Fuzzy Hash: 29814174A002089FDF10EB96C882BDEB7B5EF5A308F50846AF91077391D779AD45CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047C868, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047DD18: GetActiveWindow.USER32 ref: 0047DD3F
Part of subcall function 0047DD18: GetLastActivePopup.USER32(00000001), ref: 0047DD54

GetWindowRect.USER32 ref: 0047C8F3
SetWindowPos.USER32(00000001,00000000,?,?,00000000,00000000,0000001D,00000001,?), ref: 0047C92E
MessageBoxW.USER32(00000000,00000000,00000000,00000000), ref: 0047C96D
SetWindowPos.USER32(00000001,00000000,?,?,00000000,00000000,0000001D,0047C9E6,00000000,00000000,0047C9DF), ref: 0047C9C0
SetActiveWindow.USER32(00000000,0047C9E6,00000000,00000000,0047C9DF), ref: 0047C9D1

Strings

(, xrefs: 0047C8CD

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Active$LastMessagePopupRect
String ID: (
API String ID: 3456420849-3887548279
Opcode ID: 0dafdfb7a07d314d126781bea1eb0c2a8c5848a38517362d8d77d90b476e0b16
Instruction ID: c27aebf2684b8ea1a1d832875631c6833832f8515d49a28bf35c7c281aaff68a
Opcode Fuzzy Hash: 0dafdfb7a07d314d126781bea1eb0c2a8c5848a38517362d8d77d90b476e0b16
Instruction Fuzzy Hash: 9D51EAB5A00208EFDB44DBA9C885FEEB7B5FB48304F148569F608E7395D674AD018B54

Uniqueness

Uniqueness Score: -1.00%

Function 004585C4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136
threadCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E004585C4(intOrPtr __eax, void* __ecx, void* __fp0, intOrPtr _a4) {
				signed int _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct HWND__* _v24;
				intOrPtr _v28;
				void* _v32;
				struct tagRECT _v48;
				char _v64;
				struct HWND__* _t53;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t79;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t92;
				intOrPtr _t97;
				struct HWND__* _t100;
				intOrPtr _t101;
				intOrPtr _t102;
				intOrPtr _t103;
				void* _t104;
				intOrPtr* _t107;
				intOrPtr _t109;
				intOrPtr _t113;
				intOrPtr _t116;
				intOrPtr _t117;
				void* _t132;

				_t132 = __fp0;
				_t104 = __ecx;
				_t117 = __eax;
				_v5 = 1;
				_t100 = E00458A04(_a4 + 0xfffffff4);
				_v24 = _t100;
				_t53 = GetWindow(_t100, 4);
				_t107 =  *0x504e38; // 0x50b17c
				if(_t53 ==  *((intOrPtr*)( *_t107 + 0x170))) {
					L6:
					if(_v24 == 0) {
						L25:
						return _v5 & 0x000000ff;
					}
					_t101 = _t117;
					while(1) {
						_t55 =  *((intOrPtr*)(_t101 + 0x30));
						if(_t55 == 0) {
							break;
						}
						_t101 = _t55;
					}
					_t116 = L00463A10(_t101);
					_v28 = _t116;
					if(_t116 == _v24) {
						goto L25;
					}
					_t60 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 0x10)) + 0x30));
					if(_t60 == 0) {
						_t109 =  *0x4561d8; // 0x456230
						__eflags = E00404238( *((intOrPtr*)(_a4 - 0x10)), _t109);
						if(__eflags == 0) {
							__eflags = 0;
							_v32 = 0;
						} else {
							_v32 = L00463A10( *((intOrPtr*)(_a4 - 0x10)));
						}
						L19:
						_v12 = 0;
						_t65 = _a4;
						_v20 =  *((intOrPtr*)(_t65 - 0xc));
						_v16 =  *((intOrPtr*)(_t65 - 8));
						EnumThreadWindows(GetCurrentThreadId(), E00458564,  &_v32);
						_t127 = _v12;
						if(_v12 == 0) {
							goto L25;
						}
						GetWindowRect(_v24,  &_v48);
						_push(_a4 + 0xfffffff4);
						_push(_a4 - 1);
						E004042A8(_t117, _t127);
						_t79 =  *0x50b100; // 0x0
						_t113 =  *0x4546d0; // 0x454728
						if(E00404238(_t79, _t113) == 0) {
							L23:
							if(L004091DC( &_v48,  &_v64,  &_v48, _t132) != 0) {
								_v5 = 0;
							}
							goto L25;
						}
						_t83 =  *0x50b100; // 0x0
						if( *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x40)) + 0x90)) == 0) {
							goto L23;
						}
						_t85 =  *0x50b100; // 0x0
						if(L00463A10( *((intOrPtr*)( *((intOrPtr*)(_t85 + 0x40)) + 0x90))) == _v24) {
							goto L25;
						}
						goto L23;
					}
					_t102 = _t60;
					while(1) {
						_t92 =  *((intOrPtr*)(_t102 + 0x30));
						if(_t92 == 0) {
							break;
						}
						_t102 = _t92;
					}
					_v32 = L00463A10(_t102);
					goto L19;
				}
				_t103 = L00457870(_v24, _t104);
				if(_t103 == 0) {
					goto L25;
				} else {
					while(1) {
						_t97 =  *((intOrPtr*)(_t103 + 0x30));
						if(_t97 == 0) {
							break;
						}
						_t103 = _t97;
					}
					_v24 = L00463A10(_t103);
					goto L6;
				}
			}

0x004585c4
0x004585c4
0x004585cd
0x004585cf
0x004585de
0x004585e0
0x004585e6
0x004585eb
0x004585f9
0x00458622
0x00458626
0x00458752
0x0045875c
0x0045875c
0x0045862c
0x00458632
0x00458632
0x00458637
0x00000000
0x00000000
0x00458630
0x00458630
0x00458640
0x00458642
0x00458648
0x00000000
0x00000000
0x00458654
0x00458659
0x0045867d
0x00458688
0x0045868a
0x0045869c
0x0045869e
0x0045868c
0x00458697
0x00458697
0x004586a1
0x004586a1
0x004586a5
0x004586ab
0x004586b1
0x004586c3
0x004586c8
0x004586cc
0x00000000
0x00000000
0x004586da
0x004586e5
0x004586ea
0x004586fa
0x004586ff
0x00458704
0x00458711
0x0045873c
0x0045874c
0x0045874e
0x0045874e
0x00000000
0x0045874c
0x00458713
0x00458722
0x00000000
0x00000000
0x00458724
0x0045873a
0x00000000
0x00000000
0x00000000
0x0045873a
0x0045865e
0x00458664
0x00458664
0x00458669
0x00000000
0x00000000
0x00458662
0x00458662
0x00458672
0x00000000
0x00458672
0x00458603
0x00458607
0x00000000
0x0045860d
0x00458611
0x00458611
0x00458616
0x00000000
0x00000000
0x0045860f
0x0045860f
0x0045861f
0x00000000
0x0045861f

APIs

Part of subcall function 00458A04: WindowFromPoint.USER32(-000000F4,?,?,004585DE,?,-0000000C,?), ref: 00458A0A
Part of subcall function 00458A04: GetParent.USER32(00000000), ref: 00458A21

GetWindow.USER32(00000000,00000004), ref: 004585E6
GetCurrentThreadId.KERNEL32 ref: 004586BD
EnumThreadWindows.USER32(00000000,00458564,?), ref: 004586C3
GetWindowRect.USER32 ref: 004586DA

Part of subcall function 00457870: GetWindowThreadProcessId.USER32(00000000), ref: 0045787D
Part of subcall function 00457870: GetCurrentProcessId.KERNEL32(?,025B4140,00000000,0047DF65,?,025B4140,?,025B4141,0047C338,?,00000000,00000200,0000020A,00000001), ref: 00457886
Part of subcall function 00457870: GlobalFindAtomW.KERNEL32(00000000), ref: 0045789B
Part of subcall function 00457870: GetPropW.USER32 ref: 004578B2

Strings

(GE, xrefs: 00458704
0bE, xrefs: 0045867D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Thread$CurrentProcess$AtomEnumFindFromGlobalParentPointPropRectWindows
String ID: (GE$0bE
API String ID: 349414421-3107333291
Opcode ID: 9cba7376279dbced43d6b9f0d37dc2accfc2e951a94ba58fb19c507ab4a9697b
Instruction ID: ae17b4ad0763dcafad620fef69102b15d0ee6fbcb9dfe3275e0567b889308847
Opcode Fuzzy Hash: 9cba7376279dbced43d6b9f0d37dc2accfc2e951a94ba58fb19c507ab4a9697b
Instruction Fuzzy Hash: 29513D70A002099FCB00DFA9C885AAEB7B4BB48345F10456AEC55EB393DB78DD49CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0043682C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112
windowCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E0043682C(intOrPtr* __eax, signed char __edx, void* __fp0) {
				intOrPtr* _v8;
				struct HPALETTE__* _v12;
				char _v13;
				intOrPtr _v25;
				intOrPtr _v29;
				intOrPtr _v33;
				intOrPtr _v57;
				short _v59;
				short _v61;
				intOrPtr _v65;
				intOrPtr _v69;
				intOrPtr _v73;
				intOrPtr _v77;
				intOrPtr _v89;
				intOrPtr _v93;
				void _v97;
				void* _t44;
				void* _t46;
				intOrPtr _t49;
				void* _t54;
				struct HPALETTE__* _t56;
				signed char _t72;
				void* _t74;
				void* _t75;
				struct HDC__* _t76;
				intOrPtr _t96;
				void* _t106;
				void* _t108;
				void* _t109;
				intOrPtr _t111;

				_t106 = _t108;
				_t109 = _t108 + 0xffffffa0;
				_t72 = __edx;
				_v8 = __eax;
				_t44 = L00435720(_v8);
				if(_t72 == _t44) {
					L16:
					return _t44;
				} else {
					_t46 = _t72 - 1;
					if(_t46 < 0) {
						_t44 =  *((intOrPtr*)( *_v8 + 0x78))();
						goto L16;
					} else {
						if(_t46 == 7) {
							_t49 =  *0x504b8c; // 0x42e364
							_t44 = E00432820(_t49);
							goto L16;
						} else {
							L00403540( &_v97, 0x54);
							_t54 = memcpy( &_v97,  *((intOrPtr*)(_v8 + 0x28)) + 0x18, 6 << 2);
							_t111 = _t109 + 0xc;
							_v13 = 0;
							_v77 = 0;
							_v73 = 0x28;
							_v69 = _v93;
							_v65 = _v89;
							_v61 = 1;
							_v59 =  *((_t72 & 0x000000ff) + 0x503277) & 0x000000ff;
							_v12 =  *((intOrPtr*)(_t54 + 0x10));
							_t74 = _t72 - 2;
							if(_t74 == 0) {
								_t56 =  *0x50aeec; // 0x6a080b01
								_v12 = _t56;
							} else {
								_t75 = _t74 - 1;
								if(_t75 == 0) {
									_t76 = E0043294C(GetDC(0));
									_v12 = CreateHalftonePalette(_t76);
									_v13 = 1;
									ReleaseDC(0, _t76);
								} else {
									if(_t75 == 2) {
										_v57 = 3;
										_v33 = 0xf800;
										_v29 = 0x7e0;
										_v25 = 0x1f;
									}
								}
							}
							 *[fs:eax] = _t111;
							 *((char*)(_v8 + 0x22)) = E00434ED8( *((intOrPtr*)( *_v8 + 0x70))( *[fs:eax], 0x436978, _t106),  &_v97) & 0xffffff00 | _v12 != 0x00000000;
							_pop(_t96);
							 *[fs:eax] = _t96;
							_push(0x43697f);
							if(_v13 != 0) {
								return DeleteObject(_v12);
							}
							return 0;
						}
					}
				}
			}

0x0043682d
0x0043682f
0x00436835
0x00436837
0x0043683d
0x00436844
0x0043698a
0x00436990
0x0043684a
0x0043684c
0x0043684e
0x0043685d
0x00000000
0x00436850
0x00436852
0x00436865
0x0043686a
0x00000000
0x00436854
0x0043687e
0x00436894
0x00436894
0x00436896
0x0043689c
0x0043689f
0x004368a9
0x004368af
0x004368b2
0x004368c2
0x004368c9
0x004368cc
0x004368cf
0x004368dc
0x004368e1
0x004368d1
0x004368d1
0x004368d3
0x004368f2
0x004368fa
0x004368fd
0x00436904
0x004368d5
0x004368d8
0x0043690b
0x00436912
0x00436919
0x00436920
0x00436920
0x004368d8
0x004368d3
0x00436932
0x00436958
0x0043695d
0x00436960
0x00436963
0x0043696c
0x00000000
0x00436972
0x00436977
0x00436977
0x00436852
0x0043684e

APIs

GetDC.USER32(00000000), ref: 004368E8
CreateHalftonePalette.GDI32(00000000,00000000), ref: 004368F5
ReleaseDC.USER32 ref: 00436904
DeleteObject.GDI32(00000000), ref: 00436972

Strings

dB, xrefs: 00436865
(, xrefs: 0043689F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateDeleteHalftoneObjectPaletteRelease
String ID: ($dB
API String ID: 577518360-404104738
Opcode ID: ed5a40e957989e5db676064f8f038284e2d75d5f3da43bad8518e490be35cdd0
Instruction ID: e5af28e37cbb7155dac159f6ba2d2ded8c8a3d7b18243e6f7da2e6a0b919c287
Opcode Fuzzy Hash: ed5a40e957989e5db676064f8f038284e2d75d5f3da43bad8518e490be35cdd0
Instruction Fuzzy Hash: FF41D7B0A04209EFDB04DFA5C445B9EFBF6EF4D308F1180AAE404A73A1D6785E45DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004A6F64, Relevance: 10.6, APIs: 7, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004A6F64(int __eax, int __ecx, struct tagRECT* __edx, char _a4, intOrPtr _a8) {
				int _v8;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _v20;
				void* __edi;
				void* __ebp;
				long _t48;
				long _t65;
				int _t80;
				void* _t88;
				int _t89;
				int _t91;
				int _t92;
				struct tagRECT* _t95;
				void* _t96;

				_v8 = __ecx;
				_t95 = __edx;
				_t80 = __eax;
				if(_a4 == 0) {
					_v20 = E00432554( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x280)));
					_t89 = _t80;
					if(_t89 != 0) {
						_t89 =  *(_t89 - 4);
					}
					return DrawTextW(_v20, E004064D4(_t80), _t89, _t95, _v8);
				}
				L004317F4( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x280)) + 0x14)), __ecx, 1, _t88, _t96);
				L00409254(_t95, 1, 1);
				_t48 = GetSysColor(0x14);
				SetTextColor(E00432554( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x280))), _t48);
				_v12 = E00432554( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x280)));
				_t91 = _t80;
				if(_t91 != 0) {
					_t91 =  *(_t91 - 4);
				}
				DrawTextW(_v12, E004064D4(_t80), _t91, _t95, _v8);
				L00409254(_t95, 0xffffffffffffffff, 0xffffffffffffffff);
				_t65 = GetSysColor(0x10);
				SetTextColor(E00432554( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x280))), _t65);
				_v16 = E00432554( *((intOrPtr*)( *((intOrPtr*)(_a8 - 4)) + 0x280)));
				_t92 = _t80;
				if(_t92 != 0) {
					_t92 =  *(_t92 - 4);
				}
				return DrawTextW(_v16, E004064D4(_t80), _t92, _t95, _v8);
			}

0x004a6f6d
0x004a6f70
0x004a6f72
0x004a6f78
0x004a706f
0x004a7072
0x004a7076
0x004a707b
0x004a707b
0x00000000
0x004a708f
0x004a6f8f
0x004a6fa0
0x004a6fa7
0x004a6fbf
0x004a6fd5
0x004a6fd8
0x004a6fdc
0x004a6fe1
0x004a6fe1
0x004a6ff5
0x004a7002
0x004a7009
0x004a7021
0x004a7037
0x004a703a
0x004a703e
0x004a7043
0x004a7043
0x00000000

APIs

GetSysColor.USER32(00000014), ref: 004A6FA7
SetTextColor.GDI32(00000000,00000000), ref: 004A6FBF
DrawTextW.USER32(00000000,00000000,?,?,?), ref: 004A6FF5
GetSysColor.USER32(00000010), ref: 004A7009
SetTextColor.GDI32(00000000,00000000), ref: 004A7021
DrawTextW.USER32(?,00000000,?,?,?), ref: 004A7057
DrawTextW.USER32(?,00000000,?,?,?), ref: 004A708F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Text$Color$Draw
String ID:
API String ID: 2775849416-0
Opcode ID: fc2fa7a8644dc9eba060bbbfb44e4c79525fc061634a567f524af734156458fa
Instruction ID: 01b4ed0c867c6265f7320c1f1695f9e5371b593b58d257530a6a66c4cb13c165
Opcode Fuzzy Hash: fc2fa7a8644dc9eba060bbbfb44e4c79525fc061634a567f524af734156458fa
Instruction Fuzzy Hash: C2316475701104AFC740EF6EC889D9AB7F8AF48314F15817AF918DB3A2C674EE048B54

Uniqueness

Uniqueness Score: -1.00%

Function 004C8E08, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104
sleepCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E004C8E08(struct HICON__* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0, intOrPtr _a4) {
				char _v8;
				signed int _v9;
				char _v16;
				char _v20;
				intOrPtr _t48;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t55;
				struct HICON__* _t67;
				char* _t71;
				intOrPtr _t72;
				intOrPtr* _t80;
				intOrPtr* _t83;
				intOrPtr _t95;
				void* _t101;
				void* _t102;
				void* _t105;

				_t115 = __fp0;
				_t102 = __esi;
				_t101 = __edi;
				_t88 = __ebx;
				_push(__ebx);
				_v8 = 0;
				_push(_t105);
				_push(0x4c8f6b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t105 + 0xfffffff0;
				_v9 = 0;
				E0045B0C8( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x3ec)),  &_v8, __eflags);
				_t48 =  *0x504b94; // 0x50be1c
				_t108 =  *(_t48 + 0x118) & 0x00000004;
				if(( *(_t48 + 0x118) & 0x00000004) != 0) {
					_v9 = L004D9C70(_v8, _t108, __fp0);
				}
				if(_v9 == 0) {
					_t80 =  *0x504b88; // 0x50c0a4
					_t110 =  *_t80;
					if( *_t80 != 0) {
						_v20 = _v8;
						_v16 = 0x11;
						_t89 =  &_v20;
						_t83 =  *0x504b88; // 0x50c0a4
						_v9 = E004FA138( *_t83,  &_v20, "CheckPassword", _t110, _t115, _v9 & 0x000000ff, 0, 0);
					}
				}
				if(_v9 == 0) {
					_t50 =  *((intOrPtr*)(_a4 - 4));
					__eflags =  *((char*)(_t50 + 0x57));
					if( *((char*)(_t50 + 0x57)) != 0) {
						_t67 = GetCursor();
						_t88 = _t67;
						SetCursor(LoadCursorW(0, 0x7f02));
						Sleep(0x2ee);
						SetCursor(_t67);
					}
					_t51 =  *0x504e48; // 0x50b83c
					_t30 = _t51 + 0x170; // 0x256c554
					L004E11BC( *_t30, _t88, 2, 0, _t101, _t102, 1, 1, 0);
					_t55 =  *((intOrPtr*)(_a4 - 4));
					__eflags =  *((char*)(_t55 + 0x57));
					if( *((char*)(_t55 + 0x57)) != 0) {
						__eflags = 0;
						E0045B100( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x3ec)), _t88, 2, 0, _t102);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x3ec)))) + 0xd8))();
					}
				} else {
					_t71 =  *0x504e2c; // 0x50c05e
					 *_t71 = 0;
					_t72 =  *0x504b94; // 0x50be1c
					if(( *(_t72 + 0x11b) & 0x00000020) != 0) {
						E00406448(L004CB1E4() + 0x138, _v8);
					}
					E0045B100( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x3ec)), _t88, _t89, 0, _t102);
				}
				_pop(_t95);
				 *[fs:eax] = _t95;
				_push(0x4c8f72);
				return L00406438( &_v8);
			}

0x004c8e08
0x004c8e08
0x004c8e08
0x004c8e08
0x004c8e0e
0x004c8e11
0x004c8e16
0x004c8e17
0x004c8e1c
0x004c8e1f
0x004c8e22
0x004c8e35
0x004c8e3a
0x004c8e3f
0x004c8e46
0x004c8e50
0x004c8e50
0x004c8e57
0x004c8e59
0x004c8e5e
0x004c8e61
0x004c8e6f
0x004c8e72
0x004c8e76
0x004c8e79
0x004c8e8a
0x004c8e8a
0x004c8e61
0x004c8e91
0x004c8ed6
0x004c8ed9
0x004c8edd
0x004c8edf
0x004c8ee4
0x004c8ef3
0x004c8efd
0x004c8f03
0x004c8f03
0x004c8f0e
0x004c8f13
0x004c8f1d
0x004c8f25
0x004c8f28
0x004c8f2c
0x004c8f3a
0x004c8f3c
0x004c8f4f
0x004c8f4f
0x004c8e93
0x004c8e93
0x004c8e98
0x004c8e9b
0x004c8ea7
0x004c8eb6
0x004c8eb6
0x004c8ec9
0x004c8ec9
0x004c8f57
0x004c8f5a
0x004c8f5d
0x004c8f6a

APIs

GetCursor.USER32 ref: 004C8EDF
LoadCursorW.USER32(00000000,00007F02), ref: 004C8EED
SetCursor.USER32(00000000,00000000,00007F02), ref: 004C8EF3
Sleep.KERNEL32(000002EE,00000000,00000000,00007F02), ref: 004C8EFD
SetCursor.USER32(00000000,000002EE,00000000,00000000,00007F02), ref: 004C8F03

Strings

CheckPassword, xrefs: 004C8E80

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Cursor$LoadSleep
String ID: CheckPassword
API String ID: 4023313301-1302249611
Opcode ID: 61e247a7940c73ee998c3abf3cd1518099d41a6f7d40e90d69aebe13621525c4
Instruction ID: 295b97ce7fe51e24737f2dd7b077baf14684f08aaa384b172783a7c5d2e1a860
Opcode Fuzzy Hash: 61e247a7940c73ee998c3abf3cd1518099d41a6f7d40e90d69aebe13621525c4
Instruction Fuzzy Hash: 02416A74604248AFD701DF69C886F9DBBE5AF05304F4584ADF9049B392CB789E44CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004B209C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103
windowCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E004B209C(int __eax, void* __ebx, long __ecx, signed char __edx, void* __edi, void* __esi, char* _a4) {
				char _v8;
				signed char _v9;
				char _v10;
				intOrPtr _v16;
				struct tagMSG _v44;
				char _v48;
				struct HWND__* _t29;
				long _t30;
				intOrPtr* _t31;
				intOrPtr* _t39;
				void* _t44;
				intOrPtr* _t49;
				char* _t60;
				void* _t66;
				intOrPtr _t68;
				intOrPtr _t72;
				void* _t79;
				void* _t80;
				intOrPtr _t81;

				_t79 = _t80;
				_t81 = _t80 + 0xffffffd4;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v48 = 0;
				_v8 = 0;
				_t77 = __ecx;
				_v9 = __edx;
				_t75 = __eax;
				_t60 = _a4;
				_push(_t79);
				_push(0x4b2205);
				_push( *[fs:eax]);
				 *[fs:eax] = _t81;
				_v10 = 0;
				 *_t60 = 0;
				if( *0x50bc24 == 0) {
					L10:
					__eflags = 0;
					_pop(_t68);
					 *[fs:eax] = _t68;
					_push(0x4b220c);
					L00406438( &_v48);
					return L00406438( &_v8);
				} else {
					 *0x50bc3c = 0;
					_t29 =  *0x50bc34; // 0x0
					_t30 = SendMessageW(_t29, __eax, _v9 & 0x000000ff, __ecx);
					_t83 = _t30;
					if(_t30 == 0) {
						goto L10;
					} else {
						_v10 = 1;
						_t31 =  *0x504e38; // 0x50b17c
						L0047BEA4( *_t31,  &_v8);
						_v16 = E00470BFC(0, _t60, _t75, _t77);
						_push(_t79);
						_push(0x4b21b3);
						 *[fs:eax] = _t81;
						E00406914( &_v48, _v8, L"[Paused] ",  *[fs:eax]);
						_t39 =  *0x504e38; // 0x50b17c
						E0047BF28( *_t39, _v8, _v48, _t83);
						while( *0x50bc3c == 0) {
							_t44 = GetMessageW( &_v44, 0, 0, 0) - 0xffffffff;
							__eflags = _t44;
							if(_t44 != 0) {
								__eflags = _t44 == 1;
								if(_t44 == 1) {
									PostQuitMessage(_v44.wParam);
								} else {
									TranslateMessage( &_v44);
									DispatchMessageW( &_v44);
									continue;
								}
							}
							break;
						}
						 *_t60 =  *0x50bc3d & 0x000000ff;
						_pop(_t72);
						_pop(_t66);
						 *[fs:eax] = _t72;
						_push(0x4b21ba);
						E00470CC0(_v16);
						_t49 =  *0x504e38; // 0x50b17c
						return E0047BF28( *_t49, _t66, _v8, 0);
					}
				}
			}

0x004b209d
0x004b209f
0x004b20a2
0x004b20a3
0x004b20a4
0x004b20a7
0x004b20aa
0x004b20ad
0x004b20af
0x004b20b2
0x004b20b4
0x004b20b9
0x004b20ba
0x004b20bf
0x004b20c2
0x004b20c5
0x004b20c9
0x004b20d3
0x004b21e7
0x004b21e7
0x004b21e9
0x004b21ec
0x004b21ef
0x004b21f7
0x004b2204
0x004b20d9
0x004b20d9
0x004b20e7
0x004b20ed
0x004b20f2
0x004b20f4
0x00000000
0x004b20fa
0x004b20fa
0x004b2101
0x004b2108
0x004b2114
0x004b2119
0x004b211a
0x004b2122
0x004b2130
0x004b2138
0x004b213f
0x004b217c
0x004b2155
0x004b2155
0x004b2158
0x004b215a
0x004b215b
0x004b2163
0x004b215d
0x004b216e
0x004b2177
0x00000000
0x004b2177
0x004b215b
0x00000000
0x004b2158
0x004b218c
0x004b2190
0x004b2192
0x004b2193
0x004b2196
0x004b219e
0x004b21a3
0x004b21b2
0x004b21b2
0x004b20f4

APIs

SendMessageW.USER32(00000000,?,?), ref: 004B20ED

Part of subcall function 0047BEA4: GetWindowTextW.USER32 ref: 0047BED3

Part of subcall function 00470BFC: GetCurrentThreadId.KERNEL32 ref: 00470C53
Part of subcall function 00470BFC: EnumThreadWindows.USER32(00000000,00470BAC,00000000), ref: 00470C59

Part of subcall function 0047BF28: SetWindowTextW.USER32(?,00000000), ref: 0047BF58

GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004B2150
TranslateMessage.USER32(?), ref: 004B216E
DispatchMessageW.USER32 ref: 004B2177

Strings

[Paused] , xrefs: 004B212B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message$TextThreadWindow$CurrentDispatchEnumSendTranslateWindows
String ID: [Paused]
API String ID: 1007367021-4230553315
Opcode ID: b53d6765b66b1f017eb08fe7e4055ffc033c299ce5e7bd8edfe8a6a73743bae4
Instruction ID: f7876955be2cb41d1d2257ae62b8880ba0ac7922f68f73269f2cb01262406678
Opcode Fuzzy Hash: b53d6765b66b1f017eb08fe7e4055ffc033c299ce5e7bd8edfe8a6a73743bae4
Instruction Fuzzy Hash: 4D31B030904248AEDB11EBB9CD81BDE7BF8EB09304F5584A6F500E3291DBB89D04DB39

Uniqueness

Uniqueness Score: -1.00%

Function 0046D040, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 80
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E0046D040(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t9;
				void* _t11;
				intOrPtr _t17;
				void* _t28;
				void* _t29;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t37;
				void* _t43;
				intOrPtr _t45;
				intOrPtr _t46;

				_t45 = _t46;
				_push(_t29);
				_push(__ebx);
				_push(__esi);
				_t43 = __edx;
				_t28 = __eax;
				if( *0x50b170 == 0) {
					 *0x50b170 = E0041253C(L"comctl32.dll", __eax, _t29, __edx);
					if( *0x50b170 >= 0x60000) {
						_t41 = GetModuleHandleW(L"comctl32.dll");
						if(_t25 != 0) {
							 *0x50b174 = E00409620(_t28, _t43, _t41, L"ImageList_WriteEx");
						}
					}
				}
				_v8 = L0042B764(_t43, 1, 0);
				_push(_t45);
				_push(0x46d13a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				if( *0x50b174 == 0) {
					_t9 = _v8;
					if(_t9 != 0) {
						_t9 = _t9 - 0xffffffec;
					}
					_push(_t9);
					_t11 = L0046BF28(_t28);
					_push(_t11);
					L0042E27C();
					if(_t11 == 0) {
						_t33 =  *0x504c0c; // 0x42e3b4
						L004119EC(_t33, 1);
						E00404A74();
					}
				} else {
					_t17 = _v8;
					if(_t17 != 0) {
						_t17 = _t17 - 0xffffffec;
					}
					_push(_t17);
					_push(1);
					_push(L0046BF28(_t28));
					if( *0x50b174() != 0) {
						_t34 =  *0x504c0c; // 0x42e3b4
						L004119EC(_t34, 1);
						E00404A74();
					}
				}
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(0x46d141);
				return E00404098(_v8);
			}

0x0046d041
0x0046d043
0x0046d044
0x0046d045
0x0046d047
0x0046d049
0x0046d052
0x0046d05e
0x0046d06d
0x0046d079
0x0046d07d
0x0046d08a
0x0046d08a
0x0046d07d
0x0046d06d
0x0046d09f
0x0046d0a4
0x0046d0a5
0x0046d0aa
0x0046d0ad
0x0046d0b7
0x0046d0f1
0x0046d0f6
0x0046d0f8
0x0046d0f8
0x0046d0fb
0x0046d0fe
0x0046d103
0x0046d104
0x0046d10b
0x0046d10d
0x0046d11a
0x0046d11f
0x0046d11f
0x0046d0b9
0x0046d0b9
0x0046d0be
0x0046d0c0
0x0046d0c0
0x0046d0c3
0x0046d0c4
0x0046d0cd
0x0046d0d6
0x0046d0d8
0x0046d0e5
0x0046d0ea
0x0046d0ea
0x0046d0d6
0x0046d126
0x0046d129
0x0046d12c
0x0046d139

APIs

Part of subcall function 0041253C: GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00412612), ref: 0041257E
Part of subcall function 0041253C: GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,004125F5,?,00000000,?,00000000,00412612), ref: 004125B3
Part of subcall function 0041253C: VerQueryValueW.VERSION(?,00412624,?,?,00000000,?,00000000,?,00000000,004125F5,?,00000000,?,00000000,00412612), ref: 004125CD

GetModuleHandleW.KERNEL32(comctl32.dll), ref: 0046D074

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

ImageList_Write.COMCTL32(00000000,?,00000000,0046D13A), ref: 0046D104

Strings

comctl32.dll, xrefs: 0046D06F
0B, xrefs: 0046D0E0, 0046D115
comctl32.dll, xrefs: 0046D054
ImageList_WriteEx, xrefs: 0046D07F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileInfoVersion$AddressHandleImageList_ModuleProcQuerySizeValueWrite
String ID: 0B$ImageList_WriteEx$comctl32.dll$comctl32.dll
API String ID: 4063495462-3856334682
Opcode ID: b021a58b9619bb2706f66a467b1ea21dbf92dae369d0f79f86c71e990ee7a02d
Instruction ID: 5237d21f56526580522d95e3f5c22925f03333b92e4ddc9e0fac8314b13122c4
Opcode Fuzzy Hash: b021a58b9619bb2706f66a467b1ea21dbf92dae369d0f79f86c71e990ee7a02d
Instruction Fuzzy Hash: 86216270F402009BEB14AF76DD95B6B36A8EB59708F50013AF401D73A2EB799C45DA1A

Uniqueness

Uniqueness Score: -1.00%

Function 004D8D84, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72
fileCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E004D8D84(void* __eax, void* __ecx, void* __edx, intOrPtr _a4076) {
				char _v4120;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t6;
				void* _t11;
				signed char _t14;
				void* _t22;
				intOrPtr* _t23;
				void* _t24;
				void* _t29;
				long _t31;
				void* _t32;
				void* _t33;
				void* _t34;

				_push(__eax);
				_t6 = 2;
				do {
					_t33 = _t33 + 0xfffff004;
					_push(_t6);
					_t6 = _t6 - 1;
				} while (_t6 != 0);
				_t34 = _t33 + 4;
				_t29 = __edx;
				_t30 = _a4076;
				_t23 = E00409620(_t22, _a4076, GetModuleHandleW(L"kernel32.dll"), L"GetFinalPathNameByHandleW");
				if(_t23 == 0) {
					L11:
					_t11 = E00406448(_t29, _t30);
				} else {
					_t14 = GetFileAttributesW(E004064D4(_t30));
					if(_t14 == 0xffffffff) {
						goto L11;
					} else {
						if((_t14 & 0x00000010) == 0) {
							_t31 = 0;
							__eflags = 0;
						} else {
							_t31 = 0x2000000;
						}
						_t32 = CreateFileW(E004064D4(_t30), 0, 7, 0, 3, _t31, 0);
						if(_t32 == 0xffffffff) {
							goto L11;
						} else {
							_t24 =  *_t23(_t32,  &_v4120, 0x1000, 0);
							CloseHandle(_t32);
							if(_t24 <= 0) {
								goto L11;
							} else {
								_t42 = _t24 - 0xff0;
								if(_t24 >= 0xff0) {
									goto L11;
								} else {
									_t11 = E004D8C9C(_t34, _t24, _t29, _t30, _t42);
								}
							}
						}
					}
				}
				return _t11;
			}

0x004d8d88
0x004d8d89
0x004d8d8e
0x004d8d8e
0x004d8d94
0x004d8d95
0x004d8d95
0x004d8d9f
0x004d8da2
0x004d8da4
0x004d8dbb
0x004d8dbf
0x004d8e2d
0x004d8e31
0x004d8dc1
0x004d8dc9
0x004d8dd1
0x00000000
0x004d8dd3
0x004d8dd5
0x004d8dde
0x004d8dde
0x004d8dd7
0x004d8dd7
0x004d8dd7
0x004d8df8
0x004d8dfd
0x00000000
0x004d8dff
0x004d8e0e
0x004d8e11
0x004d8e18
0x00000000
0x004d8e1a
0x004d8e1a
0x004d8e20
0x00000000
0x004d8e22
0x004d8e26
0x004d8e26
0x004d8e20
0x004d8e18
0x004d8dfd
0x004d8dd1
0x004d8e40

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,GetFinalPathNameByHandleW), ref: 004D8DB0
GetFileAttributesW.KERNEL32(00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 004D8DC9
CreateFileW.KERNEL32(00000000,00000000,00000007,00000000,00000003,00000000,00000000,00000000,00000000,kernel32.dll,GetFinalPathNameByHandleW), ref: 004D8DF3
CloseHandle.KERNEL32(00000000), ref: 004D8E11

Strings

kernel32.dll, xrefs: 004D8DAB
GetFinalPathNameByHandleW, xrefs: 004D8DA6

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FileHandle$AttributesCloseCreateModule
String ID: GetFinalPathNameByHandleW$kernel32.dll
API String ID: 791737717-340263132
Opcode ID: 39dec38738e43aca1343b10a8f304e0354ed1cc44d45ac263c20267a07cc6bfd
Instruction ID: 6eba4a4fa280df9203778175666092d8d09e2161eb6eb13b461aa55ad8284538
Opcode Fuzzy Hash: 39dec38738e43aca1343b10a8f304e0354ed1cc44d45ac263c20267a07cc6bfd
Instruction Fuzzy Hash: 9611A1A17407083AE520316A4C97F7B228C8B5176CF14093FBB18EA3D3EDBD9C02466E

Uniqueness

Uniqueness Score: -1.00%

Function 00434340, Relevance: 10.6, APIs: 7, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00434340(int __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct HDC__* _v16;
				void* _v20;
				struct tagRGBQUAD _v1044;
				int _t16;
				int _t37;
				intOrPtr _t44;
				void* _t46;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t16 = __eax;
				_t49 = _t51;
				_t52 = _t51 + 0xfffffbf0;
				_v8 = __edx;
				_t46 = __eax;
				if(__eax == 0 ||  *((short*)(__ecx + 0x26)) > 8) {
					L4:
					return _t16;
				} else {
					_t16 = E004330E8(_v8, 0xff,  &_v1044);
					_t37 = _t16;
					if(_t37 == 0) {
						goto L4;
					} else {
						_v12 = GetDC(0);
						_v16 = CreateCompatibleDC(_v12);
						_v20 = SelectObject(_v16, _t46);
						_push(_t49);
						_push(0x4343ef);
						_push( *[fs:eax]);
						 *[fs:eax] = _t52;
						SetDIBColorTable(_v16, 0, _t37,  &_v1044);
						_pop(_t44);
						 *[fs:eax] = _t44;
						_push(0x4343f6);
						SelectObject(_v16, _v20);
						DeleteDC(_v16);
						return ReleaseDC(0, _v12);
					}
				}
			}

0x00434340
0x00434341
0x00434343
0x0043434b
0x0043434e
0x00434352
0x004343f6
0x004343fb
0x00434363
0x00434371
0x00434376
0x0043437a
0x00000000
0x0043437c
0x00434383
0x0043438f
0x0043439c
0x004343a1
0x004343a2
0x004343a7
0x004343aa
0x004343bb
0x004343c2
0x004343c5
0x004343c8
0x004343d5
0x004343de
0x004343ee
0x004343ee
0x0043437a

APIs

Part of subcall function 004330E8: GetObjectW.GDI32(00000000,00000004,?,000000FF,00000000,00000018,00000000,0043464A,00000000,004347A0,?,00000000,00434A96,?,00000000,00000000), ref: 004330FF
Part of subcall function 004330E8: GetPaletteEntries.GDI32(00000000,00000000,?,00000028), ref: 00433122

GetDC.USER32(00000000), ref: 0043437E
CreateCompatibleDC.GDI32(?), ref: 0043438A
SelectObject.GDI32(?), ref: 00434397
SetDIBColorTable.GDI32(?,00000000,00000000,?,00000000,004343EF,?,?,?,?,00000000), ref: 004343BB
SelectObject.GDI32(?,?), ref: 004343D5
DeleteDC.GDI32(?), ref: 004343DE
ReleaseDC.USER32 ref: 004343E9

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Object$Select$ColorCompatibleCreateDeleteEntriesPaletteReleaseTable
String ID:
API String ID: 4046155103-0
Opcode ID: 4cc14c19a4e107e091eca515082334aab6debb1a019eb6af870d7d8d2492fed7
Instruction ID: ac795cd6fd40d748ce50fe862934118e8cfa46c4ed00d813a7174b02b8df3c14
Opcode Fuzzy Hash: 4cc14c19a4e107e091eca515082334aab6debb1a019eb6af870d7d8d2492fed7
Instruction Fuzzy Hash: B3112771E442596BDB10DBE9C851AAEB3FCEB48704F40446AB904E7292D7799D408B64

Uniqueness

Uniqueness Score: -1.00%

Function 0042AB6C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66
threadsynchronizationwindowCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E0042AB6C(void* __eax, void* __edi, void* __ebp) {
				struct tagMSG _v36;
				long _v40;
				void* _v44;
				void* __ebx;
				void* __esi;
				long _t13;
				long _t21;
				long _t32;
				intOrPtr _t33;
				signed int _t34;
				void* _t37;
				void* _t38;
				DWORD* _t40;

				_t37 = __edi;
				_t40 =  &_v40;
				_t38 = __eax;
				if( *((char*)(__eax + 0x3c)) != 0) {
					_t33 =  *0x504d50; // 0x40a884
					L004119EC(_t33, 1);
					E00404A74();
				}
				_v44 =  *((intOrPtr*)(_t38 + 4));
				_t13 = GetCurrentThreadId();
				_t34 =  *0x50504c; // 0x50603c
				if(_t13 !=  *_t34) {
					WaitForSingleObject(_v44, 0xffffffff);
				} else {
					_t32 = 0;
					_t21 =  *0x50ae68; // 0x21c
					_v40 = _t21;
					do {
						if(_t32 == 2) {
							PeekMessageW( &_v36, 0, 0, 0, 0);
						}
						_t32 = MsgWaitForMultipleObjects(2,  &_v44, 0, 0x3e8, 0x40);
						_t34 = _t34 & 0xffffff00 | _t32 != 0xffffffff;
						E0042A824(_t38, _t34);
						if(_t32 == 1) {
							E0042A364(0, _t32, _t37, _t38);
						}
					} while (_t32 != 0);
				}
				GetExitCodeThread(_v44, _t40);
				asm("sbb edx, edx");
				E0042A824(_t38, _t34 + 1);
				return  *_t40;
			}

0x0042ab6c
0x0042ab6e
0x0042ab71
0x0042ab77
0x0042ab79
0x0042ab86
0x0042ab8b
0x0042ab8b
0x0042ab93
0x0042ab97
0x0042ab9c
0x0042aba4
0x0042ac05
0x0042aba6
0x0042aba6
0x0042aba8
0x0042abad
0x0042abb1
0x0042abb4
0x0042abc3
0x0042abc3
0x0042abdd
0x0042abe2
0x0042abe7
0x0042abef
0x0042abf3
0x0042abf3
0x0042abf8
0x0042abfc
0x0042ac10
0x0042ac18
0x0042ac1d
0x0042ac2a

APIs

GetCurrentThreadId.KERNEL32 ref: 0042AB97
PeekMessageW.USER32 ref: 0042ABC3
MsgWaitForMultipleObjects.USER32 ref: 0042ABD8
WaitForSingleObject.KERNEL32(?,000000FF), ref: 0042AC05
GetExitCodeThread.KERNEL32(?,?,?,000000FF), ref: 0042AC10

Strings

<`P, xrefs: 0042AB9C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ThreadWait$CodeCurrentExitMessageMultipleObjectObjectsPeekSingle
String ID: <`P
API String ID: 1797888035-3701931957
Opcode ID: 125860f8302aaf33a9bed9946090f2c21a5a925b1f2938784279cfbef493fb56
Instruction ID: 7964f1d78324b9a64a1f92550013217c3c94e1c751d8d64debe9312779c8cfa5
Opcode Fuzzy Hash: 125860f8302aaf33a9bed9946090f2c21a5a925b1f2938784279cfbef493fb56
Instruction Fuzzy Hash: B011D3717403506BC610EB7ADCC2F5E37C8AB54714F90492AFA50E72D2D678EC44C74A

Uniqueness

Uniqueness Score: -1.00%

Function 004FAAD8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 51%

			E004FAAD8(void* __eax, void* __ebx, long* __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				struct tagTEXTMETRICW _v76;
				signed int _t26;
				signed int _t27;
				void* _t36;
				intOrPtr _t43;
				long* _t45;
				signed int* _t47;
				void* _t50;

				_t37 = __ecx;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t45 = __ecx;
				_t47 = __edx;
				_t36 = __eax;
				_v8 = GetDC(0);
				_push(_t50);
				_push(0x4fab64);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xffffffb8;
				SelectObject(_v8, E00430D88(_t36, _t36, _t37, _t45, _t47));
				GetTextExtentPointW(_v8, L"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v16);
				asm("cdq");
				_t26 = _v16.cx / 0x1a + 1;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				 *_t47 = _t27;
				GetTextMetricsW(_v8,  &_v76);
				 *_t45 = _v76.tmHeight;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(E004FAB6B);
				return ReleaseDC(0, _v8);
			}

0x004faad8
0x004faade
0x004faadf
0x004faae0
0x004faae1
0x004faae3
0x004faae5
0x004faaee
0x004faaf3
0x004faaf4
0x004faaf9
0x004faafc
0x004fab0b
0x004fab1f
0x004fab2c
0x004fab2f
0x004fab30
0x004fab32
0x004fab34
0x004fab34
0x004fab37
0x004fab41
0x004fab49
0x004fab4d
0x004fab50
0x004fab53
0x004fab63

APIs

GetDC.USER32(00000000), ref: 004FAAE9
SelectObject.GDI32(00000000,00000000), ref: 004FAB0B
GetTextExtentPointW.GDI32(00000000,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,004FB0E7), ref: 004FAB1F
GetTextMetricsW.GDI32(00000000,?,00000000,00000000,00000000,004FAB64,?,00000000,?,?,00000000), ref: 004FAB41
ReleaseDC.USER32 ref: 004FAB5E

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 004FAB16

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Text$ExtentMetricsObjectPointReleaseSelect
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
API String ID: 844173074-222967699
Opcode ID: 8309e9a8a614fc4a65d7e0e1d7563ea021e4adc4a3ef1e4eb57e24d4c1d208bb
Instruction ID: eb33620f4a528fa46cfba91873aaab3ace2be4745cc87c30a72d5d013b15cb52
Opcode Fuzzy Hash: 8309e9a8a614fc4a65d7e0e1d7563ea021e4adc4a3ef1e4eb57e24d4c1d208bb
Instruction Fuzzy Hash: 1D0161B6B04248AFDB04DBE9CC41E6EB7FDDB48704F150476F604E3292D678AE108B28

Uniqueness

Uniqueness Score: -1.00%

Function 00445060, Relevance: 9.3, APIs: 6, Instructions: 312
windowCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E00445060(intOrPtr __eax, void* __ebx, signed short* __edx, void* __edi, signed int __esi) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v24;
				void* _v44;
				struct tagMSG _v52;
				char _v56;
				void* _v60;
				signed int _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char _v92;
				char _v96;
				intOrPtr _t121;
				long _t124;
				void* _t128;
				signed int _t134;
				void* _t140;
				signed int _t146;
				signed int _t151;
				void* _t155;
				signed int _t182;
				signed int _t183;
				void* _t186;
				intOrPtr _t187;
				signed int _t189;
				intOrPtr _t193;
				signed int _t195;
				signed int _t201;
				signed int _t202;
				signed int _t204;
				int _t208;
				signed int _t214;
				signed int _t229;
				signed short* _t241;
				void* _t242;
				intOrPtr _t260;
				intOrPtr _t265;
				intOrPtr _t266;
				void* _t295;
				signed int _t306;
				signed int _t308;
				intOrPtr _t310;
				intOrPtr _t311;

				_t305 = __esi;
				_t300 = __edi;
				_t310 = _t311;
				_t242 = 0xb;
				do {
					_push(0);
					_push(0);
					_t242 = _t242 - 1;
				} while (_t242 != 0);
				_push(_t242);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t241 = __edx;
				_v8 = __eax;
				_push(_t310);
				_push(0x445455);
				_push( *[fs:eax]);
				 *[fs:eax] = _t311;
				E00462894(_v8, __edx);
				if( *((char*)(_v8 + 0x2c8)) == 0) {
					L52:
					_pop(_t260);
					 *[fs:eax] = _t260;
					_push(0x44545c);
					L00406440( &_v96, 5);
					L00406438( &_v76);
					L00406440( &_v72, 2);
					L00406440( &_v60, 2);
					return L00406440( &_v16, 2);
				} else {
					_t121 = _v8;
					_t314 = ( *(_t121 + 0x2d6) & 0x000000ff) - 2;
					if(( *(_t121 + 0x2d6) & 0x000000ff) - 2 >= 0) {
						_t124 = GetTickCount();
						_t265 = _v8;
						_t266 = _v8;
						__eflags = _t124 -  *((intOrPtr*)(_t265 + 0x2cc)) -  *((intOrPtr*)(_t266 + 0x2f4));
						if(_t124 -  *((intOrPtr*)(_t265 + 0x2cc)) >=  *((intOrPtr*)(_t266 + 0x2f4))) {
							__eflags = 0;
							E00406448(_v8 + 0x2d0, 0);
						}
						 *((intOrPtr*)(_v8 + 0x2cc)) = GetTickCount();
					} else {
						E0045B0C8(_v8,  &_v56, _t314);
						E00406448(_v8 + 0x2d0, _v56);
					}
					_t128 = ( *_t241 & 0x0000ffff) - 8;
					if(_t128 == 0) {
						__eflags = E00444F78( &_v20,  &_v24, _t310);
						if(__eflags == 0) {
							__eflags = ( *(_v8 + 0x2d6) & 0x000000ff) - 2;
							if(__eflags >= 0) {
								_t134 = 0;
								__eflags = 0;
							} else {
								E0045B0C8(_v8,  &_v60, __eflags);
								_v64 = _v60;
								_t182 = _v64;
								__eflags = _t182;
								if(_t182 != 0) {
									_t183 = _t182 - 4;
									__eflags = _t183;
									_t182 =  *_t183;
								}
								__eflags = _t182;
								_t134 = _t182 & 0xffffff00 | _t182 > 0x00000000;
							}
							__eflags = _t134;
							if(__eflags == 0) {
								while(1) {
									_t140 = E00412630( *(_v8 + 0x2d0), _t241, E004067B0( *(_v8 + 0x2d0)), _t305);
									__eflags = _t140 - 2;
									if(_t140 != 2) {
										break;
									}
									_t305 =  *(_v8 + 0x2d0);
									__eflags = _t305;
									if(_t305 != 0) {
										_t306 = _t305 - 4;
										__eflags = _t306;
										_t305 =  *_t306;
									}
									__eflags = _v8 + 0x2d0;
									E00406CBC(_v8 + 0x2d0, 1, _t305);
								}
								_t146 =  *(_v8 + 0x2d0);
								__eflags = _t146;
								if(_t146 != 0) {
									_t151 = _t146 - 4;
									__eflags = _t151;
									_t146 =  *_t151;
								}
								__eflags = _v8 + 0x2d0;
								E00406CBC(_v8 + 0x2d0, 1, _t146);
								goto L34;
							} else {
								E0045B0C8(_v8,  &_v16, __eflags);
								_t308 = _v20;
								while(1) {
									_t155 = E00412630(_v16, _t241, _t308, _t308);
									__eflags = _t155 - 2;
									if(_t155 != 2) {
										break;
									}
									_t308 = _t308 - 1;
									__eflags = _t308;
								}
								E00406BEC(_v16, _t241, 1, _t300, _t308,  &_v12);
								SendMessageW(L00463A10(_v8), 0x14e, 0xffffffff, 0);
								E00406BEC(_v16, _t241, _v24 + 1, _t300, _t308,  &_v72);
								E00406914( &_v68, _v72, _v12);
								E0045B100(_v8, _t241, _v72, _v68, _t308);
								SendMessageW(L00463A10(_v8), 0x142, 0, _t308 - 0x00000001 & 0x0000ffff | (_t308 - 0x00000001 & 0x0000ffff) << 0x00000010);
								E0045B0C8(_v8,  &_v76, __eflags);
								E00406448(_v8 + 0x2d0, _v76);
								L34:
								 *_t241 = 0;
								E004042A8(_v8, __eflags);
								goto L52;
							}
						}
						E00444FBC(_v20, _t241, _v24, _t305, __eflags, _t310);
						goto L34;
					}
					_t186 = _t128 - 1;
					if(_t186 == 0) {
						_t187 = _v8;
						__eflags =  *((char*)(_t187 + 0x2c9));
						if( *((char*)(_t187 + 0x2c9)) != 0) {
							_t189 = L00443CE8(_v8);
							__eflags = _t189;
							if(_t189 != 0) {
								L00443D0C(_v8, 0);
							}
						}
						goto L52;
					}
					if(_t186 != 0x12) {
						_t193 = _v8;
						__eflags =  *((char*)(_t193 + 0x2c9));
						if( *((char*)(_t193 + 0x2c9)) != 0) {
							_t229 = L00443CE8(_v8);
							__eflags = _t229;
							if(_t229 == 0) {
								L00443D0C(_v8, 1);
							}
						}
						_t195 = E00444F78( &_v20,  &_v24, _t310);
						__eflags = _t195;
						if(_t195 == 0) {
							E004065C4();
							E00406914( &_v16, _v88,  *(_v8 + 0x2d0));
						} else {
							E00406BEC( *(_v8 + 0x2d0), _t241, 1, _t300, _t305,  &_v80);
							_push(_v80);
							E004065C4();
							_pop(_t295);
							E00406914( &_v16, _v84, _t295);
						}
						_t201 =  *_t241 & 0x0000ffff;
						__eflags = _t201 - 0xd800;
						if(_t201 < 0xd800) {
							L43:
							_t202 = 0;
							goto L45;
						} else {
							__eflags = _t201 - 0xdfff;
							if(_t201 <= 0xdfff) {
								_t202 = 1;
								L45:
								__eflags = _t202;
								if(_t202 == 0) {
									_t204 = L00445464(_v8, _t241, _v16, _t300, _t305);
									__eflags = _t204;
									if(_t204 != 0) {
										 *_t241 = 0;
									}
								} else {
									_t208 = PeekMessageW( &_v52, L00463A10(_v8), 0, 0, 0);
									__eflags = _t208;
									if(_t208 != 0) {
										__eflags = _v52.message - 0x102;
										if(_v52.message == 0x102) {
											E004065C4();
											E00406914( &_v92, _v96, _v16);
											_t214 = L00445464(_v8, _t241, _v92, _t300, _t305);
											__eflags = _t214;
											if(_t214 != 0) {
												PeekMessageW( &_v52, L00463A10(_v8), 0, 0, 1);
												 *_t241 = 0;
											}
										}
									}
								}
								goto L52;
							}
							goto L43;
						}
					} else {
						goto L52;
					}
				}
			}

0x00445060
0x00445060
0x00445061
0x00445063
0x00445068
0x00445068
0x0044506a
0x0044506c
0x0044506c
0x0044506f
0x00445070
0x00445071
0x00445072
0x00445073
0x00445075
0x0044507a
0x0044507b
0x00445080
0x00445083
0x0044508b
0x0044509a
0x0044540b
0x0044540d
0x00445410
0x00445413
0x00445420
0x00445428
0x00445435
0x00445442
0x00445454
0x004450a0
0x004450a0
0x004450aa
0x004450ac
0x004450cb
0x004450d0
0x004450d9
0x004450dc
0x004450e2
0x004450ec
0x004450ee
0x004450ee
0x004450fb
0x004450ae
0x004450b4
0x004450c4
0x004450c4
0x00445104
0x00445108
0x0044515a
0x0044515c
0x0044517a
0x0044517c
0x004451a2
0x004451a2
0x0044517e
0x00445184
0x0044518c
0x0044518f
0x00445192
0x00445194
0x00445196
0x00445196
0x00445199
0x00445199
0x0044519b
0x0044519d
0x0044519d
0x004451a4
0x004451a6
0x0044528a
0x004452a3
0x004452a8
0x004452aa
0x00000000
0x00000000
0x00445267
0x0044526d
0x0044526f
0x00445271
0x00445271
0x00445274
0x00445274
0x00445279
0x00445285
0x00445285
0x004452af
0x004452b5
0x004452b7
0x004452b9
0x004452b9
0x004452bc
0x004452bc
0x004452c1
0x004452cd
0x00000000
0x004451ac
0x004451b2
0x004451b7
0x004451bd
0x004451c2
0x004451c7
0x004451c9
0x00000000
0x00000000
0x004451bc
0x004451bc
0x004451bc
0x004451da
0x004451f1
0x00445206
0x00445214
0x0044521f
0x00445242
0x0044524d
0x0044525d
0x004452d2
0x004452d2
0x004452de
0x00000000
0x004452de
0x004451a6
0x00445165
0x00000000
0x0044516a
0x0044510a
0x0044510d
0x0044511e
0x00445121
0x00445128
0x00445131
0x00445136
0x00445138
0x00445143
0x00445143
0x00445138
0x00000000
0x00445128
0x00445113
0x004452e8
0x004452eb
0x004452f2
0x004452f7
0x004452fc
0x004452fe
0x00445305
0x00445305
0x004452fe
0x00445311
0x00445317
0x00445319
0x00445358
0x0044536c
0x0044531b
0x00445330
0x00445338
0x0044533f
0x0044534a
0x0044534b
0x0044534b
0x00445371
0x00445374
0x00445378
0x00445380
0x00445380
0x00000000
0x0044537a
0x0044537a
0x0044537e
0x00445384
0x00445386
0x00445386
0x00445388
0x004453fd
0x00445402
0x00445404
0x00445406
0x00445406
0x0044538a
0x0044539d
0x004453a2
0x004453a4
0x004453a6
0x004453ad
0x004453b6
0x004453c4
0x004453cf
0x004453d4
0x004453d6
0x004453eb
0x004453f0
0x004453f0
0x004453d6
0x004453ad
0x004453a4
0x00000000
0x00445388
0x00000000
0x0044537e
0x00445119
0x00000000
0x00445119
0x00445113

APIs

GetTickCount.KERNEL32 ref: 004450CB
GetTickCount.KERNEL32 ref: 004450F3
SendMessageW.USER32(00000000,0000014E,000000FF,00000000), ref: 004451F1
SendMessageW.USER32(00000000,00000142,00000000,?), ref: 00445242

Part of subcall function 00444FBC: SendMessageW.USER32(00000000,0000014E,000000FF,00000000), ref: 00445007
Part of subcall function 00444FBC: SendMessageW.USER32(00000000,00000142,00000000), ref: 00445038

PeekMessageW.USER32 ref: 0044539D
PeekMessageW.USER32 ref: 004453EB

Part of subcall function 00443CE8: SendMessageW.USER32(00000000,00000157,00000000,00000000), ref: 00443CFC

Part of subcall function 00443D0C: SendMessageW.USER32(00000000,0000014F,?,00000000), ref: 00443D28
Part of subcall function 00443D0C: InvalidateRect.USER32(00000000,000000FF,000000FF), ref: 00443D45

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message$Send$CountPeekTick$InvalidateRect
String ID:
API String ID: 2065907832-0
Opcode ID: 413a88ad1878a4a916726fc25fbdda23806d470e8a9e4a9a7f728fc2962951be
Instruction ID: 4935a95f5f9f0fc0471dd3d68f2c1ed0c1230899b77a5c0847095f64fbc7b65c
Opcode Fuzzy Hash: 413a88ad1878a4a916726fc25fbdda23806d470e8a9e4a9a7f728fc2962951be
Instruction Fuzzy Hash: 2DC15530A005099BEF00DB95C985BEEB3B5EF44704F244567E401BB397D778AE46DB58

Uniqueness

Uniqueness Score: -1.00%

Function 0047658C, Relevance: 9.1, APIs: 6, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E0047658C(intOrPtr* __eax, void* __ebx, struct HDC__* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				struct HDC__* _v12;
				int _v16;
				struct tagRECT _v32;
				long _t79;
				struct HBRUSH__* _t91;
				intOrPtr _t108;
				intOrPtr _t118;
				void* _t119;
				void* _t122;
				void* _t123;
				intOrPtr _t124;

				_t119 = __edi;
				_t122 = _t123;
				_t124 = _t123 + 0xffffffe4;
				_v12 = __edx;
				_v8 = __eax;
				L00431F8C( *((intOrPtr*)(_v8 + 0x290)));
				_push(_t122);
				_push(0x476778);
				_push( *[fs:eax]);
				 *[fs:eax] = _t124;
				E004325DC( *((intOrPtr*)(_v8 + 0x290)), _v12);
				_push(_t122);
				_push(0x476755);
				_push( *[fs:eax]);
				 *[fs:eax] = _t124;
				_v16 = SaveDC(_v12);
				_push(_t122);
				_push(0x476708);
				_push( *[fs:eax]);
				 *[fs:eax] = _t124;
				_t108 =  *((intOrPtr*)(_v8 + 0x364));
				if(E0047E130(_t108) != 0 ||  *((intOrPtr*)(_v8 + 0x2a8)) != 0 &&  *((char*)(_t108 + 8)) != 0) {
					_t109 =  *_v8;
					 *((intOrPtr*)( *_v8 + 0x44))();
					if( *((char*)(_t108 + 0x28)) != 0 ||  *((char*)(_v8 + 0x368)) != 0) {
						 *((char*)(_v8 + 0x368)) = 0;
					} else {
						ExcludeClipRect(_v12,  *(_t108 + 0xc),  *(_t108 + 0x10), _v32.right -  *((intOrPtr*)(_t108 + 0x14)), _v32.bottom -  *((intOrPtr*)(_t108 + 0x18)));
					}
					if( *((intOrPtr*)(_v8 + 0x2a8)) != 0) {
						L004316B8( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x290)) + 0x14)), _t109, 0xff000002, _t119, _t122);
						L004317F4( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x290)) + 0x14)), _t109, 5, _t119, _t122);
						_t79 = E004306C0( *((intOrPtr*)(_v8 + 0x6c)));
						SetBkColor(E00432554( *((intOrPtr*)(_v8 + 0x290))), _t79);
						L00431E8C( *((intOrPtr*)(_v8 + 0x290)),  &_v32, _t119);
					} else {
						_t91 = GetStockObject(4);
						FillRect(E00432554( *((intOrPtr*)(_v8 + 0x290))),  &_v32, _t91);
					}
				}
				_pop(_t118);
				 *[fs:eax] = _t118;
				_push(0x47670f);
				return RestoreDC(_v12, _v16);
			}

0x0047658c
0x0047658d
0x0047658f
0x00476594
0x00476597
0x004765a3
0x004765aa
0x004765ab
0x004765b0
0x004765b3
0x004765c2
0x004765c9
0x004765ca
0x004765cf
0x004765d2
0x004765de
0x004765e3
0x004765e4
0x004765e9
0x004765ec
0x004765f2
0x00476601
0x00476623
0x00476625
0x0047662c
0x0047665e
0x0047663a
0x00476654
0x00476654
0x0047666f
0x004766a4
0x004766b7
0x004766c2
0x004766d7
0x004766e8
0x00476671
0x00476673
0x0047668c
0x0047668c
0x0047666f
0x004766ef
0x004766f2
0x004766f5
0x00476707

APIs

Part of subcall function 00431F8C: EnterCriticalSection.KERNEL32(0050AF20,00000000,004340D5,00000000,?,?,00435A5E,004364EC,00000000,?,?), ref: 00431F94
Part of subcall function 00431F8C: LeaveCriticalSection.KERNEL32(0050AF20,0050AF20,00000000,004340D5,00000000,?,?,00435A5E,004364EC,00000000,?,?), ref: 00431FA1
Part of subcall function 00431F8C: EnterCriticalSection.KERNEL32(?,0050AF20,0050AF20,00000000,004340D5,00000000,?,?,00435A5E,004364EC,00000000,?,?), ref: 00431FAA

SaveDC.GDI32(?), ref: 004765D9
ExcludeClipRect.GDI32(?,?,?,?,?), ref: 00476654
GetStockObject.GDI32(00000004), ref: 00476673
FillRect.USER32 ref: 0047668C
RestoreDC.GDI32(?,?), ref: 00476702

Part of subcall function 004306C0: GetSysColor.USER32(00432508), ref: 004306CA

SetBkColor.GDI32(00000000,00000000), ref: 004766D7

Part of subcall function 00431E8C: FillRect.USER32 ref: 00431EB5

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CriticalRectSection$ColorEnterFill$ClipExcludeLeaveObjectRestoreSaveStock
String ID:
API String ID: 3001281481-0
Opcode ID: fb274842b96beccf00edb8ade7124585d61aa095127905ea40cd9983a34417fe
Instruction ID: d38e9cc01919466152279994463ad2aa3329fbbc8784a2f9831560b0bea4f07d
Opcode Fuzzy Hash: fb274842b96beccf00edb8ade7124585d61aa095127905ea40cd9983a34417fe
Instruction Fuzzy Hash: BB41EB74A00648EFDB01DFA9C599E9E77F9EB09304F5644A6F908E7352C738AE40DB14

Uniqueness

Uniqueness Score: -1.00%

Function 004B8EF8, Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 72
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E004B8EF8(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8) {
				char _v8;
				void* _t36;
				void* _t45;
				intOrPtr _t49;
				void* _t50;
				void* _t52;
				void* _t56;
				void* _t58;
				intOrPtr _t61;

				_t56 = __edi;
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t58 = __ecx;
				_t36 = __eax;
				_push(_t61);
				_push(0x4b8fc3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t61;
				_t45 = __edx - 0x80000000;
				if(_t45 == 0) {
					E0040649C( &_v8, L"CLASSES_ROOT");
					goto L10;
				} else {
					_t50 = _t45 - 1;
					if(_t50 == 0) {
						E0040649C( &_v8, L"CURRENT_USER");
						goto L10;
					} else {
						_t52 = _t50 - 1;
						if(_t52 == 0) {
							E0040649C( &_v8, L"MACHINE");
							goto L10;
						} else {
							if(_t52 == 1) {
								E0040649C( &_v8, L"USERS");
								L10:
								_push(_v8);
								_push(0x4b9064);
								_push(_t58);
								E004069F8( &_v8, 3, _t56);
								SetLastError(E004B8D28(_a4 & 0xffffff00 | _t36 == 0x00000002, _t36, _v8, 4, _t56, _t58, 2, _a4, _a8));
							} else {
								SetLastError(0x57);
							}
						}
					}
				}
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x4b8fca);
				return L00406438( &_v8);
			}

0x004b8ef8
0x004b8efb
0x004b8efd
0x004b8efe
0x004b8eff
0x004b8f01
0x004b8f05
0x004b8f06
0x004b8f0b
0x004b8f0e
0x004b8f11
0x004b8f17
0x004b8f2c
0x00000000
0x004b8f19
0x004b8f19
0x004b8f1a
0x004b8f3b
0x00000000
0x004b8f1c
0x004b8f1c
0x004b8f1d
0x004b8f4a
0x00000000
0x004b8f1f
0x004b8f20
0x004b8f59
0x004b8f6b
0x004b8f6b
0x004b8f6e
0x004b8f73
0x004b8f7c
0x004b8fa1
0x004b8f22
0x004b8f62
0x004b8f67
0x004b8f20
0x004b8f1d
0x004b8f1a
0x004b8faf
0x004b8fb2
0x004b8fb5
0x004b8fc2

APIs

SetLastError.KERNEL32(00000057,00000000,004B8FC3,?,?,?,00000000), ref: 004B8F62
SetLastError.KERNEL32(00000000,00000002,?,?,?,004B9064,?,00000000,004B8FC3,?,?,?,00000000), ref: 004B8FA1

Strings

MACHINE, xrefs: 004B8F45
CURRENT_USER, xrefs: 004B8F36
USERS, xrefs: 004B8F54
CLASSES_ROOT, xrefs: 004B8F27

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast
String ID: CLASSES_ROOT$CURRENT_USER$MACHINE$USERS
API String ID: 1452528299-1580325520
Opcode ID: 7a96acfe65d331c98d45180d0f3d443f2530f5def99249a89223065b1a1ceb58
Instruction ID: 7d268dca93ec31449704e8a19c303644d8c2d2922d5d103a8fa3f98022615f52
Opcode Fuzzy Hash: 7a96acfe65d331c98d45180d0f3d443f2530f5def99249a89223065b1a1ceb58
Instruction Fuzzy Hash: 1A115735214108AFDB00EEA5C991AFA72AEDB48344F61847F790562681DA7D9F01D63D

Uniqueness

Uniqueness Score: -1.00%

Function 004E06F4, Relevance: 9.1, APIs: 6, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004E06F4(signed int __eax) {
				intOrPtr* _t14;
				signed int _t18;
				intOrPtr* _t19;
				intOrPtr* _t23;
				signed int _t26;
				long _t27;
				intOrPtr* _t28;
				intOrPtr* _t32;
				intOrPtr* _t36;
				signed int _t40;

				_t40 = __eax;
				 *0x50c0a2 = __eax ^ 0x00000001;
				_t14 =  *0x504e38; // 0x50b17c
				_t18 = GetWindowLongW( *( *_t14 + 0x170), 0xffffffec) & 0xffffff00 | (_t17 & 0x00000080) == 0x00000000;
				if(_t40 != _t18) {
					_t19 =  *0x504e38; // 0x50b17c
					SetWindowPos( *( *_t19 + 0x170), 0, 0, 0, 0, 0, 0x97);
					_t23 =  *0x504e38; // 0x50b17c
					_t26 = GetWindowLongW( *( *_t23 + 0x170), 0xffffffec);
					if(_t40 == 0) {
						_t27 = _t26 | 0x00000080;
					} else {
						_t27 = _t26 & 0xffffff7f;
					}
					_t28 =  *0x504e38; // 0x50b17c
					SetWindowLongW( *( *_t28 + 0x170), 0xffffffec, _t27);
					if(_t40 == 0) {
						_t32 =  *0x504e38; // 0x50b17c
						return SetWindowPos( *( *_t32 + 0x170), 0, 0, 0, 0, 0, 0x57);
					} else {
						_t36 =  *0x504e38; // 0x50b17c
						return ShowWindow( *( *_t36 + 0x170), 5);
					}
				}
				return _t18;
			}

0x004e06f5
0x004e06fb
0x004e0702
0x004e0717
0x004e071c
0x004e0731
0x004e073f
0x004e0746
0x004e0754
0x004e075b
0x004e0764
0x004e075d
0x004e075d
0x004e075d
0x004e076c
0x004e077a
0x004e0781
0x004e07a6
0x00000000
0x004e0783
0x004e0785
0x00000000
0x004e0793
0x004e0781
0x004e07ba

APIs

GetWindowLongW.USER32(?,000000EC), ref: 004E0710
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC,?,004FCA5D,00000000,004FD344), ref: 004E073F
GetWindowLongW.USER32(?,000000EC), ref: 004E0754
SetWindowLongW.USER32 ref: 004E077A
ShowWindow.USER32(?,00000005,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000,00000000,00000000,00000097,?,000000EC), ref: 004E0793
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000057,?,000000EC,00000000,?,000000EC,?,00000000,00000000,00000000), ref: 004E07B4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Long$Show
String ID:
API String ID: 3609083571-0
Opcode ID: a0f7aed80030da84f220263879103cfce8548d19df31fb8f64e47b8ff7784545
Instruction ID: 8a5f4901f25ab44273ccf00b5fddc28949ca47e71d1d0f0a71335c51213cfc66
Opcode Fuzzy Hash: a0f7aed80030da84f220263879103cfce8548d19df31fb8f64e47b8ff7784545
Instruction Fuzzy Hash: 68115B76245700DFC711EB69D885F6633E8BB0E311F0902A5FA59DB3E2C279AC44AF05

Uniqueness

Uniqueness Score: -1.00%

Function 00433044, Relevance: 9.1, APIs: 6, Instructions: 56
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00433044(void* __eax, signed short __ecx) {
				char _v1036;
				signed short _v1038;
				struct tagRGBQUAD _v1048;
				short _v1066;
				void* _t20;
				struct HDC__* _t25;
				void* _t29;
				void* _t32;
				struct HPALETTE__* _t34;
				LOGPALETTE* _t35;

				_t32 = __eax;
				_t34 = 0;
				_t35->palVersion = 0x300;
				if(__eax == 0) {
					_v1038 = __ecx;
					E004031D0(_t29, __ecx + __ecx + __ecx + __ecx,  &_v1036);
				} else {
					_t25 = CreateCompatibleDC(0);
					_t20 = SelectObject(_t25, _t32);
					_v1066 = GetDIBColorTable(_t25, 0, 0x100,  &_v1048);
					SelectObject(_t25, _t20);
					DeleteDC(_t25);
				}
				if(_v1038 != 0) {
					if(_v1038 != 0x10 || E00432FAC(_t35) == 0) {
						E00432E40( &_v1036, _v1038 & 0x0000ffff);
					}
					_t34 = CreatePalette(_t35);
				}
				return _t34;
			}

0x0043304d
0x0043304f
0x00433051
0x00433059
0x00433093
0x004330a2
0x0043305b
0x00433062
0x00433066
0x0043307f
0x00433086
0x0043308c
0x0043308c
0x004330ad
0x004330b5
0x004330cb
0x004330cb
0x004330d8
0x004330d8
0x004330e5

APIs

CreateCompatibleDC.GDI32(00000000), ref: 0043305D
SelectObject.GDI32(00000000,00000000), ref: 00433066
GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,00000000,?,?,00435C8F,?,?,?,?,004341AB), ref: 0043307A
SelectObject.GDI32(00000000,00000000), ref: 00433086
DeleteDC.GDI32(00000000), ref: 0043308C
CreatePalette.GDI32 ref: 004330D3

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateObjectSelect$ColorCompatibleDeletePaletteTable
String ID:
API String ID: 2515223848-0
Opcode ID: 67d5b31ad8e59d643610846fb53b20dfdd137163830d16b6c4bb75eee91133d8
Instruction ID: 10a01b2ebcba3fabeb6ce51341f1d29352740cce8b21cf4feb015a9e797e61c7
Opcode Fuzzy Hash: 67d5b31ad8e59d643610846fb53b20dfdd137163830d16b6c4bb75eee91133d8
Instruction Fuzzy Hash: 0701846120434062D714A77A9C43B6B72F89FC4719F04982FB588A73D3E67D8D04835A

Uniqueness

Uniqueness Score: -1.00%

Function 00442CA4, Relevance: 9.0, APIs: 6, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E00442CA4(intOrPtr __eax, void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct tagTEXTMETRICW _v72;
				struct tagTEXTMETRICW _v132;
				void* _t22;
				void* _t33;
				intOrPtr _t37;
				void* _t38;
				void* _t39;
				void* _t42;

				_t33 = __ecx;
				_push(__ebx);
				_v8 = __eax;
				_v12 = GetDC(0);
				_push(_t42);
				_push(0x442d1a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t42 + 0xffffff80;
				GetTextMetricsW(_v12,  &_v72);
				_t22 = SelectObject(_v12, E00430D88( *((intOrPtr*)(_v8 + 0x64)), __ebx, _t33, _t38, _t39));
				GetTextMetricsW(_v12,  &_v132);
				SelectObject(_v12, _t22);
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(0x442d21);
				return ReleaseDC(0, _v12);
			}

0x00442ca4
0x00442caa
0x00442cab
0x00442cb5
0x00442cba
0x00442cbb
0x00442cc0
0x00442cc3
0x00442cce
0x00442ce3
0x00442cf2
0x00442cfc
0x00442d03
0x00442d06
0x00442d09
0x00442d19

APIs

GetDC.USER32(00000000), ref: 00442CB0
GetTextMetricsW.GDI32(?,?,00000000,00442D1A,?,00000000), ref: 00442CCE
SelectObject.GDI32(?,00000000), ref: 00442CE3
GetTextMetricsW.GDI32(?,?,?,00000000,?,?,00000000,00442D1A,?,00000000), ref: 00442CF2
SelectObject.GDI32(?,00000000), ref: 00442CFC
ReleaseDC.USER32 ref: 00442D14

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MetricsObjectSelectText$Release
String ID:
API String ID: 833910088-0
Opcode ID: 7f87a21389f62ce39c7bf41f826f1dcedc2af86a124b712b142eea22f75adcfe
Instruction ID: ae0a2ff06e7428296a63baba77d0671b5a5cfc29f0e662262cfcf32d2c6841bd
Opcode Fuzzy Hash: 7f87a21389f62ce39c7bf41f826f1dcedc2af86a124b712b142eea22f75adcfe
Instruction Fuzzy Hash: 1401E575A04248BFDB41EBE9CC51E9EB7FCEB0C704F510566F504E3292D6789D008B28

Uniqueness

Uniqueness Score: -1.00%

Function 0043272C, Relevance: 9.0, APIs: 6, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0043272C(void* __eax) {
				void* _t36;

				_t36 = __eax;
				UnrealizeObject(L0043170C( *((intOrPtr*)(__eax + 0x14))));
				SelectObject( *(_t36 + 4), L0043170C( *((intOrPtr*)(_t36 + 0x14))));
				if(L004317EC( *((intOrPtr*)(_t36 + 0x14))) != 0) {
					SetBkColor( *(_t36 + 4),  !(E004306C0(L004316B0( *((intOrPtr*)(_t36 + 0x14))))));
					return SetBkMode( *(_t36 + 4), 1);
				} else {
					SetBkColor( *(_t36 + 4), E004306C0(L004316B0( *((intOrPtr*)(_t36 + 0x14)))));
					return SetBkMode( *(_t36 + 4), 2);
				}
			}

0x0043272d
0x00432738
0x0043274a
0x00432759
0x00432793
0x004327a4
0x0043275b
0x0043276d
0x0043277e
0x0043277e

APIs

Part of subcall function 0043170C: CreateBrushIndirect.GDI32(?), ref: 004317B7

UnrealizeObject.GDI32(00000000), ref: 00432738
SelectObject.GDI32(00000000,00000000), ref: 0043274A
SetBkColor.GDI32(00000000,00000000), ref: 0043276D
SetBkMode.GDI32(00000000,00000002), ref: 00432778
SetBkColor.GDI32(00000000,00000000), ref: 00432793
SetBkMode.GDI32(00000000,00000001), ref: 0043279E

Part of subcall function 004306C0: GetSysColor.USER32(00432508), ref: 004306CA

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
String ID:
API String ID: 3527656728-0
Opcode ID: 03dfce32e7b03e070807b2da7cbc7753c3f69c98b2c12908884259f7362c2824
Instruction ID: d924aaae57d6af534c2e3b3453abf267d643b0867a8777519658f73120764626
Opcode Fuzzy Hash: 03dfce32e7b03e070807b2da7cbc7753c3f69c98b2c12908884259f7362c2824
Instruction Fuzzy Hash: 19F06FB5600140ABDF00FFAAD9C7D077BA86F48309B085496B904DF1ABC669DC104B39

Uniqueness

Uniqueness Score: -1.00%

Function 004B2358, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 245
windowCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E004B2358(void* __ebx, int* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				int* _v16;
				char _v144;
				intOrPtr _v148;
				void* _v152;
				intOrPtr _v156;
				char _v164;
				char _v168;
				void* _t57;
				intOrPtr* _t63;
				intOrPtr* _t68;
				intOrPtr* _t72;
				intOrPtr* _t78;
				intOrPtr _t84;
				void* _t111;
				void* _t114;
				int* _t115;
				struct HWND__* _t126;
				int _t130;
				intOrPtr _t161;
				intOrPtr _t167;
				intOrPtr _t168;
				intOrPtr _t173;
				struct HWND__* _t174;
				intOrPtr _t175;
				intOrPtr _t176;
				intOrPtr _t177;
				intOrPtr _t180;
				intOrPtr _t184;
				intOrPtr _t189;
				void* _t194;
				void* _t195;
				intOrPtr _t196;
				void* _t202;

				_t202 = __fp0;
				_t192 = __esi;
				_t191 = __edi;
				_t194 = _t195;
				_t196 = _t195 + 0xffffff5c;
				_push(__esi);
				_push(__edi);
				_v168 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = __edx;
				_push(_t194);
				_push(0x4b2727);
				_push( *[fs:eax]);
				 *[fs:eax] = _t196;
				_push(_t194);
				_push(0x4b26e9);
				_push( *[fs:edx]);
				 *[fs:edx] = _t196;
				_t130 =  *_v16;
				_t57 = _t130 - 0x4a;
				if(_t57 == 0) {
					_t59 = _v16[2];
					_t161 =  *(_v16[2]) - 0x800;
					__eflags = _t161;
					if(__eflags == 0) {
						_push(_t194);
						_push(0x4b2505);
						_push( *[fs:edx]);
						 *[fs:edx] = _t196;
						E00406584( &_v8,  *(_t59 + 4) >> 1,  *((intOrPtr*)(_t59 + 8)), __eflags);
						_push(_t194);
						_push(0x4b24c3);
						_push( *[fs:eax]);
						 *[fs:eax] = _t196;
						_t63 =  *0x5049b8; // 0x50c098
						 *_t63 =  *_t63 + 1;
						_push(_t194);
						_push(0x4b24a8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t196;
						L004DDD78(_v8,  *(_t59 + 4) >> 1,  &_v12);
						_pop(_t167);
						 *[fs:eax] = _t167;
						_push(E004B24AF);
						_t68 =  *0x5049b8; // 0x50c098
						 *_t68 =  *_t68 - 1;
						__eflags =  *_t68;
						return _t68;
					} else {
						_t168 = _t161 - 1;
						__eflags = _t168;
						if(_t168 == 0) {
							_push(_t194);
							_push(0x4b25fe);
							_push( *[fs:edx]);
							 *[fs:edx] = _t196;
							E004031D0( *((intOrPtr*)(_t59 + 8)), 0x94,  &_v164);
							_push(_t194);
							_push(0x4b25bc);
							_push( *[fs:eax]);
							 *[fs:eax] = _t196;
							_t72 =  *0x504b88; // 0x50c0a4
							__eflags =  *_t72;
							if( *_t72 == 0) {
								L00411930(L"Cannot evaluate variable because [Code] isn\'t running yet", 1);
								E00404A74();
							}
							L004055F4( &_v168, 0x80,  &_v144, 0);
							_t78 =  *0x504b88; // 0x50c0a4
							E004FA4D4( *_t78, _t130, _v156, _t191, _t192, _t202,  &_v12, _v168, _v148);
							_v16[3] = 1;
							_pop(_t173);
							 *[fs:eax] = _t173;
							_t174 =  *0x50bc38; // 0x0
							_t84 =  *0x50bc34; // 0x0
							E0048220C(_t84, _t130, _t174, _t191, _t192, _v12);
							_pop(_t175);
							 *[fs:eax] = _t175;
						} else {
							_t180 = _t168 - 1;
							__eflags = _t180;
							if(_t180 == 0) {
								_push(_t194);
								_push(0x4b265a);
								_push( *[fs:edx]);
								 *[fs:edx] = _t196;
								L0040527C(0x50bc28);
								L004053B4(0x50bc28,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
								_v16[3] = 1;
								_pop(_t184);
								 *[fs:eax] = _t184;
							} else {
								__eflags = _t180 == 1;
								if(_t180 == 1) {
									_push(_t194);
									_push(0x4b26b0);
									_push( *[fs:edx]);
									 *[fs:edx] = _t196;
									L0040527C(0x50bc2c);
									L004053B4(0x50bc2c,  *(_v16[2] + 4) >> 0,  *((intOrPtr*)(_v16[2] + 8)), __eflags, 0);
									_v16[3] = 1;
									_pop(_t189);
									 *[fs:eax] = _t189;
								}
							}
						}
						goto L21;
					}
				} else {
					_t111 = _t57 - 0xbb6;
					if(_t111 == 0) {
						 *0x50bc24 = 0;
						 *0x50bc34 = 0;
						 *0x50bc3c = 1;
						 *0x50bc3d = 0;
						PostMessageW(0, 0, 0, 0);
					} else {
						_t114 = _t111 - 1;
						if(_t114 == 0) {
							 *0x50bc3c = 1;
							_t115 = _v16;
							__eflags =  *((intOrPtr*)(_t115 + 4)) - 1;
							 *0x50bc3d =  *((intOrPtr*)(_t115 + 4)) == 1;
							PostMessageW(0, 0, 0, 0);
						} else {
							if(_t114 == 2) {
								SetForegroundWindow(_v16[1]);
							} else {
								_t126 =  *0x50bc38; // 0x0
								_v16[3] = DefWindowProcW(_t126, _t130, _v16[1], _v16[2]);
							}
						}
					}
					L21:
					_pop(_t176);
					 *[fs:eax] = _t176;
					_pop(_t177);
					 *[fs:eax] = _t177;
					_push(E004B272E);
					L0040527C( &_v168);
					return L00406440( &_v12, 2);
				}
			}

0x004b2358
0x004b2358
0x004b2358
0x004b2359
0x004b235b
0x004b2362
0x004b2363
0x004b2366
0x004b236c
0x004b236f
0x004b2372
0x004b2377
0x004b2378
0x004b237d
0x004b2380
0x004b2385
0x004b2386
0x004b238b
0x004b238e
0x004b2394
0x004b2398
0x004b239b
0x004b241a
0x004b241f
0x004b241f
0x004b2425
0x004b2443
0x004b2444
0x004b2449
0x004b244c
0x004b2460
0x004b2467
0x004b2468
0x004b246d
0x004b2470
0x004b2473
0x004b2478
0x004b247c
0x004b247d
0x004b2482
0x004b2485
0x004b248e
0x004b2495
0x004b2498
0x004b249b
0x004b24a0
0x004b24a5
0x004b24a5
0x004b24a7
0x004b2427
0x004b2427
0x004b2427
0x004b2428
0x004b2516
0x004b2517
0x004b251c
0x004b251f
0x004b2533
0x004b253a
0x004b253b
0x004b2540
0x004b2543
0x004b2546
0x004b254b
0x004b254e
0x004b255c
0x004b2561
0x004b2561
0x004b2580
0x004b2590
0x004b25a3
0x004b25ab
0x004b25b4
0x004b25b7
0x004b25e1
0x004b25e7
0x004b25ec
0x004b25f3
0x004b25f6
0x004b242e
0x004b242e
0x004b242e
0x004b242f
0x004b260f
0x004b2610
0x004b2615
0x004b2618
0x004b2620
0x004b263e
0x004b2646
0x004b264f
0x004b2652
0x004b2435
0x004b2435
0x004b2436
0x004b2668
0x004b2669
0x004b266e
0x004b2671
0x004b2679
0x004b2697
0x004b269f
0x004b26a8
0x004b26ab
0x004b26ab
0x004b2436
0x004b242f
0x00000000
0x004b2428
0x004b239d
0x004b239d
0x004b23a2
0x004b23b1
0x004b23ba
0x004b23bf
0x004b23c6
0x004b23d5
0x004b23a4
0x004b23a4
0x004b23a5
0x004b23df
0x004b23e6
0x004b23e9
0x004b23ed
0x004b23fc
0x004b23a7
0x004b23aa
0x004b240d
0x004b23ac
0x004b26ce
0x004b26dc
0x004b26dc
0x004b23aa
0x004b23a5
0x004b26df
0x004b26e1
0x004b26e4
0x004b2703
0x004b2706
0x004b2709
0x004b2714
0x004b2726
0x004b2726

APIs

PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004B23D5
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 004B23FC
SetForegroundWindow.USER32(?,00000000,004B26E9,?,00000000,004B2727), ref: 004B240D
DefWindowProcW.USER32(00000000,?,?,?,00000000,004B26E9,?,00000000,004B2727), ref: 004B26D4

Strings

Cannot evaluate variable because [Code] isn't running yet, xrefs: 004B2550

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: MessagePostWindow$ForegroundProc
String ID: Cannot evaluate variable because [Code] isn't running yet
API String ID: 602442252-3182603685
Opcode ID: 29e810ce5cf5ca485cacc11912212588eb476335f291b058a0c88a93ed3916c9
Instruction ID: c0b2866982009758f5139b0b17c60d61db4cc145b66916fa1f5170bb4655b13e
Opcode Fuzzy Hash: 29e810ce5cf5ca485cacc11912212588eb476335f291b058a0c88a93ed3916c9
Instruction Fuzzy Hash: 4891B534604208AFEB15DF68D991F9ABBF5FB49700F1184A6F90497791CB78AD40DF28

Uniqueness

Uniqueness Score: -1.00%

Function 004B01B4, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 149
registryCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E004B01B4(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr* _v24;
				char _v112;
				char _v4208;
				char _v4212;
				char _v4216;
				void* _t62;
				intOrPtr _t79;
				char _t85;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t120;
				void* _t125;
				void* _t126;
				void* _t130;
				void* _t131;
				intOrPtr _t133;
				void* _t146;

				_t146 = __fp0;
				_t128 = __esi;
				_t130 = _t131;
				_push(__eax);
				_t133 = _t131 + 0xffffffffffffef90;
				_push(__esi);
				_v4212 = 0;
				_v4216 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = __eax;
				_push(_t130);
				_push(0x4b039a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t133;
				L004ABFEC( &_v112);
				_push(_t130);
				_push(0x4b035a);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t133;
				if(L0047FAF0() == 0) {
					L0047F714( &_v4216);
					E0047E290(_v4216,  &_v4212);
					E00406914( &_v12, L"WININIT.INI", _v4212);
					if(E0047EB44(_v12) == 0) {
						goto L16;
					} else {
						_v24 = E004AAA68(1, 1, 0, 2);
						_push(_t130);
						_push(0x4b0349);
						_push( *[fs:eax]);
						 *[fs:eax] = _t133;
						while(1) {
							_t62 =  *((intOrPtr*)( *_v24 + 8))();
							_t91 = _t62;
							if(_t62 == 0) {
								break;
							}
							E004AC014( &_v112, _t91,  &_v4208);
						}
						_pop(_t120);
						 *[fs:eax] = _t120;
						_push(0x4b0350);
						return E00404098(_v24);
					}
				} else {
					if(E0047FD20(0, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 0x80000002,  &_v20, 1, 0) == 0) {
						if(E0047FC54() != 0) {
							_t126 = E00406EB8( &_v8, __esi);
							_t85 = _v8;
							if(_t85 != 0) {
								_t85 =  *((intOrPtr*)(_t85 - 4));
							}
							E004AC014( &_v112, _t85 + _t85, _t126);
						}
						if(E0047FC54() != 0) {
							_t125 = E00406EB8( &_v8, _t128);
							_t79 = _v8;
							if(_t79 != 0) {
								_t79 =  *((intOrPtr*)(_t79 - 4));
							}
							E004AC014( &_v112, _t79 + _t79, _t125);
						}
						RegCloseKey(_v20);
					}
					L16:
					_pop(_t113);
					 *[fs:eax] = _t113;
					E004AC0C4( &_v112, _v16, _t146);
					_pop(_t115);
					 *[fs:eax] = _t115;
					_push(0x4b03a1);
					L00406440( &_v4216, 2);
					return L00406440( &_v12, 2);
				}
			}

0x004b01b4
0x004b01b4
0x004b01b5
0x004b01bd
0x004b01be
0x004b01c2
0x004b01c6
0x004b01cc
0x004b01d2
0x004b01d5
0x004b01d8
0x004b01dd
0x004b01de
0x004b01e3
0x004b01e6
0x004b01ec
0x004b01f3
0x004b01f4
0x004b01f9
0x004b01fc
0x004b0206
0x004b02ad
0x004b02be
0x004b02d1
0x004b02e0
0x00000000
0x004b02e2
0x004b02f7
0x004b02fc
0x004b02fd
0x004b0302
0x004b0305
0x004b0308
0x004b0318
0x004b031b
0x004b031f
0x00000000
0x00000000
0x004b032c
0x004b032c
0x004b0335
0x004b0338
0x004b033b
0x004b0348
0x004b0348
0x004b020c
0x004b0227
0x004b023f
0x004b0249
0x004b024b
0x004b0250
0x004b0255
0x004b0255
0x004b025e
0x004b025e
0x004b0275
0x004b027f
0x004b0281
0x004b0286
0x004b028b
0x004b028b
0x004b0294
0x004b0294
0x004b029d
0x004b029d
0x004b0350
0x004b0352
0x004b0355
0x004b036a
0x004b0371
0x004b0374
0x004b0377
0x004b0387
0x004b0399
0x004b0399

APIs

Part of subcall function 0047FD20: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,004B035A,?,00000000,004B039A), ref: 004B029D

Strings

SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 004B0214
PendingFileRenameOperations, xrefs: 004B0230
PendingFileRenameOperations2, xrefs: 004B0266
WININIT.INI, xrefs: 004B02CC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseOpen
String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager$WININIT.INI
API String ID: 47109696-2199428270
Opcode ID: b1ee8ac2dbc3682e4b034363dd94ed65aef1dfc6e9a0791f2f2598ad2711d002
Instruction ID: 8b2bf2004dcf31f50ce58d6375065bc2385e602e1d6443e39772af2abe95cc81
Opcode Fuzzy Hash: b1ee8ac2dbc3682e4b034363dd94ed65aef1dfc6e9a0791f2f2598ad2711d002
Instruction Fuzzy Hash: 33518630A042089FDB14DFA5D855ADFB7F8EB45304F5080BBE945E7391DB78AE05CA28

Uniqueness

Uniqueness Score: -1.00%

Function 00458E44, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00458E44(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, void* __ebp, long long __fp0) {
				intOrPtr _v16;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				struct HWND__* _t38;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr _t45;
				intOrPtr _t49;
				intOrPtr* _t53;
				long _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr _t70;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t80;
				long long _t87;

				_t87 = __fp0;
				_t80 = _t79 + 0xfffffff8;
				_t70 = __ecx;
				_t45 = __edx;
				_t77 = __eax;
				 *0x50b100 = __eax;
				_t24 =  *0x50b100; // 0x0
				 *((intOrPtr*)(_t24 + 0x14)) = 0;
				GetCursorPos(0x50b10c);
				_t26 =  *0x50b100; // 0x0
				_t58 = 0x50b10c->x; // 0x0
				 *(_t26 + 0xc) = _t58;
				_t59 =  *0x50b110; // 0x0
				 *((intOrPtr*)(_t26 + 0x10)) = _t59;
				 *0x50b114 = GetCursor();
				_t28 =  *0x50b100; // 0x0
				 *0x50b108 = E00458034(_t28);
				 *0x50b118 = _t70;
				_t60 =  *0x4546d0; // 0x454728
				if(E00404238(_t77, _t60) == 0) {
					__eflags = _t45;
					if(__eflags == 0) {
						 *0x50b11c = 0;
					} else {
						 *0x50b11c = 1;
					}
				} else {
					_t65 = _t77;
					_t4 = _t65 + 0x4c; // 0x4c
					_t41 = _t4;
					_t49 =  *_t41;
					if( *((intOrPtr*)(_t41 + 8)) - _t49 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t65 + 0x28)) = 0;
						 *((intOrPtr*)(_t65 + 0x2c)) = 0;
					} else {
						 *_t80 =  *((intOrPtr*)(_t65 + 0xc)) - _t49;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 8)) -  *_t41;
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t65 + 0x28)) = __fp0;
						asm("wait");
					}
					_t66 =  *((intOrPtr*)(_t41 + 4));
					if( *((intOrPtr*)(_t41 + 0xc)) - _t66 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t77 + 0x30)) = 0;
						 *((intOrPtr*)(_t77 + 0x34)) = 0;
					} else {
						_t53 = _t77;
						 *_t80 =  *((intOrPtr*)(_t53 + 0x10)) - _t66;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 0xc)) -  *((intOrPtr*)(_t41 + 4));
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t53 + 0x30)) = _t87;
						asm("wait");
					}
					if(_t45 == 0) {
						 *0x50b11c = 0;
					} else {
						 *0x50b11c = 2;
						 *((intOrPtr*)( *_t77 + 0x30))();
					}
				}
				_t32 =  *0x50b100; // 0x0
				 *0x50b120 =  *((intOrPtr*)( *_t32 + 8))();
				_t85 =  *0x50b120;
				if( *0x50b120 != 0) {
					_t37 =  *0x50b110; // 0x0
					_t38 = GetDesktopWindow();
					_t39 =  *0x50b120; // 0x0
					L00465AAC(_t39, _t38, _t85, _t37);
				}
				_t35 = E00404068(1);
				 *0x50b128 = _t35;
				if( *0x50b11c != 0) {
					_t35 = E00458B5C(0x50b10c, 1, _t87);
				}
				return _t35;
			}

0x00458e44
0x00458e47
0x00458e4a
0x00458e4c
0x00458e4e
0x00458e50
0x00458e56
0x00458e5d
0x00458e65
0x00458e6a
0x00458e6f
0x00458e75
0x00458e78
0x00458e7e
0x00458e86
0x00458e8b
0x00458e95
0x00458e9a
0x00458ea2
0x00458eaf
0x00458f41
0x00458f43
0x00458f4e
0x00458f45
0x00458f45
0x00458f45
0x00458eb5
0x00458eb5
0x00458eb7
0x00458eb7
0x00458ebd
0x00458ec3
0x00458ee5
0x00458ee7
0x00458eea
0x00458ec5
0x00458eca
0x00458ecd
0x00458ed5
0x00458ed9
0x00458edd
0x00458edf
0x00458ee2
0x00458ee2
0x00458ef0
0x00458ef7
0x00458f1c
0x00458f1e
0x00458f21
0x00458ef9
0x00458ef9
0x00458f00
0x00458f03
0x00458f0c
0x00458f10
0x00458f14
0x00458f16
0x00458f19
0x00458f19
0x00458f26
0x00458f38
0x00458f28
0x00458f28
0x00458f33
0x00458f33
0x00458f26
0x00458f55
0x00458f5f
0x00458f64
0x00458f6b
0x00458f6d
0x00458f73
0x00458f80
0x00458f85
0x00458f85
0x00458f91
0x00458f96
0x00458fa2
0x00458fa9
0x00458fa9
0x00458fb3

APIs

GetCursorPos.USER32(0050B10C), ref: 00458E65
GetCursor.USER32(0050B10C), ref: 00458E81

Part of subcall function 00458034: SetCapture.USER32(00000000,Function_000581D8,00000000,?,00458E95,0050B10C), ref: 00458043

GetDesktopWindow.USER32 ref: 00458F73

Strings

X~E, xrefs: 00458F8C
(GE, xrefs: 00458EA2

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Cursor$CaptureDesktopWindow
String ID: (GE$X~E
API String ID: 669539147-428204910
Opcode ID: 50a98c42ccfaf7ce6c9f9f2f6211b075bf0ad58f6d5024f54c47543e506a07f1
Instruction ID: a2272b759aad7807cea790850517ee59c322f9e46e9b8c95fbcb818153eaeef1
Opcode Fuzzy Hash: 50a98c42ccfaf7ce6c9f9f2f6211b075bf0ad58f6d5024f54c47543e506a07f1
Instruction Fuzzy Hash: 8241B0716142008FD304DF29E8A86197BE2FB9D311F19C66EE8499B362CF74D849DF89

Uniqueness

Uniqueness Score: -1.00%

Function 00452BD4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85
windowCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00452BD4(intOrPtr* __eax) {
				struct tagMENUITEMINFOW _v52;
				char _v212;
				intOrPtr _t20;
				intOrPtr* _t23;
				void* _t30;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr _t48;
				struct HMENU__* _t56;
				void* _t58;
				void* _t60;
				intOrPtr _t61;

				_t58 = _t60;
				_t61 = _t60 + 0xffffff30;
				_t43 = __eax;
				_t20 =  *0x505054; // 0x508c54
				if( *((char*)(_t20 + 0xd)) == 0 ||  *((intOrPtr*)(__eax + 0x38)) == 0) {
					L12:
					return _t20;
				} else {
					_t56 =  *((intOrPtr*)( *__eax + 0x34))();
					_v52.fMask = 0x10;
					_v52.cch = 0x50;
					_t23 =  *0x505038; // 0x502914
					if( *_t23 != 1) {
						L4:
						_v52.cbSize = 0x30;
					} else {
						_t41 =  *0x504bac; // 0x502918
						if( *_t41 <= 4) {
							_v52.cbSize = 0x2c;
						} else {
							goto L4;
						}
					}
					_v52.dwTypeData =  &_v212;
					_push(_t58);
					_push(0x452ccd);
					_push( *[fs:eax]);
					 *[fs:eax] = _t61;
					if(GetMenuItemInfoW(_t56, 0, 0xffffffff,  &_v52) == 0) {
						L11:
						_pop(_t48);
						 *[fs:eax] = _t48;
						_push(0x452cd4);
						return 0;
					} else {
						_t30 = E00452FD8(_t43);
						asm("sbb edx, edx");
						if(_t30 != (_v52.fType & 0x00006000) + 1) {
							_v52.fType = ((E00452FD8(_t43) & 0x0000007f) << 0x0000000d) + ((E00452FD8(_t43) & 0x0000007f) << 0x0000000d) * 0x00000002 | _v52.fType & 0xffff9fff;
							_v52.fMask = 0x10;
							if(SetMenuItemInfoW(_t56, 0, 0xffffffff,  &_v52) != 0) {
								DrawMenuBar( *(_t43 + 0x38));
							}
							goto L11;
						} else {
							_t20 = E00404B68();
							goto L12;
						}
					}
				}
			}

0x00452bd5
0x00452bd7
0x00452bdf
0x00452be1
0x00452bea
0x00452cd4
0x00452cd9
0x00452bfa
0x00452c01
0x00452c03
0x00452c0a
0x00452c11
0x00452c19
0x00452c25
0x00452c25
0x00452c1b
0x00452c1b
0x00452c23
0x00452c2e
0x00000000
0x00000000
0x00000000
0x00452c23
0x00452c3b
0x00452c40
0x00452c41
0x00452c46
0x00452c49
0x00452c5c
0x00452cbf
0x00452cc1
0x00452cc4
0x00452cc7
0x00452ccc
0x00452c5e
0x00452c60
0x00452c71
0x00452c76
0x00452c9a
0x00452c9d
0x00452cb4
0x00452cba
0x00452cba
0x00000000
0x00452c78
0x00452c78
0x00000000
0x00452c78
0x00452c76
0x00452c5c

APIs

GetMenuItemInfoW.USER32 ref: 00452C55
SetMenuItemInfoW.USER32 ref: 00452CAD
DrawMenuBar.USER32(00000000,00000000,00000000,000000FF,00000030,00000000,00000000,000000FF,00000030,00000000,00452CCD,?,?,?,004533E5,00453418), ref: 00452CBA

Strings

P, xrefs: 00452C0A
,, xrefs: 00452C2E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Menu$InfoItem$Draw
String ID: ,$P
API String ID: 3227129158-1419105988
Opcode ID: 3fa19f8121811a9806d3dd80a45565aa98cbb13ca63ba6c3ad358118ffbea68b
Instruction ID: 0be6e2b87da41e439f41ba10be101996003373bbd41e1ea7d0ab9d8ac663d510
Opcode Fuzzy Hash: 3fa19f8121811a9806d3dd80a45565aa98cbb13ca63ba6c3ad358118ffbea68b
Instruction Fuzzy Hash: FD210330A002089FDB12DF68DD80B9E77B8EB06315F504167F800E7383D7B88848CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004526E0, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E004526E0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				struct HINSTANCE__* _v12;
				intOrPtr _v16;
				short _v36;
				char _v40;
				char _v44;
				void* _t35;
				intOrPtr _t66;
				intOrPtr _t70;
				void* _t74;
				void* _t75;
				intOrPtr _t76;
				void* _t77;

				_t77 = __eflags;
				_t51 = __ebx;
				_t74 = _t75;
				_t76 = _t75 + 0xffffffd8;
				_push(__ebx);
				_v40 = 0;
				_v44 = 0;
				_v8 = 0;
				_push(_t74);
				_push(0x452819);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				_v36 = 0;
				GetKeyboardLayoutNameW( &_v36);
				_v16 = E0042E7BC(1);
				_push(_t74);
				_push(0x4527ef);
				 *[fs:edx] = _t76;
				E0042E85C(_v16, 0x80000002);
				E00406640( &_v44, 0xa,  &_v36);
				E00406914( &_v40, _v44, L"\\SYSTEM\\CurrentControlSet\\Control\\Keyboard Layouts\\",  *[fs:edx]);
				_t35 = E0042E8C0(_v16, __ebx, _v40, __edi, __esi, _t77);
				_t78 = _t35;
				if(_t35 == 0) {
					__eflags = 0;
					_pop(_t66);
					 *[fs:eax] = _t66;
					_push(0x4527f6);
					return E00404098(_v16);
				} else {
					E0042EB0C(_v16,  &_v8, L"Layout File", _t78);
					_v12 = E00413C38(_v8, __ebx, 0x8000);
					_push(_t74);
					_push(0x4527d2);
					_push( *[fs:edx]);
					 *[fs:edx] = _t76;
					 *0x503aa0 = ( *( *((intOrPtr*)(E00409620(_t51, __esi, _v12, L"KbdLayerDescriptor")))() + 0x28) & 1) == 1;
					_pop(_t70);
					 *[fs:eax] = _t70;
					_push(0x4527d9);
					return FreeLibrary(_v12);
				}
			}

0x004526e0
0x004526e0
0x004526e1
0x004526e3
0x004526e6
0x004526e9
0x004526ec
0x004526ef
0x004526f4
0x004526f5
0x004526fa
0x004526fd
0x00452700
0x0045270a
0x0045271b
0x00452720
0x00452721
0x00452729
0x00452734
0x00452744
0x00452754
0x0045275f
0x00452764
0x00452766
0x004527d9
0x004527db
0x004527de
0x004527e1
0x004527ee
0x00452768
0x00452773
0x00452785
0x0045278a
0x0045278b
0x00452790
0x00452793
0x004527b4
0x004527bd
0x004527c0
0x004527c3
0x004527d1
0x004527d1

APIs

GetKeyboardLayoutNameW.USER32(00000000), ref: 0045270A

Part of subcall function 0042E85C: RegCloseKey.ADVAPI32(10AC0000,0042E6D8,00000001,0042E7DA,?,?,0043740E,00000008,00000060,00000048,00000000,004374AE), ref: 0042E870

Part of subcall function 0042E8C0: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,?,?,00000000,0042EA71), ref: 0042E939

Part of subcall function 00413C38: SetErrorMode.KERNEL32(00008000,?), ref: 00413C42
Part of subcall function 00413C38: LoadLibraryW.KERNEL32(00000000,00000000,00413C8C,?,00000000,00413CAA,?,00008000,?), ref: 00413C71

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

FreeLibrary.KERNEL32(?,004527D9,?,00000000,00452819), ref: 004527CC

Strings

Layout File, xrefs: 0045276B
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\, xrefs: 0045274F
KbdLayerDescriptor, xrefs: 00452796

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Library$AddressCloseErrorFreeKeyboardLayoutLoadModeNameOpenProc
String ID: KbdLayerDescriptor$Layout File$\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
API String ID: 3365787578-2194312379
Opcode ID: 6e126ac9fc9e0c0a0fb4e8ab404a15bc04f7ec16ca6837cb46474ff5b9b0a844
Instruction ID: 6a67a1bf7eaac59bab48e2940c1a7806e22ced5ed4176676752f73896576dce2
Opcode Fuzzy Hash: 6e126ac9fc9e0c0a0fb4e8ab404a15bc04f7ec16ca6837cb46474ff5b9b0a844
Instruction Fuzzy Hash: C031BF35A00208AFCB01EFA2D9519DDB7F5FB89704B61847BE800B7692D77D9D49CB28

Uniqueness

Uniqueness Score: -1.00%

Function 004B2F50, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E004B2F50(HANDLE* __eax) {
				HANDLE* _v8;
				long _v12;
				intOrPtr* _t7;
				long _t11;
				intOrPtr _t27;
				void* _t30;

				_v8 = __eax;
				_push(_t30);
				_push(0x4b2fd1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t30 + 0xfffffff8;
				do {
					_t7 =  *0x504e38; // 0x50b17c
					E0047C3A8( *_t7);
					_t11 = MsgWaitForMultipleObjects(1, _v8, 0, 0xffffffff, 0xff);
				} while (_t11 == 1);
				if(_t11 == 0xffffffff) {
					L004ADC34(L"MsgWaitForMultipleObjects");
				}
				if(GetExitCodeProcess( *_v8,  &_v12) == 0) {
					L004ADC34(L"GetExitCodeProcess");
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(E004B2FD8);
				return CloseHandle( *_v8);
			}

0x004b2f56
0x004b2f5b
0x004b2f5c
0x004b2f61
0x004b2f64
0x004b2f67
0x004b2f67
0x004b2f6e
0x004b2f82
0x004b2f87
0x004b2f8f
0x004b2f96
0x004b2f96
0x004b2fac
0x004b2fb3
0x004b2fb3
0x004b2fba
0x004b2fbd
0x004b2fc0
0x004b2fd0

APIs

MsgWaitForMultipleObjects.USER32 ref: 004B2F82
GetExitCodeProcess.KERNEL32 ref: 004B2FA5
CloseHandle.KERNEL32(?,004B2FD8,00000001,00000000,000000FF,000000FF,00000000,004B2FD1), ref: 004B2FCB

Strings

MsgWaitForMultipleObjects, xrefs: 004B2F91
GetExitCodeProcess, xrefs: 004B2FAE

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseCodeExitHandleMultipleObjectsProcessWait
String ID: GetExitCodeProcess$MsgWaitForMultipleObjects
API String ID: 2573145106-3235461205
Opcode ID: 9f3ce1f9fd9cf2df3c66eb57862ff3480c3794f4d4b5606ab1317d86ece25759
Instruction ID: f9c96adb5db76e043f36f85f413a9ba826dccd1782af7b4d783150c9fdb694e0
Opcode Fuzzy Hash: 9f3ce1f9fd9cf2df3c66eb57862ff3480c3794f4d4b5606ab1317d86ece25759
Instruction Fuzzy Hash: 7D018430604204AFDB21EBA9CD41AAE73B8EB4A724F504576F910D77D1D6B89D40E629

Uniqueness

Uniqueness Score: -1.00%

Function 004AE821, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45
fileCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E004AE821(void* __edx) {
				int _t11;
				WCHAR* _t26;
				intOrPtr _t32;
				intOrPtr _t33;
				void* _t36;

				_t26 = E004064D4( *((intOrPtr*)(_t36 - 0x10)));
				SetFileAttributesW(_t26, 0x20);
				_t11 = DeleteFileW(E004064D4( *((intOrPtr*)(_t36 - 0x10))));
				asm("sbb eax, eax");
				if(_t11 + 1 == 0) {
					L004ADC34(L"DeleteFile");
				}
				if(MoveFileW(E004064D4( *((intOrPtr*)(_t36 - 0x14))), _t26) == 0) {
					L004ADC34(L"MoveFile");
				}
				_pop(_t32);
				 *[fs:eax] = _t32;
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E004AE91D);
				L00406440(_t36 - 0x44, 7);
				return L00406440(_t36 - 0x1c, 7);
			}

0x004ae82b
0x004ae82e
0x004ae83c
0x004ae844
0x004ae849
0x004ae850
0x004ae850
0x004ae866
0x004ae86d
0x004ae86d
0x004ae874
0x004ae877
0x004ae8f0
0x004ae8f3
0x004ae8f6
0x004ae903
0x004ae915

APIs

SetFileAttributesW.KERNEL32(00000000,00000020), ref: 004AE82E
DeleteFileW.KERNEL32(00000000,00000000,00000020), ref: 004AE83C
MoveFileW.KERNEL32(00000000,00000000), ref: 004AE85F

Part of subcall function 004ADC34: GetLastError.KERNEL32(00000000,004AE8EE,00000005,00000000,004AE916,?,?,00000000,0050B17C,00000000,00000000,00000000,?,004FE26B,00000000,004FE286), ref: 004ADC37

Strings

DeleteFile, xrefs: 004AE84B
MoveFile, xrefs: 004AE868

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: File$AttributesDeleteErrorLastMove
String ID: DeleteFile$MoveFile
API String ID: 3024442154-139070271
Opcode ID: 31c8039d1c18fec8a2d40c57877c93af46511eae4be8bccb9bbbbde3797f163d
Instruction ID: a14352d00bb1c26c699235b1054e29f78f0f7873118da63199c57f037ee0bb5e
Opcode Fuzzy Hash: 31c8039d1c18fec8a2d40c57877c93af46511eae4be8bccb9bbbbde3797f163d
Instruction Fuzzy Hash: F5F08171A182058ADB00FBB7984266E62D8EB6630CF61443BB415E36C3DA3DDC11822D

Uniqueness

Uniqueness Score: -1.00%

Function 00406F50, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406F50(signed int __eax, void* __edx) {
				short _v530;
				short _v1052;
				short _v1056;
				short _v1058;
				signed int _t20;
				void* _t24;
				WCHAR* _t25;

				_t25 =  &_v1052;
				_t24 = __edx;
				_t20 = __eax;
				if(__eax != 0) {
					 *_t25 = (__eax & 0x000000ff) + 0x41 - 1;
					_v1058 = 0x3a;
					_v1056 = 0;
					GetCurrentDirectoryW(0x105,  &_v530);
					SetCurrentDirectoryW(_t25);
				}
				GetCurrentDirectoryW(0x105,  &_v1052);
				if(_t20 != 0) {
					SetCurrentDirectoryW( &_v530);
				}
				return E00406640(_t24, 0x105,  &_v1052);
			}

0x00406f52
0x00406f58
0x00406f5a
0x00406f5e
0x00406f68
0x00406f6c
0x00406f73
0x00406f87
0x00406f8d
0x00406f8d
0x00406f9c
0x00406fa3
0x00406fad
0x00406fad
0x00406fca

APIs

GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,0040DD01,004D94A0,00000000,004D957C,?,00000000,004D959E), ref: 00406F87
SetCurrentDirectoryW.KERNEL32(?,00000105,?,?,?,0040DD01,004D94A0,00000000,004D957C,?,00000000,004D959E), ref: 00406F8D
GetCurrentDirectoryW.KERNEL32(00000105,?,?,?,0040DD01,004D94A0,00000000,004D957C,?,00000000,004D959E), ref: 00406F9C
SetCurrentDirectoryW.KERNEL32(?,00000105,?,?,?,0040DD01,004D94A0,00000000,004D957C,?,00000000,004D959E), ref: 00406FAD

Strings

:, xrefs: 00406F6C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 1f1dfc061f7ce5fba94a525a68724fe0d7d7d2d3a1c0c8f4a9b96ff4fc67da8a
Instruction ID: 2a2578a9873e554637340ad988b15cacb881584caf9c4433a20746dd45dae6f2
Opcode Fuzzy Hash: 1f1dfc061f7ce5fba94a525a68724fe0d7d7d2d3a1c0c8f4a9b96ff4fc67da8a
Instruction Fuzzy Hash: D8F024751403416AD310E7A08892AEB73DCEF44308F00883FBAC8D72E1E77C8958836B

Uniqueness

Uniqueness Score: -1.00%

Function 004809D8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E004809D8(void* __eax, void* __edx) {
				void* __ebx;
				void* __esi;
				void* _t8;
				void* _t10;

				_t8 = __edx;
				_t10 = __eax;
				if( *0x50b1b0 == 0) {
					 *0x50b1b4 = E00409620(_t8, _t10, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilterEx");
					InterlockedExchange(0x50b1b0, 1);
				}
				if( *0x50b1b4 == 0) {
					return E00480944(_t8);
				} else {
					return  *0x50b1b4(_t10, _t8, 1, 0);
				}
			}

0x004809da
0x004809dc
0x004809e5
0x004809fc
0x00480a08
0x00480a08
0x00480a14
0x00480a2e
0x00480a16
0x00480a24
0x00480a24

APIs

GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilterEx,00000004,00503F6C,004B1F3E,004B2358,004B1E94,00000000,00000B06,00000000,00000000), ref: 004809F1

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

InterlockedExchange.KERNEL32(0050B1B0,00000001), ref: 00480A08

Part of subcall function 00480944: GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,00480A2C,00000004,00503F6C,004B1F3E,004B2358,004B1E94,00000000,00000B06,00000000,00000000), ref: 0048095A
Part of subcall function 00480944: InterlockedExchange.KERNEL32(0050B1A8,00000001), ref: 00480971

ChangeWindowMessageFilterEx.USER32(00000000,?,00000001,00000000,00000004,00503F6C,004B1F3E,004B2358,004B1E94,00000000,00000B06,00000000,00000000), ref: 00480A1C

Strings

user32.dll, xrefs: 004809EC
ChangeWindowMessageFilterEx, xrefs: 004809E7

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ExchangeHandleInterlockedModule$AddressChangeFilterMessageProcWindow
String ID: ChangeWindowMessageFilterEx$user32.dll
API String ID: 203963768-2676053874
Opcode ID: c25bf230996ddfe7fde163834d50b520b5fde32b4ade4cb83102c35b07176e3b
Instruction ID: fed4213dc60b6a53fb0c0dc2d18e3eb25aa48b0ac894b788902a48676d7ec295
Opcode Fuzzy Hash: c25bf230996ddfe7fde163834d50b520b5fde32b4ade4cb83102c35b07176e3b
Instruction Fuzzy Hash: 02E092717613146AF65477B56CDAF9E22689BA4719F10483BF100A12D3D3BD0C48D35C

Uniqueness

Uniqueness Score: -1.00%

Function 00472CF4, Relevance: 7.7, APIs: 5, Instructions: 181
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00472CF4(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				int _t103;
				int _t105;
				intOrPtr _t122;
				int _t127;
				intOrPtr _t163;
				signed char _t172;
				void* _t174;
				intOrPtr _t192;
				intOrPtr _t205;
				void* _t208;
				void* _t210;
				int _t211;
				intOrPtr _t215;
				void* _t217;
				signed char _t218;

				_t208 = __edi;
				_t175 = __ecx;
				_t214 = _t215;
				_push(__ecx);
				_t210 = __edx;
				_v8 = __eax;
				L0045F1E0(_v8);
				_push(_t215);
				_push(0x472f72);
				_push( *[fs:edx]);
				 *[fs:edx] = _t215;
				 *(_v8 + 0x2bc) = 0;
				 *(_v8 + 0x2c0) = 0;
				 *(_v8 + 0x2c4) = 0;
				_t174 = 0;
				_t217 = E00404024( *_v8) -  *0x46f668; // 0x46f6c0
				if(_t217 == 0) {
					_t172 =  *0x508b4d & 0x000000ff ^ 0x00000001;
					_t218 = _t172;
					 *(_v8 + 0x369) = _t172;
				}
				E0045E3D8(_v8, _t174, _t175, _t210, _t218);
				if( *(_v8 + 0x2b0) == 0 ||  *(_v8 + 0x2c4) <= 0) {
					L14:
					_t103 =  *(_v8 + 0x2bc);
					_t227 = _t103;
					if(_t103 > 0) {
						E0045A9F0(_v8, _t103, _t227);
					}
					_t105 =  *(_v8 + 0x2c0);
					_t228 = _t105;
					if(_t105 > 0) {
						E0045AA34(_v8, _t105, _t228);
					}
					 *(_v8 + 0x88) =  *0x472f80 & 0x000000ff;
					_t229 = _t174;
					if(_t174 == 0) {
						E00472204(_v8, 1, 1);
						L00463438(_v8, 1, 1, _t229);
					}
					E0045C458(_v8, 0, 0xb03d, 0);
					_pop(_t192);
					 *[fs:eax] = _t192;
					_push(0x472f79);
					return L0045F1E8(_v8);
				} else {
					if(( *(_v8 + 0x88) & 0x00000010) != 0) {
						_t205 =  *0x50b180; // 0x25c26a0
						if( *(_v8 + 0x2b0) !=  *((intOrPtr*)(_t205 + 0x40))) {
							_t163 =  *0x50b180; // 0x25c26a0
							E00430FD4( *((intOrPtr*)(_v8 + 0x64)), _t175, MulDiv(E00430FCC( *((intOrPtr*)(_v8 + 0x64))),  *(_t163 + 0x40),  *(_v8 + 0x2b0)), _t208, _t214);
						}
					}
					_t122 =  *0x50b180; // 0x25c26a0
					 *(_v8 + 0x2b0) =  *(_t122 + 0x40);
					_t211 = E00473118(_v8);
					_t127 =  *(_v8 + 0x2c4);
					_t223 = _t211 - _t127;
					if(_t211 != _t127) {
						_t174 = 1;
						E00472204(_v8, _t127, _t211);
						E0045AB18(_v8,  *(_v8 + 0x2c4), _t211);
						L00463438(_v8,  *(_v8 + 0x2c4), _t211, _t223);
						if(( *(_v8 + 0x88) & 0x00000004) != 0) {
							 *(_v8 + 0x2bc) = MulDiv( *(_v8 + 0x2bc), _t211,  *(_v8 + 0x2c4));
						}
						if(( *(_v8 + 0x88) & 0x00000008) != 0) {
							 *(_v8 + 0x2c0) = MulDiv( *(_v8 + 0x2c0), _t211,  *(_v8 + 0x2c4));
						}
						if(( *(_v8 + 0x88) & 0x00000020) != 0) {
							 *(_v8 + 0x258) = MulDiv( *(_v8 + 0x258), _t211,  *(_v8 + 0x2c4));
							 *(_v8 + 0x25c) = MulDiv( *(_v8 + 0x25c), _t211,  *(_v8 + 0x2c4));
						}
					}
					goto L14;
				}
			}

0x00472cf4
0x00472cf4
0x00472cf5
0x00472cf7
0x00472cfa
0x00472cfc
0x00472d02
0x00472d09
0x00472d0a
0x00472d0f
0x00472d12
0x00472d1a
0x00472d25
0x00472d30
0x00472d36
0x00472d42
0x00472d48
0x00472d51
0x00472d51
0x00472d56
0x00472d56
0x00472d61
0x00472d70
0x00472ee5
0x00472ee8
0x00472eee
0x00472ef0
0x00472ef7
0x00472ef7
0x00472eff
0x00472f05
0x00472f07
0x00472f0e
0x00472f0e
0x00472f1d
0x00472f23
0x00472f25
0x00472f34
0x00472f46
0x00472f46
0x00472f57
0x00472f5e
0x00472f61
0x00472f64
0x00472f71
0x00472d86
0x00472d90
0x00472d9b
0x00472da4
0x00472db0
0x00472dd0
0x00472dd0
0x00472da4
0x00472dd5
0x00472de0
0x00472dee
0x00472df3
0x00472df9
0x00472dfb
0x00472e01
0x00472e0a
0x00472e1d
0x00472e30
0x00472e3f
0x00472e5e
0x00472e5e
0x00472e6e
0x00472e8d
0x00472e8d
0x00472e9d
0x00472ebc
0x00472edf
0x00472edf
0x00472e9d
0x00000000
0x00472dfb

APIs

MulDiv.KERNEL32(00000000,?,00000000), ref: 00472DC7
MulDiv.KERNEL32(?,00000000,00000000), ref: 00472E56
MulDiv.KERNEL32(?,00000000,00000000), ref: 00472E85
MulDiv.KERNEL32(?,00000000,00000000), ref: 00472EB4
MulDiv.KERNEL32(?,00000000,00000000), ref: 00472ED7

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2197b12eedfb51950ab1bc656f6f1be6f3e913ff71d99cb144d58ea26ebec8c4
Instruction ID: e3bef70ded846c04862a87e0df29dfab198a40cc4286244209955e0b984a1145
Opcode Fuzzy Hash: 2197b12eedfb51950ab1bc656f6f1be6f3e913ff71d99cb144d58ea26ebec8c4
Instruction Fuzzy Hash: 3781C734A00148EFDB04DB99C689E9EB7F5BB48304F2581F5E808DB362DB74AE44EB44

Uniqueness

Uniqueness Score: -1.00%

Function 0046A0B0, Relevance: 7.7, APIs: 5, Instructions: 178
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0046A0B0(intOrPtr* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr* _v8;
				struct HRGN__* _v12;
				void* _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				char _v48;
				char _v64;
				char _v80;
				char _v96;
				struct HBRUSH__* _t117;
				intOrPtr _t124;
				intOrPtr _t129;
				intOrPtr _t136;
				intOrPtr _t141;
				intOrPtr _t148;
				intOrPtr _t191;
				char* _t195;
				void* _t203;
				void* _t204;
				void* _t205;

				_t210 = __fp0;
				_t194 = __edi;
				_t204 = _t205;
				_v8 = __edx;
				 *((intOrPtr*)( *_v8 + 0x44))(__edi, __esi, _t203);
				E00408F90( &_v96,  *((intOrPtr*)(_v8 + 0x4c)), 3,  &_v32);
				L004316B8( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x260)) + 0x14)),  *((intOrPtr*)(_v8 + 0x4c)), 0xb0ffff, __edi, _t204);
				_t167 =  *_v8;
				 *((intOrPtr*)( *_v8 + 0x44))();
				L00431E8C( *((intOrPtr*)(_v8 + 0x260)),  &_v96, __edi);
				_v12 = CreateRectRgn(_v32, _v28, _v24, _v20);
				_v16 = SelectObject(E00432554( *((intOrPtr*)(_v8 + 0x260))), _v12);
				_push(_t204);
				_push(0x46a2d8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t205 + 0xffffffa4;
				L004316B8( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x260)) + 0x14)),  *_v8, 0, _t194, _t204);
				_t117 = L0043170C( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x260)) + 0x14)));
				FrameRgn(E00432554( *((intOrPtr*)(_v8 + 0x260))), _v12, _t117, 1, 1);
				if( *((intOrPtr*)(_v8 + 0x274)) == 0) {
					_t195 =  &_v48;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				} else {
					_push(0x3fe00000);
					_t167 =  &_v48;
					E00408FEC( &_v32,  &_v48, 2, __fp0, 0);
				}
				_t124 = _v8;
				_t208 =  *((intOrPtr*)(_t124 + 0x270));
				if( *((intOrPtr*)(_t124 + 0x270)) == 0) {
					_t195 =  &_v64;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				} else {
					_push(0x3fe00000);
					_t167 =  &_v64;
					E00408FEC( &_v32,  &_v64, 3, _t210, 0);
				}
				L004317F4( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x260)) + 0x14)), _t167, 1, _t195, _t204);
				_t129 =  *0x46a2e8; // 0x2
				E00432260( *((intOrPtr*)(_v8 + 0x260)), _v8 + 0x270,  &_v80, _t129);
				E0040909C( &_v48,  &_v96,  &_v80, _t208);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t136 =  *0x46a2ec; // 0x28500
				E00432260( *((intOrPtr*)(_v8 + 0x260)), _v8 + 0x270,  &_v48, _t136);
				_t141 =  *0x46a2e8; // 0x2
				E00432260( *((intOrPtr*)(_v8 + 0x260)), _v8 + 0x274,  &_v80, _t141);
				E0040909C( &_v64,  &_v96,  &_v80, _t208);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t148 =  *0x46a2ec; // 0x28500
				E00432260( *((intOrPtr*)(_v8 + 0x260)), _v8 + 0x274,  &_v64, _t148);
				_pop(_t191);
				 *[fs:eax] = _t191;
				_push(0x46a2df);
				SelectObject(E00432554( *((intOrPtr*)(_v8 + 0x260))), _v16);
				return DeleteObject(_v12);
			}

0x0046a0b0
0x0046a0b0
0x0046a0b1
0x0046a0b8
0x0046a0c7
0x0046a0d5
0x0046a0eb
0x0046a0f6
0x0046a0f8
0x0046a107
0x0046a121
0x0046a13c
0x0046a141
0x0046a142
0x0046a147
0x0046a14a
0x0046a15b
0x0046a170
0x0046a189
0x0046a198
0x0046a1b3
0x0046a1b6
0x0046a1b7
0x0046a1b8
0x0046a1b9
0x0046a19a
0x0046a19a
0x0046a1a1
0x0046a1a9
0x0046a1a9
0x0046a1ba
0x0046a1bd
0x0046a1c4
0x0046a1df
0x0046a1e2
0x0046a1e3
0x0046a1e4
0x0046a1e5
0x0046a1c6
0x0046a1c6
0x0046a1cd
0x0046a1d5
0x0046a1d5
0x0046a1f4
0x0046a1f9
0x0046a214
0x0046a222
0x0046a22d
0x0046a22e
0x0046a22f
0x0046a230
0x0046a231
0x0046a24c
0x0046a251
0x0046a26c
0x0046a27a
0x0046a285
0x0046a286
0x0046a287
0x0046a288
0x0046a289
0x0046a2a4
0x0046a2ab
0x0046a2ae
0x0046a2b1
0x0046a2c9
0x0046a2d7

APIs

Part of subcall function 00431E8C: FillRect.USER32 ref: 00431EB5

CreateRectRgn.GDI32(?,?,?,?), ref: 0046A11C
SelectObject.GDI32(00000000,?), ref: 0046A137

Part of subcall function 0043170C: CreateBrushIndirect.GDI32(?), ref: 004317B7

FrameRgn.GDI32(00000000,?,00000000,00000001,00000001), ref: 0046A189
SelectObject.GDI32(00000000,?), ref: 0046A2C9
DeleteObject.GDI32(?), ref: 0046A2D2

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Object$CreateRectSelect$BrushDeleteFillFrameIndirect
String ID:
API String ID: 3847799725-0
Opcode ID: 7624949f4bee1d9fbf7e1313e49e8b7fcdeebbb2a4a8f6aed500fb80bf5d33c4
Instruction ID: bf6ecd47775ece5d0b767befde189b2c173e02802fb0a6363b6c4df03a31015e
Opcode Fuzzy Hash: 7624949f4bee1d9fbf7e1313e49e8b7fcdeebbb2a4a8f6aed500fb80bf5d33c4
Instruction Fuzzy Hash: CD71B435A0050AEFCB00DFA9C985EDEB3F9BF09304F1140A6F914AB262D775AE06DB55

Uniqueness

Uniqueness Score: -1.00%

Function 004251C4, Relevance: 7.6, APIs: 5, Instructions: 142
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E004251C4(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _v12;
				char _v16;
				void* _t41;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t48;
				void* _t50;
				WCHAR* _t51;
				intOrPtr _t54;
				void* _t69;
				WCHAR** _t87;
				signed int _t90;
				signed int _t91;
				intOrPtr _t104;
				signed int _t107;
				void* _t109;
				WCHAR* _t110;
				void* _t112;
				void* _t113;
				void* _t114;
				intOrPtr _t115;

				_t113 = _t114;
				_t115 = _t114 + 0xfffffff4;
				_v8 = 0;
				_t109 = __edx;
				_v12 = __eax;
				_t87 =  &_v16;
				 *[fs:eax] = _t115;
				E0042409C(_v12);
				 *[fs:eax] = _t115;
				 *((intOrPtr*)( *_v12 + 0x44))( *[fs:eax], 0x425349, _t113,  *[fs:eax], 0x425366, _t113, __edi, __esi, __ebx, _t112);
				 *_t87 = E004064D4(_t109);
				if(L004253E8(_v12) != 0) {
					while(1) {
						L26:
						_t107 =  *( *_t87) & 0x0000ffff;
						if(_t107 == 0) {
							break;
						}
						_t41 = L004253CC(_v12);
						__eflags = _t107 - _t41;
						if(_t107 != _t41) {
							_t110 =  *_t87;
							while(1) {
								_t42 = _v12;
								__eflags =  *((char*)(_t42 + 0x10));
								if( *((char*)(_t42 + 0x10)) != 0) {
									goto L11;
								}
								L10:
								__eflags =  *( *_t87) - 0x20;
								if( *( *_t87) > 0x20) {
									L13:
									_t69 = L00425374(_v12);
									__eflags = _t69 -  *( *_t87);
									if(_t69 !=  *( *_t87)) {
										 *_t87 = CharNextW( *_t87);
										_t42 = _v12;
										__eflags =  *((char*)(_t42 + 0x10));
										if( *((char*)(_t42 + 0x10)) != 0) {
											goto L11;
										}
										goto L10;
									}
									L14:
									_t90 =  *_t87 - _t110;
									__eflags = _t90;
									_t91 = _t90 >> 1;
									if(__eflags < 0) {
										asm("adc ecx, 0x0");
									}
									E00406584( &_v8, _t91, _t110, __eflags);
									L17:
									 *((intOrPtr*)( *_v12 + 0x38))();
									_t48 = _v12;
									__eflags =  *((char*)(_t48 + 0x10));
									if( *((char*)(_t48 + 0x10)) != 0) {
										L21:
										_t50 = L00425374(_v12);
										__eflags = _t50 -  *( *_t87);
										if(_t50 !=  *( *_t87)) {
											goto L26;
										}
										_t51 = CharNextW( *_t87);
										__eflags =  *_t51;
										if( *_t51 == 0) {
											__eflags = 0;
											 *((intOrPtr*)( *_v12 + 0x38))();
										}
										while(1) {
											 *_t87 = CharNextW( *_t87);
											_t54 = _v12;
											__eflags =  *((char*)(_t54 + 0x10));
											if( *((char*)(_t54 + 0x10)) != 0) {
												goto L26;
											}
											__eflags = ( *( *_t87) & 0x0000ffff) - 0xffffffffffffffe1;
											if(( *( *_t87) & 0x0000ffff) - 0xffffffffffffffe1 < 0) {
												continue;
											}
											goto L26;
										}
										goto L26;
									}
									while(1) {
										__eflags = ( *( *_t87) & 0x0000ffff) - 0xffffffffffffffe1;
										if(( *( *_t87) & 0x0000ffff) - 0xffffffffffffffe1 >= 0) {
											goto L21;
										}
										 *_t87 = CharNextW( *_t87);
									}
									goto L21;
								}
								L11:
								_t43 = _v12;
								__eflags =  *((char*)(_t43 + 0x10));
								if( *((char*)(_t43 + 0x10)) == 0) {
									goto L14;
								}
								__eflags =  *( *_t87);
								if( *( *_t87) == 0) {
									goto L14;
								}
								goto L13;
							}
						}
						E0040CA48(_t87,  &_v8, L004253CC(_v12));
						goto L17;
					}
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(0x425350);
					return E00424164(_v12);
				}
				while(( *( *_t87) & 0x0000ffff) - 0xffffffffffffffe1 < 0) {
					 *_t87 = CharNextW( *_t87);
				}
				goto L26;
			}

0x004251c5
0x004251c7
0x004251cf
0x004251d2
0x004251d4
0x004251d7
0x004251e5
0x004251eb
0x004251fb
0x00425203
0x0042520d
0x00425219
0x00425325
0x00425325
0x00425327
0x0042532d
0x00000000
0x00000000
0x0042523f
0x00425244
0x00425247
0x0042525f
0x0042526d
0x0042526d
0x00425270
0x00425274
0x00000000
0x00000000
0x00425276
0x00425278
0x0042527c
0x0042528f
0x00425292
0x00425299
0x0042529c
0x0042526b
0x0042526d
0x00425270
0x00425274
0x00000000
0x00000000
0x00000000
0x00425274
0x0042529e
0x004252a0
0x004252a0
0x004252a2
0x004252a4
0x004252a6
0x004252a6
0x004252ae
0x004252b3
0x004252bb
0x004252be
0x004252c1
0x004252c5
0x004252df
0x004252e2
0x004252e9
0x004252ec
0x00000000
0x00000000
0x004252f1
0x004252f6
0x004252fa
0x004252fc
0x00425303
0x00425303
0x00425306
0x0042530e
0x00425310
0x00425313
0x00425317
0x00000000
0x00000000
0x0042531f
0x00425323
0x00000000
0x00000000
0x00000000
0x00425323
0x00000000
0x00425306
0x004252d3
0x004252d9
0x004252dd
0x00000000
0x00000000
0x004252d1
0x004252d1
0x00000000
0x004252d3
0x0042527e
0x0042527e
0x00425281
0x00425285
0x00000000
0x00000000
0x00425289
0x0042528d
0x00000000
0x00000000
0x00000000
0x0042528d
0x0042526d
0x00425258
0x00000000
0x00425258
0x00425335
0x00425338
0x0042533b
0x00425348
0x00425348
0x0042522b
0x00425229
0x00425229
0x00000000

APIs

CharNextW.USER32(?,?,00000000,00425366), ref: 00425224
CharNextW.USER32(?,?,00000000,00425366), ref: 004252CC
CharNextW.USER32(?,?,00000000,00425366), ref: 004252F1
CharNextW.USER32(00000000,?,?,00000000,00425366), ref: 00425309

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: 8c70209c64ea5f4b1fefbd18c905afcb8817ef95ff3678df491eb711504daece
Instruction ID: 039948a37cc9e478bb089503868b010f7a8e31320ffe479a416377353a365109
Opcode Fuzzy Hash: 8c70209c64ea5f4b1fefbd18c905afcb8817ef95ff3678df491eb711504daece
Instruction Fuzzy Hash: F8515C30B04A24DFCF11EFA9E480A5977B1EF06354F8111E6E801DB3A5DB78AE81CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00460EBC, Relevance: 7.6, APIs: 5, Instructions: 126
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00460EBC(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				struct HDC__* _v20;
				struct tagPAINTSTRUCT _v84;
				void* _t74;
				intOrPtr _t82;
				void* _t93;
				void* _t94;
				intOrPtr _t110;
				intOrPtr _t116;
				int _t118;
				void* _t121;
				void* _t123;
				void* _t124;
				intOrPtr _t125;

				_t123 = _t124;
				_t125 = _t124 + 0xffffffb0;
				_v12 = __edx;
				_v8 = __eax;
				_v20 =  *((intOrPtr*)(_v12 + 4));
				if(_v20 == 0) {
					_v20 = BeginPaint(L00463A10(_v8),  &_v84);
				}
				_push(_t123);
				_push(0x46101b);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t125;
				if( *((intOrPtr*)(_v8 + 0x1d4)) != 0) {
					_v16 = SaveDC(_v20);
					_push(_t123);
					_push(0x460fde);
					_push( *[fs:ecx]);
					 *[fs:ecx] = _t125;
					_t118 = 2;
					_t93 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x1d4)) + 8)) - 1;
					if(_t93 >= 0) {
						_t94 = _t93 + 1;
						_t121 = 0;
						do {
							_t74 = L00423514( *((intOrPtr*)(_v8 + 0x1d4)), _t121);
							if( *((char*)(_t74 + 0x57)) == 0 || ( *(_t74 + 0x1c) & 0x00000010) != 0 && ( *(_t74 + 0x55) & 0x00000008) != 0) {
								if(( *(_t74 + 0x1c) & 0x00000010) == 0 || ( *(_t74 + 0x55) & 0x00000008) != 0 || ( *(_t74 + 0x51) & 0x00000004) != 0) {
									goto L14;
								} else {
									goto L12;
								}
							} else {
								L12:
								if(( *(_t74 + 0x50) & 0x00000040) == 0) {
									goto L14;
								} else {
									_t118 = ExcludeClipRect(_v20,  *(_t74 + 0x40),  *(_t74 + 0x44),  *(_t74 + 0x40) +  *((intOrPtr*)(_t74 + 0x48)),  *(_t74 + 0x44) +  *((intOrPtr*)(_t74 + 0x4c)));
									if(_t118 != 1) {
										goto L14;
									}
								}
							}
							goto L15;
							L14:
							_t121 = _t121 + 1;
							_t94 = _t94 - 1;
						} while (_t94 != 0);
					}
					L15:
					if(_t118 != 1) {
						 *((intOrPtr*)( *_v8 + 0xc4))();
					}
					_pop(_t110);
					 *[fs:eax] = _t110;
					_push(0x460fe5);
					return RestoreDC(_v20, _v16);
				} else {
					 *((intOrPtr*)( *_v8 + 0xc4))();
					E00461058(_v8, 0, _v20);
					_pop(_t116);
					 *[fs:eax] = _t116;
					_push(0x461022);
					_t82 = _v12;
					if( *((intOrPtr*)(_t82 + 4)) == 0) {
						return EndPaint(L00463A10(_v8),  &_v84);
					}
					return _t82;
				}
			}

0x00460ebd
0x00460ebf
0x00460ec5
0x00460ec8
0x00460ed1
0x00460ed8
0x00460eec
0x00460eec
0x00460ef1
0x00460ef2
0x00460ef7
0x00460efa
0x00460f07
0x00460f25
0x00460f2a
0x00460f2b
0x00460f30
0x00460f33
0x00460f36
0x00460f47
0x00460f4a
0x00460f4c
0x00460f4d
0x00460f4f
0x00460f5a
0x00460f63
0x00460f75
0x00000000
0x00000000
0x00000000
0x00000000
0x00460f83
0x00460f83
0x00460f87
0x00000000
0x00460f89
0x00460fa7
0x00460fac
0x00000000
0x00000000
0x00460fac
0x00460f87
0x00000000
0x00460fae
0x00460fae
0x00460faf
0x00460faf
0x00460f4f
0x00460fb2
0x00460fb3
0x00460fbd
0x00460fbd
0x00460fc5
0x00460fc8
0x00460fcb
0x00460fdd
0x00460f09
0x00460f11
0x00460fed
0x00460ff4
0x00460ff7
0x00460ffa
0x00460fff
0x00461006
0x00000000
0x00461015
0x0046101a
0x0046101a

APIs

BeginPaint.USER32(00000000,?), ref: 00460EE7
SaveDC.GDI32(00000000), ref: 00460F20
ExcludeClipRect.GDI32(00000000,?,?,?,?,00000000,00460FDE,?,00000000,0046101B), ref: 00460FA2
RestoreDC.GDI32(00000000,?), ref: 00460FD8
EndPaint.USER32(00000000,?,00461022), ref: 00461015

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Paint$BeginClipExcludeRectRestoreSave
String ID:
API String ID: 3808407030-0
Opcode ID: af9f1a8401d38bfd6883625a2123b92d566b98a576f3a69a0e993ffc0c0bdfe0
Instruction ID: 826c0ccb743ca4c6f701f426c5c07c7349eaa674ccdd9abd436e2e436901cf3c
Opcode Fuzzy Hash: af9f1a8401d38bfd6883625a2123b92d566b98a576f3a69a0e993ffc0c0bdfe0
Instruction Fuzzy Hash: D2414170A042489FDB18CF98C555FAFB7F4FB48304F1544AAE944973A2E7B99D40CB19

Uniqueness

Uniqueness Score: -1.00%

Function 0044E254, Relevance: 7.6, APIs: 5, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0044E254(int __eax, void* __edx) {
				void* __edi;
				void* __esi;
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t45;
				void* _t47;
				int _t48;
				intOrPtr* _t49;

				_t18 = __eax;
				_t49 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x70)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x68));
					if( *((intOrPtr*)(__eax + 0x68)) != 0) {
						return E0044E254(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0044E388(__eax, _t45, _t47));
					_t48 = _t18;
					_t40 = _t39 & 0xffffff00 | _t48 == 0x00000000;
					while(_t48 > 0) {
						_t45 = _t48 - 1;
						_t18 = GetMenuState(E0044E388(_t49, _t45, _t48), _t45, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0044E388(_t49, _t45, _t48), _t45, 0x400);
							_t40 = 1;
						}
						_t48 = _t48 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t49 + 0x60)) != 0) {
							L14:
							E0044E114(_t49, _t45, _t48);
							L15:
							return  *((intOrPtr*)( *_t49 + 0x3c))();
						}
						_t44 =  *0x44cb08; // 0x44cb60
						if(E00404238( *((intOrPtr*)(_t49 + 0x6c)), _t44) == 0 || GetMenuItemCount(E0044E388(_t49, _t45, _t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t49 + 0xac));
							 *(_t49 + 0xac) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}

0x0044e254
0x0044e258
0x0044e25e
0x0044e268
0x0044e26a
0x00000000
0x0044e26a
0x0044e273
0x0044e278
0x00000000
0x0044e27a
0x0044e28c
0x0044e291
0x0044e295
0x0044e29a
0x0044e2a3
0x0044e2ad
0x0044e2b4
0x0044e2c4
0x0044e2c9
0x0044e2c9
0x0044e2cb
0x0044e2cc
0x0044e2d2
0x0044e2d8
0x0044e313
0x0044e315
0x0044e31a
0x00000000
0x0044e320
0x0044e2dd
0x0044e2ea
0x00000000
0x0044e2fd
0x0044e304
0x0044e30b
0x00000000
0x0044e30b
0x0044e2ea
0x0044e2d2
0x0044e327

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0389341839b713f552b0060847668c986b048af33998209091a73a8017c9c40e
Instruction ID: 30c546c28b0b3f10370e633a50cd866ef923edf63333ce4bf924fae17ea87c24
Opcode Fuzzy Hash: 0389341839b713f552b0060847668c986b048af33998209091a73a8017c9c40e
Instruction Fuzzy Hash: 6211A220B447495AFB216F3B8805B6BA798BF51749F04416FBC819B383CBBDDC06869D

Uniqueness

Uniqueness Score: -1.00%

Function 00432FAC, Relevance: 7.6, APIs: 5, Instructions: 55
windowCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00432FAC(void* __eax) {
				signed int _v5;
				struct HDC__* _v12;
				struct HPALETTE__* _t21;
				struct HPALETTE__* _t25;
				void* _t28;
				intOrPtr _t35;
				void* _t37;
				void* _t39;
				intOrPtr _t40;

				_t37 = _t39;
				_t40 = _t39 + 0xfffffff8;
				_t28 = __eax;
				_v5 = 0;
				if( *0x50aeec == 0) {
					return _v5 & 0x000000ff;
				} else {
					_v12 = GetDC(0);
					_push(_t37);
					_push(0x433032);
					_push( *[fs:edx]);
					 *[fs:edx] = _t40;
					if(GetDeviceCaps(_v12, 0x68) >= 0x10) {
						_t21 =  *0x50aeec; // 0x6a080b01
						GetPaletteEntries(_t21, 0, 8, _t28 + 4);
						_t25 =  *0x50aeec; // 0x6a080b01
						GetPaletteEntries(_t25, 8, 8, _t28 + ( *(_t28 + 2) & 0x0000ffff) * 4 - 0x1c);
						_v5 = 1;
					}
					_pop(_t35);
					 *[fs:eax] = _t35;
					_push(0x433039);
					return ReleaseDC(0, _v12);
				}
			}

0x00432fad
0x00432faf
0x00432fb3
0x00432fb5
0x00432fc0
0x00433041
0x00432fc2
0x00432fc9
0x00432fce
0x00432fcf
0x00432fd4
0x00432fd7
0x00432fe8
0x00432ff2
0x00432ff8
0x0043300a
0x00433010
0x00433015
0x00433015
0x0043301b
0x0043301e
0x00433021
0x00433031
0x00433031

APIs

GetDC.USER32(00000000), ref: 00432FC4
GetDeviceCaps.GDI32(?,00000068), ref: 00432FE0
GetPaletteEntries.GDI32(6A080B01,00000000,00000008,?), ref: 00432FF8
GetPaletteEntries.GDI32(6A080B01,00000008,00000008,?), ref: 00433010
ReleaseDC.USER32 ref: 0043302C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: EntriesPalette$CapsDeviceRelease
String ID:
API String ID: 3128150645-0
Opcode ID: e7a1ce26c815af519e51ed66510900fe43fe160fd3092e6ea61e0ec364eea3f2
Instruction ID: a56531118d9863fb10815c96dd6a611ba491c04187801057ef52dd939134cfbc
Opcode Fuzzy Hash: e7a1ce26c815af519e51ed66510900fe43fe160fd3092e6ea61e0ec364eea3f2
Instruction Fuzzy Hash: A7116B715483407EFB04CFA9CC42F6E77ACE748718F10806BF140DA1C2C97A5904C725

Uniqueness

Uniqueness Score: -1.00%

Function 0047A614, Relevance: 7.5, APIs: 5, Instructions: 25
synchronizationthreadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047A614() {
				void* _t2;
				void* _t5;
				void* _t8;
				struct HHOOK__* _t10;

				if( *0x50b194 != 0) {
					_t10 =  *0x50b194; // 0x0
					UnhookWindowsHookEx(_t10);
				}
				 *0x50b194 = 0;
				if( *0x50b198 != 0) {
					_t2 =  *0x50b190; // 0x0
					SetEvent(_t2);
					if(GetCurrentThreadId() !=  *0x50b18c) {
						_t8 =  *0x50b198; // 0x0
						WaitForSingleObject(_t8, 0xffffffff);
					}
					_t5 =  *0x50b198; // 0x0
					CloseHandle(_t5);
					 *0x50b198 = 0;
					return 0;
				}
				return 0;
			}

0x0047a61b
0x0047a61d
0x0047a623
0x0047a623
0x0047a62a
0x0047a636
0x0047a638
0x0047a63e
0x0047a64e
0x0047a652
0x0047a658
0x0047a658
0x0047a65d
0x0047a663
0x0047a66a
0x00000000
0x0047a66a
0x0047a66f

APIs

UnhookWindowsHookEx.USER32(00000000), ref: 0047A623
SetEvent.KERNEL32(00000000,0047D5B6,00000000,0047C13F,?,025B4140,?,025B4141,0047C345,?,00000000,00000200,0000020A,00000001), ref: 0047A63E
GetCurrentThreadId.KERNEL32 ref: 0047A643
WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0047D5B6,00000000,0047C13F,?,025B4140,?,025B4141,0047C345,?,00000000,00000200,0000020A,00000001), ref: 0047A658
CloseHandle.KERNEL32(00000000,00000000,0047D5B6,00000000,0047C13F,?,025B4140,?,025B4141,0047C345,?,00000000,00000200,0000020A,00000001), ref: 0047A663

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
String ID:
API String ID: 2429646606-0
Opcode ID: f539b978b370090098519c0908445b912ef1f24d90955e0ce02e39dc3564386f
Instruction ID: fdb1547cf2729da18b8a49f4eb24dcedda4dc54bb5e6cab3409386dad74de87f
Opcode Fuzzy Hash: f539b978b370090098519c0908445b912ef1f24d90955e0ce02e39dc3564386f
Instruction Fuzzy Hash: B9F03071511280DAF710EBB9ECDAA4E33A8A365304F08492AB318E32E1C7389858EB15

Uniqueness

Uniqueness Score: -1.00%

Function 004029CC, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 277
windowCOMMON

Download Yara Rule

C-Code - Quality: 98%

			E004029CC(void* __eax, void* __fp0) {
				void* _v8;
				char _v110600;
				char _v112644;
				char _v112645;
				signed int _v112652;
				char _v112653;
				char _v112654;
				char _v112660;
				intOrPtr _v112664;
				intOrPtr _v112668;
				intOrPtr _v112672;
				signed short* _v112676;
				void* _v112680;
				char _v129064;
				char _v131113;
				char _v161832;
				void* _t70;
				int _t76;
				intOrPtr _t79;
				intOrPtr _t90;
				CHAR* _t94;
				intOrPtr _t96;
				void* _t106;
				intOrPtr _t107;
				intOrPtr _t113;
				intOrPtr _t118;
				void* _t128;
				intOrPtr _t129;
				intOrPtr _t133;
				signed int _t143;
				int _t148;
				intOrPtr _t149;
				char* _t151;
				char* _t152;
				char* _t153;
				char* _t154;
				char* _t155;
				char* _t156;
				char* _t158;
				char* _t159;
				char* _t164;
				char* _t165;
				intOrPtr _t197;
				void* _t199;
				void* _t200;
				intOrPtr* _t203;
				void* _t205;
				void* _t206;
				signed int _t211;
				void* _t214;
				void* _t215;
				void* _t228;

				_push(__eax);
				_t70 = 0x27;
				goto L1;
				L12:
				while(_t197 != 0x506a2c) {
					_t76 = E004023F8(_t197);
					_t148 = _t76;
					__eflags = _t148;
					if(_t148 == 0) {
						L11:
						_t197 =  *((intOrPtr*)(_t197 + 4));
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						_t211 =  *(_t148 - 4);
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							__eflags = _t211 & 0x00000004;
							if(__eflags == 0) {
								__eflags = _v112652 - 0x1000;
								if(_v112652 < 0x1000) {
									_v112664 = (_t211 & 0xfffffff0) - 4;
									_t143 = E004027B4(_t148);
									__eflags = _t143;
									if(_t143 == 0) {
										_v112645 = 0;
										 *((intOrPtr*)(_t214 + _v112652 * 4 - 0x1f824)) = _v112664;
										_t18 =  &_v112652;
										 *_t18 = _v112652 + 1;
										__eflags =  *_t18;
									}
								}
							} else {
								E0040280C(_t148, __eflags, _t214);
							}
						}
						_t76 = E004023D4(_t148);
						_t148 = _t76;
						__eflags = _t148;
					} while (_t148 != 0);
					goto L11;
				}
				_t149 =  *0x508ad4; // 0x508ad0
				while(_t149 != 0x508ad0 && _v112652 < 0x1000) {
					_t76 = E004027B4(_t149 + 0x10);
					__eflags = _t76;
					if(_t76 == 0) {
						_v112645 = 0;
						_t22 = _t149 + 0xc; // 0x0
						_t76 = _v112652;
						 *((intOrPtr*)(_t214 + _t76 * 4 - 0x1f824)) = ( *_t22 & 0xfffffff0) - 0xfffffffffffffff4;
						_t27 =  &_v112652;
						 *_t27 = _v112652 + 1;
						__eflags =  *_t27;
					}
					_t29 = _t149 + 4; // 0x508ad0
					_t149 =  *_t29;
				}
				if(_v112645 != 0) {
					L50:
					return _t76;
				}
				_v112653 = 0;
				_v112668 = 0;
				_t79 =  *0x502048; // 0x401480
				_t151 = E00402590(L0040565C(_t79),  &_v161832);
				_v112660 = 0x37;
				_v112676 = 0x50206e;
				_v112680 =  &_v110600;
				do {
					_v112672 = ( *_v112676 & 0x0000ffff) - 4;
					_v112654 = 0;
					_t199 = 0xff;
					_t203 = _v112680;
					while(_t151 <=  &_v131113) {
						if( *_t203 > 0) {
							if(_v112653 == 0) {
								_t133 =  *0x50204c; // 0x4014ac
								_t151 = E00402590(L0040565C(_t133), _t151);
								_v112653 = 1;
							}
							if(_v112654 != 0) {
								 *_t151 = 0x2c;
								_t156 = _t151 + 1;
								 *_t156 = 0x20;
								_t157 = _t156 + 1;
								__eflags = _t156 + 1;
							} else {
								 *_t151 = 0xd;
								 *((char*)(_t151 + 1)) = 0xa;
								_t164 = E00402474(_v112668 + 1, _t151 + 2);
								 *_t164 = 0x20;
								_t165 = _t164 + 1;
								 *_t165 = 0x2d;
								 *((char*)(_t165 + 1)) = 0x20;
								_t128 = E00402474(_v112672, _t165 + 2);
								_t129 =  *0x502054; // 0x401514
								_t157 = E00402590(L0040565C(_t129), _t128);
								_v112654 = 1;
							}
							_t106 = _t199 - 1;
							_t228 = _t106;
							if(_t228 < 0) {
								_t107 =  *0x502058; // 0x401520
								_t158 = E00402590(L0040565C(_t107), _t157);
							} else {
								if(_t228 == 0) {
									_t113 =  *0x50205c; // 0x401528
									_t158 = E00402590(L0040565C(_t113), _t157);
								} else {
									if(_t106 == 1) {
										_t118 =  *0x502060; // 0x401534
										_t158 = E00402590(L0040565C(_t118), _t157);
									} else {
										_t158 = E004025A8( *((intOrPtr*)(_t203 - 4)), _t157);
									}
								}
							}
							 *_t158 = 0x20;
							_t159 = _t158 + 1;
							 *_t159 = 0x78;
							 *((char*)(_t159 + 1)) = 0x20;
							_t151 = E00402474( *_t203, _t159 + 2);
						}
						_t199 = _t199 - 1;
						_t203 = _t203 - 8;
						if(_t199 != 0xffffffff) {
							continue;
						} else {
							goto L39;
						}
					}
					L39:
					_v112668 = _v112672;
					_v112680 = _v112680 + 0x800;
					_v112676 =  &(_v112676[0x10]);
					_t57 =  &_v112660;
					 *_t57 = _v112660 - 1;
				} while ( *_t57 != 0);
				if(_v112652 <= 0) {
					L49:
					_t90 =  *0x502064; // 0x401544
					E00402590(L0040565C(_t90), _t151);
					_t94 =  *0x502068; // 0x401548
					_t76 = MessageBoxA(0,  &_v161832, _t94, 0x2010);
					goto L50;
				}
				if(_v112653 != 0) {
					 *_t151 = 0xd;
					_t153 = _t151 + 1;
					 *_t153 = 0xa;
					_t154 = _t153 + 1;
					 *_t154 = 0xd;
					_t155 = _t154 + 1;
					 *_t155 = 0xa;
					_t151 = _t155 + 1;
				}
				_t96 =  *0x502050; // 0x4014d4
				_t151 = E00402590(L0040565C(_t96), _t151);
				_t205 = _v112652 - 1;
				if(_t205 >= 0) {
					_t206 = _t205 + 1;
					_t200 = 0;
					_v112680 =  &_v129064;
					L45:
					L45:
					if(_t200 != 0) {
						 *_t151 = 0x2c;
						_t152 = _t151 + 1;
						 *_t152 = 0x20;
						_t151 = _t152 + 1;
					}
					_t151 = E00402474( *_v112680, _t151);
					if(_t151 >  &_v131113) {
						goto L49;
					}
					_t200 = _t200 + 1;
					_v112680 = _v112680 + 4;
					_t206 = _t206 - 1;
					if(_t206 != 0) {
						goto L45;
					}
				}
				L1:
				_t215 = _t215 + 0xfffff004;
				_push(_t70);
				_t70 = _t70 - 1;
				if(_t70 != 0) {
					goto L1;
				} else {
					L00403540( &_v112644, 0x1b800);
					L00403540( &_v129064, 0x4000);
					_t76 = 0;
					_v112652 = 0;
					_v112645 = 1;
					_t197 =  *0x506a30; // 0x6e60000
					goto L12;
				}
			}

0x004029cf
0x004029d0
0x004029d0
0x00000000
0x00402aab
0x00402a2b
0x00402a30
0x00402a32
0x00402a34
0x00402aa8
0x00402aa8
0x00000000
0x00000000
0x00000000
0x00000000
0x00402a36
0x00402a36
0x00402a3b
0x00402a3d
0x00402a43
0x00402a45
0x00402a4b
0x00402a58
0x00402a62
0x00402a6a
0x00402a72
0x00402a77
0x00402a79
0x00402a7b
0x00402a8e
0x00402a95
0x00402a95
0x00402a95
0x00402a95
0x00402a79
0x00402a4d
0x00402a50
0x00402a55
0x00402a4b
0x00402a9d
0x00402aa2
0x00402aa4
0x00402aa4
0x00000000
0x00402a36
0x00402ab7
0x00402af6
0x00402ac4
0x00402ac9
0x00402acb
0x00402acd
0x00402ad4
0x00402ae0
0x00402ae6
0x00402aed
0x00402aed
0x00402aed
0x00402aed
0x00402af3
0x00402af3
0x00402af3
0x00402b11
0x00402da6
0x00402dac
0x00402dac
0x00402b17
0x00402b20
0x00402b26
0x00402b42
0x00402b44
0x00402b4e
0x00402b5e
0x00402b64
0x00402b70
0x00402b76
0x00402b7d
0x00402b88
0x00402b8a
0x00402b9b
0x00402ba8
0x00402baa
0x00402bc2
0x00402bc4
0x00402bc4
0x00402bd2
0x00402c2a
0x00402c2d
0x00402c2e
0x00402c31
0x00402c31
0x00402bd4
0x00402bd4
0x00402bd8
0x00402bea
0x00402bec
0x00402bef
0x00402bf0
0x00402bf4
0x00402c00
0x00402c07
0x00402c1f
0x00402c21
0x00402c21
0x00402c34
0x00402c34
0x00402c37
0x00402c40
0x00402c58
0x00402c39
0x00402c39
0x00402c5c
0x00402c74
0x00402c3b
0x00402c3c
0x00402c78
0x00402c90
0x00402c3e
0x00402c9e
0x00402c9e
0x00402c3c
0x00402c39
0x00402ca0
0x00402ca3
0x00402ca4
0x00402ca8
0x00402cb5
0x00402cb5
0x00402cb7
0x00402cb8
0x00402cbe
0x00000000
0x00000000
0x00000000
0x00000000
0x00402cbe
0x00402cc4
0x00402cca
0x00402cd0
0x00402cda
0x00402ce1
0x00402ce1
0x00402ce1
0x00402cf4
0x00402d75
0x00402d75
0x00402d88
0x00402d92
0x00402da1
0x00000000
0x00402da1
0x00402cfd
0x00402cff
0x00402d02
0x00402d03
0x00402d06
0x00402d07
0x00402d0a
0x00402d0b
0x00402d0e
0x00402d0e
0x00402d0f
0x00402d27
0x00402d2f
0x00402d32
0x00402d34
0x00402d35
0x00402d3d
0x00000000
0x00402d43
0x00402d45
0x00402d47
0x00402d4a
0x00402d4b
0x00402d4e
0x00402d4e
0x00402d5e
0x00402d68
0x00000000
0x00000000
0x00402d6a
0x00402d6b
0x00402d72
0x00402d73
0x00000000
0x00000000
0x00402d73
0x004029d5
0x004029d5
0x004029db
0x004029dc
0x004029dd
0x00000000
0x004029df
0x004029f8
0x00402a0a
0x00402a0f
0x00402a11
0x00402a17
0x00402a1e
0x00000000
0x00402a1e

APIs

MessageBoxA.USER32 ref: 00402DA1

Strings

n P, xrefs: 00402B4E
7, xrefs: 00402B44
, xrefs: 00402CDA

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Message
String ID: $7$n P
API String ID: 2030045667-1310420545
Opcode ID: af57426f23213b8dafdb8b48d17e070b8e70ace6ae1fa87f6a3311ab6e865782
Instruction ID: 416763a972b0038aff62a10e2b51163af9df47803db5e931e0c8ac85ecf44bce
Opcode Fuzzy Hash: af57426f23213b8dafdb8b48d17e070b8e70ace6ae1fa87f6a3311ab6e865782
Instruction Fuzzy Hash: D0B19330B042648BDB21EB2DCD88B9D77E4AB19304F1441FAE449E73D2DBB89D85CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004A6D98, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E004A6D98(void* __eax, void* __ebx, signed char* __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				int _v8;
				intOrPtr _v12;
				signed char* _v16;
				signed int _v20;
				struct HDC__* _v24;
				struct HDC__* _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				signed int _t75;
				signed char _t86;
				void* _t109;
				intOrPtr _t124;
				intOrPtr _t127;
				int _t129;
				int _t131;
				void* _t134;
				void* _t137;

				_v8 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_t109 = __eax;
				_push(_t137);
				_push(0x4a6f34);
				_push( *[fs:eax]);
				 *[fs:eax] = _t137 + 0xffffffc8;
				_t134 = L004A7CD0(__eax, _v12);
				E00422030(0, E0045A9D8(_t109), 0,  &_v44, 0);
				_t75 =  *(_t134 + 9) & 0x000000ff;
				if( *((char*)(_t134 + 8)) != 0) {
					_t75 = _t75 + 1;
				}
				_t127 =  *((intOrPtr*)(_t109 + 0x2f8));
				_v44.left = _v44.left + (_t127 + _t127 +  *((intOrPtr*)(_t109 + 0x2e8))) * _t75;
				_v44.left = _v44.left + 1;
				if( *(_t134 + 0x14) == 0) {
					_v44.right = _v44.right - _t127;
				} else {
					_v20 = 0xd20;
					if( *((char*)(_t109 + 0x328)) != 0) {
						_v20 = _v20 | 0x00020002;
					}
					SetRectEmpty( &_v60);
					_v24 = E00432554( *((intOrPtr*)(_t109 + 0x280)));
					_t131 =  *(_t134 + 0x14);
					if(_t131 != 0) {
						_t131 =  *(_t131 - 4);
					}
					DrawTextW(_v24, E004064D4( *(_t134 + 0x14)), _t131,  &_v60, _v20);
					_v44.right = _v44.right -  *((intOrPtr*)(_t109 + 0x2f8)) +  *((intOrPtr*)(_t109 + 0x2f8)) + _v60.right;
				}
				if( *((char*)(_t109 + 0x310)) == 0) {
					_v44.left = _v44.left + 1;
				}
				_v20 = 0x40510;
				if( *((char*)(_t109 + 0x310)) == 0 ||  *((char*)(_t134 + 8)) == 0) {
					_v20 = _v20 | 0x00000800;
				}
				if( *((char*)(_t109 + 0x328)) != 0) {
					_v20 = _v20 | 0x00020002;
				}
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t109 + 0x270)))) + 0xc))();
				_v28 = E00432554( *((intOrPtr*)(_t109 + 0x280)));
				_t129 = _v8;
				if(_t129 != 0) {
					_t129 =  *(_t129 - 4);
				}
				 *((intOrPtr*)(_t134 + 0x38)) = DrawTextW(_v28, E004064D4(_v8), _t129,  &_v44, _v20);
				_t86 =  *(_t109 + 0x2f4);
				if(_t86 <=  *((intOrPtr*)(_t134 + 0x38))) {
					 *_v16 =  *((intOrPtr*)(_t134 + 0x38)) + 4;
				} else {
					 *_v16 = _t86;
				}
				if(( *_v16 & 0x00000001) != 0) {
					 *_v16 =  *_v16 + 1;
				}
				_pop(_t124);
				 *[fs:eax] = _t124;
				_push(0x4a6f3b);
				return L00406438( &_v8);
			}

0x004a6da3
0x004a6da6
0x004a6da9
0x004a6dac
0x004a6db0
0x004a6db1
0x004a6db6
0x004a6db9
0x004a6dc6
0x004a6ddb
0x004a6de0
0x004a6de8
0x004a6dea
0x004a6dea
0x004a6deb
0x004a6dfe
0x004a6e01
0x004a6e08
0x004a6e6f
0x004a6e0a
0x004a6e0a
0x004a6e18
0x004a6e1a
0x004a6e1a
0x004a6e25
0x004a6e35
0x004a6e38
0x004a6e3d
0x004a6e42
0x004a6e42
0x004a6e5a
0x004a6e6a
0x004a6e6a
0x004a6e79
0x004a6e7b
0x004a6e7b
0x004a6e7e
0x004a6e8c
0x004a6e94
0x004a6e94
0x004a6ea2
0x004a6ea4
0x004a6ea4
0x004a6eb9
0x004a6ec7
0x004a6eca
0x004a6ecf
0x004a6ed4
0x004a6ed4
0x004a6ef1
0x004a6ef4
0x004a6efd
0x004a6f0f
0x004a6eff
0x004a6f02
0x004a6f02
0x004a6f17
0x004a6f1c
0x004a6f1c
0x004a6f20
0x004a6f23
0x004a6f26
0x004a6f33

APIs

SetRectEmpty.USER32(?), ref: 004A6E25
DrawTextW.USER32(00000000,00000000,?,?,00000D20), ref: 004A6E5A
DrawTextW.USER32(?,00000000,?,00000000,00000800), ref: 004A6EEC

Strings

, xrefs: 004A6E0A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DrawText$EmptyRect
String ID:
API String ID: 182455014-2867612384
Opcode ID: a2ae6765dd0d0f12910ae12e7e76923114d7d8dc6f844ee9027fcbded5def904
Instruction ID: e781b6c8f7d3cf36b22da044480c0b30d82e40f8a015fbb439d0d9c2a877b3a4
Opcode Fuzzy Hash: a2ae6765dd0d0f12910ae12e7e76923114d7d8dc6f844ee9027fcbded5def904
Instruction Fuzzy Hash: D5519071A002089FDB10CFA9C8857EEBBF5FF59314F19447AE805A7252C778AA44CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00481014, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00481014(void* __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				struct HDC__* _v24;
				char _t44;
				intOrPtr _t84;
				void* _t88;
				void* _t90;
				signed int _t91;
				intOrPtr _t93;
				intOrPtr _t94;

				_t69 = __ecx;
				_t93 = _t94;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t88 = __ecx;
				_v20 = __edx;
				_t90 = __eax;
				_t68 = _a4;
				_push(_t93);
				_push(0x48116f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t94;
				_v24 = GetDC(0);
				_push(_t93);
				_push(0x48114d);
				 *[fs:edx] = _t94;
				SelectObject(_v24, E00430D88(_v20, _a4, _t69, _t88, _t90));
				E00406448(_a4, _t90,  *[fs:edx]);
				E0047E824( *_t68, _t69,  &_v12);
				E0047E7FC( *_t68, _t69,  &_v16);
				_t91 = E0047E510();
				_t44 = _v12;
				if(_t44 != 0) {
					_t44 =  *((intOrPtr*)(_t44 - 4));
				}
				if(_t44 > _t91 && E0047E2E4( *(_v12 + _t91 * 2) & 0x0000ffff) != 0) {
					_t91 = _t91 + 1;
				}
				E00406BEC(_v12, _t68, 1, _t88, _t91,  &_v8);
				E00406CBC( &_v12, _t91, 1);
				while(_v12 != 0 || _v8 != 0) {
					if(_t88 < E00480574(_v24, _t68, 0,  *_t68, _t91)) {
						if(_v12 != 0) {
							E00480F58( &_v12, _t68, _t88, _t91);
						}
						if(_v12 == 0 && _v8 != 0) {
							E0040649C( &_v8, 0);
							E0040649C( &_v12, L"...\\");
						}
						_push(_v8);
						_push(_v12);
						_push(_v16);
						E004069F8(_t68, 3, _t88);
						continue;
					}
					break;
				}
				_pop(_t84);
				 *[fs:eax] = _t84;
				_push(0x481154);
				return ReleaseDC(0, _v24);
			}

0x00481014
0x00481015
0x00481017
0x00481019
0x0048101b
0x0048101d
0x0048101f
0x00481021
0x00481022
0x00481023
0x00481024
0x00481026
0x00481029
0x0048102b
0x00481030
0x00481031
0x00481036
0x00481039
0x00481043
0x00481048
0x00481049
0x00481051
0x00481061
0x0048106a
0x00481074
0x0048107e
0x0048108b
0x0048108d
0x00481092
0x00481097
0x00481097
0x0048109b
0x004810ad
0x004810ad
0x004810bc
0x004810cb
0x00481118
0x00481132
0x004810d6
0x004810db
0x004810db
0x004810e4
0x004810f1
0x004810fe
0x004810fe
0x00481103
0x00481106
0x00481109
0x00481113
0x00000000
0x00481113
0x00000000
0x00481132
0x00481136
0x00481139
0x0048113c
0x0048114c

APIs

GetDC.USER32(00000000), ref: 0048103E
SelectObject.GDI32(?,00000000), ref: 00481061
ReleaseDC.USER32 ref: 00481147

Strings

...\, xrefs: 004810F9

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ObjectReleaseSelect
String ID: ...\
API String ID: 1831053106-983595016
Opcode ID: dc94da87de19fab721221be243ba54b8e0c0972d4159a55adf79ecba08b9e71a
Instruction ID: 10013f02066f25e396424dd740e50138a856e717a50cd59f53b173ec13ea6c44
Opcode Fuzzy Hash: dc94da87de19fab721221be243ba54b8e0c0972d4159a55adf79ecba08b9e71a
Instruction Fuzzy Hash: FF315530A00148AFDF10EB9AC885B9EB7F9EF49304F1144BBF504A76A1D7789E45C759

Uniqueness

Uniqueness Score: -1.00%

Function 004AE0F8, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 105
fileCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E004AE0F8(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v17;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void* _t60;
				signed int _t63;
				intOrPtr _t77;
				void* _t83;
				intOrPtr _t86;

				_t64 = 0;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_v16 = __edx;
				_v8 = __eax;
				L00406430(_v8);
				_push(_t86);
				_push(0x4ae233);
				 *[fs:eax] = _t86;
				E0047E290(_v8,  &_v24);
				E0040649C( &_v8, _v24,  *[fs:eax]);
				_t83 = 0x123456;
				_t63 = 0;
				_v17 = 0;
				do {
					_t83 = _t83 + 1;
					if(_t83 > 0x1ffffff) {
						_t83 = 0;
					}
					_t90 = 0x123456 - _t83;
					if(0x123456 == _t83) {
						E0047EA84(_v8, _t64,  &_v32, _t90);
						L004ABB3C(0x4c,  &_v28, _v32);
						_t64 = _v28;
						L00411930(_v28, 1);
						E00404A74();
					}
					_push(_v8);
					_push("_iu");
					L004ADF64(_t83, _t63, _t64,  &_v36, 0x123456, _t83);
					_push(_v36);
					_push(L".tmp");
					E004069F8( &_v12, 4, 0x123456);
					if(E0047EB68(_t90) == 0) {
						_t63 = 1;
						_v17 = E0047EB44(_v12);
						if(_v17 != 0) {
							_t60 = CreateFileW(E004064D4(_v12), 0xc0000000, 0, 0, 2, 0x80, 0);
							_t63 = 0 | _t60 != 0xffffffff;
							if(1 != 0) {
								CloseHandle(_t60);
							}
						}
					}
				} while (_t63 == 0);
				E00406448(_v16, _v12);
				_pop(_t77);
				 *[fs:eax] = _t77;
				_push(E004AE23A);
				L00406440( &_v36, 4);
				return L00406440( &_v12, 2);
			}

0x004ae0fb
0x004ae0fd
0x004ae0fe
0x004ae0ff
0x004ae100
0x004ae101
0x004ae102
0x004ae103
0x004ae104
0x004ae108
0x004ae10b
0x004ae111
0x004ae118
0x004ae119
0x004ae121
0x004ae12a
0x004ae135
0x004ae13f
0x004ae141
0x004ae143
0x004ae147
0x004ae147
0x004ae14e
0x004ae150
0x004ae150
0x004ae152
0x004ae154
0x004ae15c
0x004ae169
0x004ae16e
0x004ae178
0x004ae17d
0x004ae17d
0x004ae182
0x004ae185
0x004ae18f
0x004ae194
0x004ae197
0x004ae1a4
0x004ae1b3
0x004ae1b5
0x004ae1bf
0x004ae1c6
0x004ae1e3
0x004ae1eb
0x004ae1f0
0x004ae1f3
0x004ae1f3
0x004ae1f0
0x004ae1c6
0x004ae1f8
0x004ae206
0x004ae20d
0x004ae210
0x004ae213
0x004ae220
0x004ae232

APIs

CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,004AE233), ref: 004AE1E3
CloseHandle.KERNEL32(00000000,00000000,C0000000,00000000,00000000,00000002,00000080,00000000,.tmp,?,_iu,?,00000000,004AE233), ref: 004AE1F3

Strings

_iu, xrefs: 004AE185
.tmp, xrefs: 004AE197

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseCreateFileHandle
String ID: .tmp$_iu
API String ID: 3498533004-10593223
Opcode ID: f6025a3961ccf8d6a209984323fb789713f2db9e3248eff222216a6e1bbf6a89
Instruction ID: 1141767e252206f58913cfb5af5e94aeabfa58095550552472d484252e88840d
Opcode Fuzzy Hash: f6025a3961ccf8d6a209984323fb789713f2db9e3248eff222216a6e1bbf6a89
Instruction Fuzzy Hash: 3131C630E00259ABDB10EBA6C842BDEB7B4EF55308F1041AAF910773C1D73C6E018B69

Uniqueness

Uniqueness Score: -1.00%

Function 0047CF74, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103
timethreadwindowCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E0047CF74(intOrPtr __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				intOrPtr _t41;
				long _t46;
				_Unknown_base(*)()* _t54;
				intOrPtr _t64;
				void* _t75;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t81;
				void* _t87;
				void* _t88;
				intOrPtr _t89;

				_t85 = __esi;
				_t84 = __edi;
				_t75 = __edx;
				_t87 = _t88;
				_t89 = _t88 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t87);
				_push(0x47d0dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				_t68 = E0047CEE8(_v8);
				if( *((char*)(_v8 + 0x84)) != 0) {
					_t64 = _v8;
					_t91 =  *((intOrPtr*)(_t64 + 0x44));
					if( *((intOrPtr*)(_t64 + 0x44)) == 0) {
						L0047D598(_v8, 0, _t75);
					}
				}
				E0047A454(_t68,  &_v20);
				L00457C48(_v20, 0,  &_v16, _t91);
				_t41 =  *0x50b17c; // 0x25b4140
				L0047D194(_t41, _v16, _t91);
				_v9 = 1;
				_push(_t87);
				_push(0x47d084);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				if( *((short*)(_v8 + 0x132)) != 0) {
					_t68 = _v8;
					 *((intOrPtr*)(_v8 + 0x130))();
				}
				if(_v9 != 0) {
					if( *(_v8 + 0xbc) > 0) {
						__eflags =  *0x50b19c;
						if( *0x50b19c == 0) {
							__eflags =  *0x50b1a0;
							if( *0x50b1a0 == 0) {
								 *0x50b1a0 = E0047CF0C;
							}
							_t54 =  *0x50b1a0; // 0x0
							_t27 = _v8 + 0xbc; // 0x503b0c55
							 *0x50b19c = SetTimer(0, 0,  *_t27, _t54);
							__eflags =  *0x50b19c;
							if( *0x50b19c == 0) {
								E0047CE84();
							}
						}
					} else {
						E0047CE84();
					}
				}
				_pop(_t79);
				 *[fs:eax] = _t79;
				_t46 = GetCurrentThreadId();
				_t80 =  *0x50504c; // 0x50603c
				if(_t46 ==  *_t80 && E0042A364(0, _t68, _t84, _t85) != 0) {
					_v9 = 0;
				}
				if(_v9 != 0) {
					WaitMessage();
				}
				_pop(_t81);
				 *[fs:eax] = _t81;
				_push(0x47d0e4);
				return L00406440( &_v20, 2);
			}

0x0047cf74
0x0047cf74
0x0047cf74
0x0047cf75
0x0047cf77
0x0047cf7a
0x0047cf7b
0x0047cf7c
0x0047cf7f
0x0047cf82
0x0047cf85
0x0047cf8a
0x0047cf8b
0x0047cf90
0x0047cf93
0x0047cf9e
0x0047cfaa
0x0047cfac
0x0047cfaf
0x0047cfb3
0x0047cfb8
0x0047cfb8
0x0047cfb3
0x0047cfc2
0x0047cfcd
0x0047cfd5
0x0047cfda
0x0047cfdf
0x0047cfe5
0x0047cfe6
0x0047cfeb
0x0047cfee
0x0047cffc
0x0047d001
0x0047d00d
0x0047d00d
0x0047d017
0x0047d023
0x0047d02f
0x0047d036
0x0047d038
0x0047d03f
0x0047d041
0x0047d041
0x0047d04b
0x0047d054
0x0047d064
0x0047d069
0x0047d070
0x0047d075
0x0047d075
0x0047d070
0x0047d025
0x0047d028
0x0047d028
0x0047d023
0x0047d07c
0x0047d07f
0x0047d099
0x0047d09e
0x0047d0a6
0x0047d0b3
0x0047d0b3
0x0047d0bb
0x0047d0bd
0x0047d0bd
0x0047d0c4
0x0047d0c7
0x0047d0ca
0x0047d0dc

APIs

Part of subcall function 0047CEE8: GetCursorPos.USER32 ref: 0047CEEF

SetTimer.USER32(00000000,00000000,503B0C55,00000000), ref: 0047D05F
GetCurrentThreadId.KERNEL32 ref: 0047D099
WaitMessage.USER32(00000000,0047D0DD,?,?,?,025B4140), ref: 0047D0BD

Strings

<`P, xrefs: 0047D09E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CurrentCursorMessageThreadTimerWait
String ID: <`P
API String ID: 3909455694-3701931957
Opcode ID: f4f70071beb7e4e95dcf0a27aaed517e70c5bce775cc2c211ce9530fabb15181
Instruction ID: 8a2324f82086e794841398e0f77df9182ed64bd59ce6e2c4afa8b3a25305f202
Opcode Fuzzy Hash: f4f70071beb7e4e95dcf0a27aaed517e70c5bce775cc2c211ce9530fabb15181
Instruction Fuzzy Hash: EB418C70A14284DFEB11DB64C996BDE77F5EF05308F5080AAE40897291C378AE05DB19

Uniqueness

Uniqueness Score: -1.00%

Function 004FE0BC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E004FE0BC(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v32;
				WCHAR* _t43;
				char _t58;
				intOrPtr _t69;
				void* _t73;
				signed int _t75;
				void* _t79;

				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = __edx;
				_v16 = __eax;
				_push(_t79);
				_push(0x4fe1bc);
				 *[fs:eax] = _t79 + 0xffffffe4;
				E00406448(_v20, 0,  *[fs:eax]);
				E0047E824(_v16, 0,  &_v8);
				_t73 = 0;
				_t58 = 0;
				do {
					_v32 = _t58;
					_v28 = 0;
					E0040E258(L"isRS-%.3u.tmp", 0,  &_v32,  &_v24);
					E00406914( &_v12, _v24, _v8);
					_t75 = GetFileAttributesW(E004064D4(_v12));
					if(_t75 == 0xffffffff) {
						L5:
						_t43 = E004064D4(_v12);
						if(MoveFileExW(E004064D4(_v16), _t43, 1) == 0) {
							_t73 = _t73 + 1;
							if(_t73 == 0xa) {
								break;
							}
							goto L8;
						}
						E00406448(_v20, _v12);
						break;
					}
					if((_t75 & 0x00000010) != 0) {
						goto L8;
					}
					if((_t75 & 0x00000001) != 0) {
						SetFileAttributesW(E004064D4(_v12), _t75 & 0xfffffffe);
					}
					goto L5;
					L8:
					_t58 = _t58 + 1;
				} while (_t58 != 0x3e8);
				_pop(_t69);
				 *[fs:eax] = _t69;
				_push(E004FE1C3);
				L00406438( &_v24);
				return L00406440( &_v12, 2);
			}

0x004fe0c7
0x004fe0ca
0x004fe0cd
0x004fe0d0
0x004fe0d3
0x004fe0d8
0x004fe0d9
0x004fe0e1
0x004fe0e9
0x004fe0f4
0x004fe0f9
0x004fe0fb
0x004fe0fd
0x004fe101
0x004fe104
0x004fe112
0x004fe120
0x004fe133
0x004fe138
0x004fe15c
0x004fe161
0x004fe177
0x004fe186
0x004fe18a
0x00000000
0x00000000
0x00000000
0x004fe18a
0x004fe17f
0x00000000
0x004fe17f
0x004fe140
0x00000000
0x00000000
0x004fe148
0x004fe157
0x004fe157
0x00000000
0x004fe18c
0x004fe18c
0x004fe18d
0x004fe19b
0x004fe19e
0x004fe1a1
0x004fe1a9
0x004fe1bb

APIs

GetFileAttributesW.KERNEL32(00000000,000000EC,00000000,004FE1BC,?,?,00000000,0050B17C,004FE609,?,00000000,00000000,00000000,004FE639,?,?), ref: 004FE12E
SetFileAttributesW.KERNEL32(00000000,00000000,00000000,000000EC,00000000,004FE1BC,?,?,00000000,0050B17C,004FE609,?,00000000,00000000,00000000,004FE639), ref: 004FE157
MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,000000EC,00000000,004FE1BC,?,?,00000000,0050B17C,004FE609,?,00000000,00000000,00000000), ref: 004FE170

Strings

isRS-%.3u.tmp, xrefs: 004FE10D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: File$Attributes$Move
String ID: isRS-%.3u.tmp
API String ID: 3839737484-3657609586
Opcode ID: 75a38f12078c055da401d1afc42f780424b22e11fe9a0d66e53b884974dac955
Instruction ID: f8ee58a520a7c5bb2b90c5d473876677309a2cb4b7756861de9105c26de28572
Opcode Fuzzy Hash: 75a38f12078c055da401d1afc42f780424b22e11fe9a0d66e53b884974dac955
Instruction Fuzzy Hash: 8B316671D0021CAFDB04EBABC981AAFB7F8AF44318F11457BA915B32D1D7389E118659

Uniqueness

Uniqueness Score: -1.00%

Function 004FC462, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E004FC462(void* __ecx, void* __esi, void* __fp0) {
				void* _t21;
				intOrPtr* _t27;
				intOrPtr* _t33;
				void* _t41;
				intOrPtr _t43;
				char _t46;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				intOrPtr _t62;
				void* _t67;

				_t67 = __fp0;
				_t60 = __esi;
				_t47 = __ecx;
				if(( *(_t61 - 9) & 0x00000001) != 0) {
					L3:
					_t46 = 1;
				} else {
					_t64 =  *(_t61 - 9) & 0x00000040;
					if(( *(_t61 - 9) & 0x00000040) != 0) {
						goto L3;
					} else {
						_t46 = 0;
					}
				}
				_t21 = E004D8C58(_t46, _t47, 0, _t64, _t67);
				_t65 = _t21;
				if(_t21 != 0) {
					_t27 =  *0x504e38; // 0x50b17c
					SetWindowPos( *( *_t27 + 0x170), 0, 0, 0, 0, 0, 0x97);
					_push(_t61);
					_push(0x4fc50d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t33 =  *0x504e38; // 0x50b17c
					 *((intOrPtr*)(_t61 - 0x18)) =  *((intOrPtr*)( *_t33 + 0x170));
					 *((char*)(_t61 - 0x14)) = 0;
					E0040E258(L"/INITPROCWND=$%x ", 0, _t61 - 0x18, _t61 - 0x10);
					_push(_t61 - 0x10);
					E0047F17C(_t61 - 0x1c, _t46, _t60, _t65);
					_pop(_t41);
					E00406854(_t41,  *((intOrPtr*)(_t61 - 0x1c)));
					_t43 =  *0x50c164; // 0x0
					E004D8F68(_t43, _t46, 0x504974,  *((intOrPtr*)(_t61 - 0x10)), _t60, _t65, _t67);
					_pop(_t59);
					 *[fs:eax] = _t59;
					 *((char*)(_t61 - 1)) = 1;
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(E004FC56E);
				L00406438(_t61 - 0x1c);
				return L00406438(_t61 - 0x10);
			}

0x004fc462
0x004fc462
0x004fc462
0x004fc466
0x004fc472
0x004fc472
0x004fc468
0x004fc468
0x004fc46c
0x00000000
0x004fc46e
0x004fc46e
0x004fc46e
0x004fc46c
0x004fc478
0x004fc47d
0x004fc47f
0x004fc494
0x004fc4a2
0x004fc4a9
0x004fc4aa
0x004fc4af
0x004fc4b2
0x004fc4b9
0x004fc4c6
0x004fc4c9
0x004fc4d7
0x004fc4df
0x004fc4e3
0x004fc4eb
0x004fc4ec
0x004fc4f9
0x004fc4fe
0x004fc505
0x004fc508
0x004fc545
0x004fc545
0x004fc54b
0x004fc54e
0x004fc551
0x004fc559
0x004fc566

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000097), ref: 004FC4A2

Strings

@, xrefs: 004FC468
/INITPROCWND=$%x , xrefs: 004FC4D2
tIP, xrefs: 004FC4F4

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window
String ID: /INITPROCWND=$%x $@$tIP
API String ID: 2353593579-1466394587
Opcode ID: 5a3090d5d6df7c067db1b6483952aec51dd1abef0c0a75641e7276f90bec72bf
Instruction ID: 097a1a9749d9a58b5b88eb059f00cb423dfd1d3c345555dca05a7dcadf53a222
Opcode Fuzzy Hash: 5a3090d5d6df7c067db1b6483952aec51dd1abef0c0a75641e7276f90bec72bf
Instruction Fuzzy Hash: 2921D131A0434C9FDB01EBA4D991ABEB7F8EB49304F50447AF604E3291C638A904CB18

Uniqueness

Uniqueness Score: -1.00%

Function 004D91C4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
windowkeyboardCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E004D91C4() {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr* _t22;
				struct HWND__* _t26;
				intOrPtr* _t38;
				intOrPtr _t40;
				void* _t42;
				void* _t43;
				intOrPtr _t44;

				_t42 = _t43;
				_t44 = _t43 + 0xfffffff0;
				_v12 = 0;
				_push(_t42);
				_push(0x4d9293);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_v8 = L004D92BC(1);
				_push(_t42);
				_push(0x4d926c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_v20 =  *((intOrPtr*)(_v8 + 4));
				_v16 = 0;
				E0040E258(L"Wnd=$%x", 0,  &_v20,  &_v12);
				_t22 =  *0x504e38; // 0x50b17c
				E0047BF28( *_t22, 0, _v12, 0);
				while(1) {
					E004D8A90();
					_t26 = GetFocus();
					_t38 =  *0x504e38; // 0x50b17c
					if(_t26 ==  *((intOrPtr*)( *_t38 + 0x170)) && GetKeyState(0x7a) < 0) {
						break;
					}
					WaitMessage();
				}
				__eflags = 0;
				_pop(_t40);
				 *[fs:eax] = _t40;
				_push(0x4d9273);
				return E00404098(_v8);
			}

0x004d91c5
0x004d91c7
0x004d91cc
0x004d91d1
0x004d91d2
0x004d91d7
0x004d91da
0x004d91e9
0x004d91ee
0x004d91ef
0x004d91f4
0x004d91f7
0x004d9204
0x004d9207
0x004d9215
0x004d921d
0x004d9224
0x004d9229
0x004d9229
0x004d922e
0x004d9233
0x004d9241
0x00000000
0x00000000
0x004d924f
0x004d924f
0x004d9256
0x004d9258
0x004d925b
0x004d925e
0x004d926b

APIs

Part of subcall function 0047BF28: SetWindowTextW.USER32(?,00000000), ref: 0047BF58

GetFocus.USER32 ref: 004D922E
GetKeyState.USER32(0000007A), ref: 004D9245
WaitMessage.USER32(?,00000000,004D926C,?,00000000,004D9293), ref: 004D924F

Strings

Wnd=$%x, xrefs: 004D9210

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FocusMessageStateTextWaitWindow
String ID: Wnd=$%x
API String ID: 1381870634-2927251529
Opcode ID: 841a240f890e4b889c6b371fc3f9715ac62fa11c017711956407097141b1dfc6
Instruction ID: c673cddbc745adca3344508b04c918c66e68abf2b34721ac2f7c0cfbe52f55e9
Opcode Fuzzy Hash: 841a240f890e4b889c6b371fc3f9715ac62fa11c017711956407097141b1dfc6
Instruction Fuzzy Hash: 5E118F35604204AFCB01FBA5D862A9DB7F8EB4A704B5149BBF404E7751DB78AE008A59

Uniqueness

Uniqueness Score: -1.00%

Function 004A64B4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54
libraryCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E004A64B4(struct HINSTANCE__* __ebx, void* __edx, void* __esi) {
				char _v8;
				char _v12;
				struct HINSTANCE__* _t19;
				intOrPtr _t27;
				intOrPtr _t34;

				_t22 = __ebx;
				_push(0);
				_push(0);
				_push(__ebx);
				_push(_t34);
				_push(0x4a6572);
				_push( *[fs:eax]);
				 *[fs:eax] = _t34;
				if( *0x50b2d8 == 0) {
					E004A6484( &_v12);
					E0047E290(_v12,  &_v8);
					E00406854( &_v8, L"oleacc.dll");
					_t19 = LoadLibraryW(E004064D4(_v8));
					_t22 = _t19;
					if(_t19 != 0) {
						 *0x50b2e0 = E00409620(_t22, __esi, _t22, L"LresultFromObject");
						 *0x50b2e4 = E00409620(_t22, __esi, _t22, L"CreateStdAccessibleObject");
						if( *0x50b2e0 != 0 &&  *0x50b2e4 != 0) {
							 *0x50b2dc = 0xffffffff;
						}
					}
					 *0x50b2d8 = 0xffffffff;
				}
				asm("sbb ebx, ebx");
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(0x4a6579);
				return L00406440( &_v12, 2);
			}

0x004a64b4
0x004a64b7
0x004a64b9
0x004a64bb
0x004a64be
0x004a64bf
0x004a64c4
0x004a64c7
0x004a64d1
0x004a64d6
0x004a64e1
0x004a64ee
0x004a64fc
0x004a6501
0x004a6505
0x004a6512
0x004a6522
0x004a652e
0x004a6539
0x004a6539
0x004a652e
0x004a6543
0x004a6543
0x004a6554
0x004a6559
0x004a655c
0x004a655f
0x004a6571

APIs

Part of subcall function 004A6484: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004A649C

LoadLibraryW.KERNEL32(00000000,00000000,004A6572,?,?,00000000,00000000), ref: 004A64FC

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,00000000), ref: 00409666

Strings

oleacc.dll, xrefs: 004A64E9
CreateStdAccessibleObject, xrefs: 004A6517
LresultFromObject, xrefs: 004A6507

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$DirectoryLibraryLoadSystem
String ID: CreateStdAccessibleObject$LresultFromObject$oleacc.dll
API String ID: 2141747552-1050967733
Opcode ID: 247d0aba9c00efd2152b8cc2e36bc75fd6b26cab182919078028183c80d59f1b
Instruction ID: b10891c7401b59bbad6ff30169d3e81ae1e5defeabf81acf8e986cfc71eaab60
Opcode Fuzzy Hash: 247d0aba9c00efd2152b8cc2e36bc75fd6b26cab182919078028183c80d59f1b
Instruction Fuzzy Hash: 39110274900745BFEB10EF62EC86B5E77A8E722318F52467BA410666E2C77C5A08DA0C

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA2C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AA2C() {
				struct HINSTANCE__* _t6;
				struct HINSTANCE__* _t8;
				intOrPtr* _t11;
				struct HRSRC__* _t15;
				void* _t16;
				intOrPtr _t27;

				_t6 =  *0x508b50; // 0x400000
				_t15 = FindResourceW(_t6, L"CHARTABLE", 0xa);
				if(_t15 == 0) {
					L004135BC();
				}
				_t8 =  *0x508b50; // 0x400000
				_t16 = LoadResource(_t8, _t15);
				if(_t16 == 0) {
					L004135BC();
				}
				 *0x508b6c = LockResource(_t16);
				if( *0x508b6c == 0) {
					L004135BC();
				}
				_t11 =  *0x508b6c;
				_t27 =  *0x508b6c;
				 *0x508b70 = _t27 +  *_t11;
				 *0x508b74 = _t27 +  *((intOrPtr*)(_t11 + 4));
				 *0x508b78 = _t27 +  *((intOrPtr*)(_t11 + 8));
				 *0x508b7c = _t27 +  *((intOrPtr*)(_t11 + 0xc));
				 *0x508b80 = _t27 +  *((intOrPtr*)(_t11 + 0x10));
				 *0x508b84 = _t27 +  *((intOrPtr*)(_t11 + 0x14));
				return _t11;
			}

0x0040aa3a
0x0040aa45
0x0040aa49
0x0040aa4b
0x0040aa4b
0x0040aa51
0x0040aa5c
0x0040aa60
0x0040aa62
0x0040aa62
0x0040aa6d
0x0040aa72
0x0040aa74
0x0040aa74
0x0040aa79
0x0040aa7b
0x0040aa81
0x0040aa8c
0x0040aa97
0x0040aaa2
0x0040aaad
0x0040aab6
0x0040aabe

APIs

FindResourceW.KERNEL32(00400000,CHARTABLE,0000000A,?,?,0040A9F4,00000000,00451ABD,00000000,00451BD7,?,?,?,00000000), ref: 0040AA40
LoadResource.KERNEL32(00400000,00000000,00400000,CHARTABLE,0000000A,?,?,0040A9F4,00000000,00451ABD,00000000,00451BD7,?,?,?,00000000), ref: 0040AA57
LockResource.KERNEL32(00000000,00400000,00000000,00400000,CHARTABLE,0000000A,?,?,0040A9F4,00000000,00451ABD,00000000,00451BD7,?,?,?), ref: 0040AA68

Part of subcall function 004135BC: GetLastError.KERNEL32(0040AA79,00000000,00400000,00000000,00400000,CHARTABLE,0000000A,?,?,0040A9F4,00000000,00451ABD,00000000,00451BD7), ref: 004135BC

Strings

CHARTABLE, xrefs: 0040AA35

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Resource$ErrorFindLastLoadLock
String ID: CHARTABLE
API String ID: 1074440638-2668339182
Opcode ID: 729fa5fbdd04fa08da4aee17b6a5a91d4596a7b24911617425901f88be5c8865
Instruction ID: 223024386014cbcd6611828f1d05543f9286b01788ebd28747f60c109f243f88
Opcode Fuzzy Hash: 729fa5fbdd04fa08da4aee17b6a5a91d4596a7b24911617425901f88be5c8865
Instruction Fuzzy Hash: E70161B4700700CFC708EFA5D9A0E6A77A6AB58314709447EE58157392CB3C8809DF5C

Uniqueness

Uniqueness Score: -1.00%

Function 004FA928, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 28%

			E004FA928(void* __eax, void* __edx, void* __eflags) {
				void* _v68;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t8;
				void* _t9;
				intOrPtr* _t11;
				void* _t14;
				void* _t15;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t20;

				_t14 = __edx;
				_t19 = __eax;
				_t16 = E00409620(_t3, _t15, GetModuleHandleW(L"user32.dll"), L"MonitorFromRect");
				_t11 = E00409620(_t10, _t16, _t10, L"GetMonitorInfoA");
				if(_t16 == 0 || _t11 == 0) {
					L4:
					return E004FA8F0(1, _t14);
				} else {
					_t8 =  *_t16(_t19, 2);
					 *_t20 = 0x28;
					_t9 =  *_t11(_t8, _t20);
					if(_t9 == 0) {
						goto L4;
					}
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					return _t9;
				}
			}

0x004fa92f
0x004fa931
0x004fa94a
0x004fa957
0x004fa95b
0x004fa981
0x00000000
0x004fa961
0x004fa964
0x004fa968
0x004fa971
0x004fa975
0x00000000
0x00000000
0x004fa97b
0x004fa97c
0x004fa97d
0x004fa97e
0x00000000
0x004fa97e

APIs

GetModuleHandleW.KERNEL32(user32.dll), ref: 004FA938

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,00000000), ref: 00409666

Strings

user32.dll, xrefs: 004FA933
GetMonitorInfoA, xrefs: 004FA94C
MonitorFromRect, xrefs: 004FA93F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetMonitorInfoA$MonitorFromRect$user32.dll
API String ID: 667068680-2254406584
Opcode ID: 3bc640d196b92b993ca51069712ad3c59e5716b92b8c95b711c17991e39d64de
Instruction ID: 1bcf42a2e93eb479ad3fde3c2373cb2722947a05ee37f937310b8758800ce650
Opcode Fuzzy Hash: 3bc640d196b92b993ca51069712ad3c59e5716b92b8c95b711c17991e39d64de
Instruction Fuzzy Hash: FDF02BD1A01B192AC21179664C41E3B678CCF45350F560D37BE0CAA383E9DE8C1186EB

Uniqueness

Uniqueness Score: -1.00%

Function 004B4814, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39
registryCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E004B4814(signed int __eax, void* __ecx, void* __edx, void* __ebp) {
				void* _v16;
				void* __ebx;
				void* _t31;
				signed int _t33;

				_push(__ecx);
				_t31 = __edx;
				_t22 = __eax;
				_t33 = __eax & 0x0000007f;
				if( *((intOrPtr*)(0x50bc68 + _t33 * 4)) == 0) {
					if(E0047FD20(__eax, L"SOFTWARE\\Microsoft\\.NETFramework", 0x80000002,  &_v16, 1, 0) == 0) {
						E0047FC48();
						RegCloseKey(_v16);
					}
					if( *((intOrPtr*)(0x50bc68 + _t33 * 4)) == 0) {
						L004ADAE0(L".NET Framework not found", _t22);
					}
				}
				return E00406448(_t31,  *((intOrPtr*)(0x50bc68 + _t33 * 4)));
			}

0x004b4817
0x004b4818
0x004b481a
0x004b481e
0x004b4829
0x004b4847
0x004b4858
0x004b4861
0x004b4861
0x004b486e
0x004b4875
0x004b4875
0x004b486e
0x004b488c

APIs

Part of subcall function 0047FD20: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000003,004B4800,00000003,00000000,004B49B7,00000000,004B4B71,?,004B4800,?,00000000,00000000), ref: 004B4861

Strings

.NET Framework not found, xrefs: 004B4870
SOFTWARE\Microsoft\.NETFramework, xrefs: 004B4834
InstallRoot, xrefs: 004B4850

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseOpen
String ID: .NET Framework not found$InstallRoot$SOFTWARE\Microsoft\.NETFramework
API String ID: 47109696-2631785700
Opcode ID: d76106d86515a564a0ecb244aca67ed20776aa75487f368644d9c00c994abbd2
Instruction ID: 292b85a7d87c047c032ced858ea9190a62875626ebd5834b0ca7d4f2479a2961
Opcode Fuzzy Hash: d76106d86515a564a0ecb244aca67ed20776aa75487f368644d9c00c994abbd2
Instruction Fuzzy Hash: FCF0AF357001556BEB10BB5A9881B9B6688EBE5315F11803FF585C72A2CB38CC05C769

Uniqueness

Uniqueness Score: -1.00%

Function 00480944, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00480944(long __eax) {
				void* __ebx;
				long _t1;
				long _t5;
				void* _t6;

				_t1 = __eax;
				_t5 = __eax;
				if( *0x50b1a8 == 0) {
					 *0x50b1ac = E00409620(_t5, _t6, GetModuleHandleW(L"user32.dll"), L"ChangeWindowMessageFilter");
					_t1 = InterlockedExchange(0x50b1a8, 1);
				}
				if( *0x50b1ac != 0) {
					return  *0x50b1ac(_t5, 1);
				}
				return _t1;
			}

0x00480944
0x00480945
0x0048094e
0x00480965
0x00480971
0x00480971
0x0048097d
0x00000000
0x00480982
0x00480989

APIs

GetModuleHandleW.KERNEL32(user32.dll,ChangeWindowMessageFilter,?,00480A2C,00000004,00503F6C,004B1F3E,004B2358,004B1E94,00000000,00000B06,00000000,00000000), ref: 0048095A

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

InterlockedExchange.KERNEL32(0050B1A8,00000001), ref: 00480971

Strings

ChangeWindowMessageFilter, xrefs: 00480950
user32.dll, xrefs: 00480955

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressExchangeHandleInterlockedModuleProc
String ID: ChangeWindowMessageFilter$user32.dll
API String ID: 3478007392-2498399450
Opcode ID: 93a8cfa1d00e9ca7a67552f5e2d303d09cd34d9d55648590828eae5e55d5573e
Instruction ID: 82ed8d6df81a7eb36759ba3e4d99f90523ab43b6522357cf758c02494deac435
Opcode Fuzzy Hash: 93a8cfa1d00e9ca7a67552f5e2d303d09cd34d9d55648590828eae5e55d5573e
Instruction Fuzzy Hash: 3FE0ECF0660300BEFA603B726CDAB5F66549764705F104826F000612D3C7BD1888EB58

Uniqueness

Uniqueness Score: -1.00%

Function 0046A734, Relevance: 6.2, APIs: 4, Instructions: 248
sleepCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E0046A734(intOrPtr __eax, intOrPtr __ecx, signed int __edx, void* __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				char _v21;
				char _v22;
				intOrPtr _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t76;
				intOrPtr* _t77;
				intOrPtr* _t81;
				void* _t120;
				void* _t131;
				intOrPtr* _t141;
				intOrPtr* _t146;
				void* _t153;
				intOrPtr* _t163;
				intOrPtr* _t176;
				void* _t179;
				signed int _t193;
				intOrPtr _t194;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t199;
				intOrPtr _t200;
				void* _t201;
				void* _t204;
				void* _t208;
				void* _t210;
				intOrPtr _t211;

				_t193 = __edx;
				_t182 = __ecx;
				_t208 = _t210;
				_t211 = _t210 + 0xffffffe0;
				_push(_t179);
				_push(_t204);
				_push(_t201);
				_v8 = __eax;
				while(1) {
					_t76 = _v8;
					if( *((char*)(_t76 + 0x49)) == 0) {
						break;
					}
					_v22 = 1;
					_t77 = E0046A62C(_t179, _t182, _t201, _t204, _t208);
					_pop(_t182);
					_v20 = _t77;
					_v16 =  *((intOrPtr*)(_v8 + 0x44));
					if(_v20 == 0) {
						if( *((char*)(_v16 + 0x58)) == 0) {
							_t81 =  *0x504e38; // 0x50b17c
							if( *((char*)( *_t81 + 0xa0)) == 0) {
								L00437FA4( *((intOrPtr*)(_v8 + 0x50)));
								_t193 = _t193 | 0xffffffff;
								_t182 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x50))));
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x50)))) + 8))();
							}
						}
						continue;
					} else {
						_push(_t208);
						_push(0x46ab2a);
						_push( *[fs:eax]);
						 *[fs:eax] = _t211;
						if(L00463DBC(_v20) != 0) {
							_t176 =  *0x504d1c; // 0x503c98
							 *((intOrPtr*)( *_t176))(L00463A10(_v20), 0xff00, 0, 3);
						}
						Sleep( *( *((intOrPtr*)(_v20 + 0x268)) + 0x48));
						if( *((char*)( *((intOrPtr*)(_v20 + 0x268)) + 0x4c)) == 0) {
							_pop(_t194);
							 *[fs:eax] = _t194;
							_push(0x46ab31);
							E0042AAEC(_v8, E00404098, _v20);
							_v36 = L004239B4( *((intOrPtr*)(_v8 + 0x40)));
							_push(_t208);
							_push(0x46ab22);
							_push( *[fs:eax]);
							 *[fs:eax] = _t211;
							L00423408(_v36, 0);
							_pop(_t196);
							 *[fs:eax] = _t196;
							_push(0x46ab29);
							return L00423A18( *((intOrPtr*)(_v8 + 0x40)));
						} else {
							while(1) {
								_v21 = 0;
								if(L00463DBC(_v20) != 0) {
									E0042AAEC(_v8,  *((intOrPtr*)( *_v20 + 0xdc)), _v20);
									ShowWindow(L00463A10(_v20), 4);
								}
								if(_v22 != 0) {
									break;
								}
								if(_v21 != 0) {
									continue;
								} else {
									 *((intOrPtr*)(_v8 + 0x4c)) = GetTickCount();
									if(L00463DBC(_v20) != 0) {
										_t146 =  *0x504d1c; // 0x503c98
										 *((intOrPtr*)( *_t146))(L00463A10(_v20), 0xff00, 0xff, 3);
									}
									if( *((char*)( *((intOrPtr*)(_v20 + 0x268)) + 0x4c)) != 0) {
										Sleep(0x14);
										_t120 = L004239B4( *((intOrPtr*)(_v8 + 0x40)));
										_push(_t208);
										_push(0x46a940);
										_push( *[fs:eax]);
										 *[fs:eax] = _t211;
										_v28 =  *((intOrPtr*)(_t120 + 8));
										_pop(_t199);
										 *[fs:eax] = _t199;
										_push(0x46a947);
										return L00423A18( *((intOrPtr*)(_v8 + 0x40)));
									} else {
										if(_v21 != 0) {
											continue;
										} else {
											_v12 = 0xa;
											if(L00463DBC(_v20) != 0) {
												asm("fild dword [ebp-0x8]");
												_t141 =  *0x504d1c; // 0x503c98
												 *((intOrPtr*)( *_t141))(L00463A10(_v20), 0xff00, L004033C8(), 3);
											}
											_t131 = L004239B4( *((intOrPtr*)(_v8 + 0x40)));
											_push(_t208);
											_push(0x46aa33);
											_push( *[fs:eax]);
											 *[fs:eax] = _t211;
											_v28 =  *((intOrPtr*)(_t131 + 8));
											_pop(_t200);
											 *[fs:eax] = _t200;
											_push(0x46aa3a);
											return L00423A18( *((intOrPtr*)(_v8 + 0x40)));
										}
									}
								}
								goto L26;
							}
							_v22 = 0;
							_v12 = 1;
							if(L00463DBC(_v20) != 0) {
								asm("fild dword [ebp-0x8]");
								_t163 =  *0x504d1c; // 0x503c98
								 *((intOrPtr*)( *_t163))(L00463A10(_v20), 0xff00, L004033C8(), 3);
							}
							_t153 = L004239B4( *((intOrPtr*)(_v8 + 0x40)));
							_push(_t208);
							_push(0x46a87e);
							_push( *[fs:eax]);
							 *[fs:eax] = _t211;
							_v28 =  *((intOrPtr*)(_t153 + 8));
							_pop(_t197);
							 *[fs:eax] = _t197;
							_push(0x46a885);
							return L00423A18( *((intOrPtr*)(_v8 + 0x40)));
						}
					}
					L26:
				}
				return _t76;
				goto L26;
			}

0x0046a734
0x0046a734
0x0046a735
0x0046a737
0x0046a73a
0x0046a73b
0x0046a73c
0x0046a73d
0x0046ab63
0x0046ab63
0x0046ab6a
0x00000000
0x00000000
0x0046a745
0x0046a74a
0x0046a74f
0x0046a750
0x0046a759
0x0046a760
0x0046ab38
0x0046ab3a
0x0046ab48
0x0046ab50
0x0046ab5b
0x0046ab5e
0x0046ab60
0x0046ab60
0x0046ab48
0x00000000
0x0046a766
0x0046a768
0x0046a769
0x0046a76e
0x0046a771
0x0046a77e
0x0046a792
0x0046a799
0x0046a799
0x0046a7a8
0x0046a7ba
0x0046aac7
0x0046aaca
0x0046aacd
0x0046aade
0x0046aaee
0x0046aaf3
0x0046aaf4
0x0046aaf9
0x0046aafc
0x0046ab04
0x0046ab0b
0x0046ab0e
0x0046ab11
0x0046ab21
0x0046a7c0
0x0046a7c0
0x0046a7c0
0x0046a7ce
0x0046a7e0
0x0046a7f0
0x0046a7f0
0x0046a7f9
0x00000000
0x00000000
0x0046a8bb
0x00000000
0x0046a8c1
0x0046a8c9
0x0046a8d6
0x0046a8f1
0x0046a8f8
0x0046a8f8
0x0046a9a8
0x0046a901
0x0046a90c
0x0046a915
0x0046a916
0x0046a91b
0x0046a91e
0x0046a924
0x0046a929
0x0046a92c
0x0046a92f
0x0046a93f
0x0046a9ae
0x0046a9b2
0x00000000
0x0046a9b8
0x0046a9b8
0x0046a9c9
0x0046a9cd
0x0046a9f0
0x0046a9f7
0x0046a9f7
0x0046a9ff
0x0046aa08
0x0046aa09
0x0046aa0e
0x0046aa11
0x0046aa17
0x0046aa1c
0x0046aa1f
0x0046aa22
0x0046aa32
0x0046aa32
0x0046a9b2
0x0046a9a8
0x00000000
0x0046a8bb
0x0046a7ff
0x0046a803
0x0046a814
0x0046a818
0x0046a83b
0x0046a842
0x0046a842
0x0046a84a
0x0046a853
0x0046a854
0x0046a859
0x0046a85c
0x0046a862
0x0046a867
0x0046a86a
0x0046a86d
0x0046a87d
0x0046a87d
0x0046a7ba
0x00000000
0x0046a760
0x0046ab76
0x00000000

APIs

Sleep.KERNEL32(?,00000000,0046AB2A), ref: 0046A7A8
ShowWindow.USER32(00000000,00000004,?,00000000,0046AB2A), ref: 0046A7F0

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ShowSleepWindow
String ID:
API String ID: 4218995503-0
Opcode ID: 9fbc53804419e7b0c7234f8a30631859a5f7be7269578eb19cefb723f0bf9dd4
Instruction ID: 57b4a933d40b7c800f2b62f91e8823aae61054c9ffa662a57e78534e9b81f7e9
Opcode Fuzzy Hash: 9fbc53804419e7b0c7234f8a30631859a5f7be7269578eb19cefb723f0bf9dd4
Instruction Fuzzy Hash: 1A918C70A00644AFDB00DFA9D841FAEB7F5FB09704F1104A6F500A73A2E679AE54DF5A

Uniqueness

Uniqueness Score: -1.00%

Function 00458B5C, Relevance: 6.2, APIs: 4, Instructions: 212
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E00458B5C(intOrPtr* __eax, signed int __edx, void* __fp0) {
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr* _t62;
				intOrPtr* _t64;
				struct HICON__* _t67;
				intOrPtr _t69;
				intOrPtr* _t74;
				intOrPtr _t76;
				intOrPtr* _t77;
				intOrPtr* _t79;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t88;
				intOrPtr _t89;
				struct HWND__* _t92;
				intOrPtr _t93;
				intOrPtr _t95;
				intOrPtr _t96;
				intOrPtr* _t98;
				intOrPtr _t102;
				intOrPtr _t105;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t111;
				struct HWND__* _t112;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t119;
				intOrPtr* _t122;
				intOrPtr _t123;
				void* _t137;
				intOrPtr _t141;
				intOrPtr _t147;
				void* _t163;
				char _t164;
				intOrPtr _t166;
				void* _t173;
				void* _t174;
				void* _t193;

				_t193 = __fp0;
				_t122 = __eax;
				if( *0x50b11c != 0) {
					L3:
					_t51 =  *0x50b0fc; // 0x0
					_t52 =  *0x50b0fc; // 0x0
					_t166 = E00458A30(_t122,  *(_t52 + 0x8b) & 0x000000ff,  &_v28, _t193, _t51);
					if( *0x50b11c == 0) {
						_t176 =  *0x50b120;
						if( *0x50b120 != 0) {
							_t111 =  *0x50b110; // 0x0
							_t112 = GetDesktopWindow();
							_t113 =  *0x50b120; // 0x0
							L00465AAC(_t113, _t112, _t176, _t111);
						}
					}
					_t55 =  *0x50b0fc; // 0x0
					if( *((char*)(_t55 + 0x8b)) != 0) {
						__eflags =  *0x50b11c;
						_t6 =  &_v24;
						 *_t6 =  *0x50b11c != 0;
						__eflags =  *_t6;
						 *0x50b11c = 2;
					} else {
						 *0x50b11c = 1;
						_v24 = 0;
					}
					_t56 =  *0x50b100; // 0x0
					if(_t166 ==  *((intOrPtr*)(_t56 + 0x14))) {
						L12:
						_t57 =  *0x50b100; // 0x0
						 *((intOrPtr*)(_t57 + 0xc)) =  *_t122;
						 *((intOrPtr*)(_t57 + 0x10)) =  *((intOrPtr*)(_t122 + 4));
						_t58 =  *0x50b100; // 0x0
						if( *((intOrPtr*)(_t58 + 0x14)) != 0) {
							_t102 =  *0x50b100; // 0x0
							E0045AC20( *((intOrPtr*)(_t102 + 0x14)),  &_v20, _t122);
							_t105 =  *0x50b100; // 0x0
							 *((intOrPtr*)(_t105 + 0x18)) = _v20;
							 *((intOrPtr*)(_t105 + 0x1c)) = _v16;
						}
						_t137 = E00458A80(2);
						_t62 =  *0x50b100; // 0x0
						_t163 =  *((intOrPtr*)( *_t62 + 4))( *((intOrPtr*)(_t122 + 4)));
						if( *0x50b120 == 0) {
							L22:
							_t64 =  *0x50501c; // 0x50b180
							_t67 = SetCursor(L00479C7C( *_t64, _t163));
							if( *0x50b11c != 2) {
								goto L34;
							}
							_t188 = _t166;
							if(_t166 != 0) {
								_t164 = E00458ABC();
								_t69 =  *0x50b100; // 0x0
								 *((intOrPtr*)(_t69 + 0x60)) = _t164;
								__eflags = _t164;
								if(__eflags != 0) {
									E0045AC20(_t164,  &_v24, _t122);
									_t67 = E004042A8(_t164, __eflags);
									_t141 =  *0x50b100; // 0x0
									 *(_t141 + 0x5c) = _t67;
								} else {
									_t82 =  *0x50b100; // 0x0
									_t67 = E004042A8( *((intOrPtr*)(_t82 + 0x14)), __eflags);
									_t147 =  *0x50b100; // 0x0
									 *(_t147 + 0x5c) = _t67;
								}
							} else {
								_push( *((intOrPtr*)(_t122 + 4)));
								_t84 =  *0x50b100; // 0x0
								_t67 = E004042A8( *((intOrPtr*)(_t84 + 0x40)), _t188);
							}
							if( *0x50b100 == 0) {
								goto L34;
							} else {
								_t123 =  *0x50b100; // 0x0
								_t42 = _t123 + 0x64; // 0x64
								_t43 = _t123 + 0x4c; // 0x4c
								_t67 = E0040C1B8(_t43, 0x10, _t42);
								if(_t67 != 0) {
									goto L34;
								}
								if(_v28 != 0) {
									_t77 =  *0x50b100; // 0x0
									if( *((intOrPtr*)( *_t77 + 0x3c))() != 0) {
										_t79 =  *0x50b100; // 0x0
										 *((intOrPtr*)( *_t79 + 0x34))();
									}
								}
								_t74 =  *0x50b100; // 0x0
								 *((intOrPtr*)( *_t74 + 0x30))();
								_t76 =  *0x50b100; // 0x0
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								return _t76;
							}
						} else {
							if(_t166 == 0 || ( *(_t166 + 0x51) & 0x00000020) != 0) {
								L18:
								_t86 =  *0x50b120; // 0x0
								L00465A5C(_t86, _t163);
								_t88 =  *0x50b120; // 0x0
								_t186 =  *((char*)(_t88 + 0x72));
								if( *((char*)(_t88 + 0x72)) != 0) {
									_t89 =  *0x50b120; // 0x0
									L00465BAC(_t89,  *((intOrPtr*)(_t122 + 4)),  *_t122, __eflags);
								} else {
									_t92 = GetDesktopWindow();
									_t93 =  *0x50b120; // 0x0
									L00465AAC(_t93, _t92, _t186,  *((intOrPtr*)(_t122 + 4)));
								}
								goto L22;
							} else {
								_t95 =  *0x50b100; // 0x0
								if( *((char*)(_t95 + 4)) == 0) {
									_t96 =  *0x50b120; // 0x0
									L00465C20(_t96, _t137, __eflags);
									_t98 =  *0x50501c; // 0x50b180
									SetCursor(L00479C7C( *_t98, _t163));
									goto L22;
								}
								goto L18;
							}
						}
					} else {
						_t67 = E00458A80(1);
						if( *0x50b100 == 0) {
							L34:
							return _t67;
						}
						_t107 =  *0x50b100; // 0x0
						 *((intOrPtr*)(_t107 + 0x14)) = _t166;
						_t108 =  *0x50b100; // 0x0
						 *((intOrPtr*)(_t108 + 8)) = _v28;
						_t109 =  *0x50b100; // 0x0
						 *((intOrPtr*)(_t109 + 0xc)) =  *_t122;
						 *((intOrPtr*)(_t109 + 0x10)) =  *((intOrPtr*)(_t122 + 4));
						_t67 = E00458A80(0);
						if( *0x50b100 == 0) {
							goto L34;
						}
						goto L12;
					}
				}
				_t115 =  *0x50b10c; // 0x0
				asm("cdq");
				_t173 = (_t115 -  *__eax ^ __edx) - __edx -  *0x50b118; // 0x0
				if(_t173 >= 0) {
					goto L3;
				}
				_t119 =  *0x50b110; // 0x0
				asm("cdq");
				_t67 = (_t119 -  *((intOrPtr*)(__eax + 4)) ^ __edx) - __edx;
				_t174 = _t67 -  *0x50b118; // 0x0
				if(_t174 < 0) {
					goto L34;
				}
				goto L3;
			}

0x00458b5c
0x00458b62
0x00458b6b
0x00458b9a
0x00458b9a
0x00458ba0
0x00458bb7
0x00458bc0
0x00458bc2
0x00458bc9
0x00458bcb
0x00458bd1
0x00458bde
0x00458be3
0x00458be3
0x00458bc9
0x00458be8
0x00458bf4
0x00458c04
0x00458c0b
0x00458c0b
0x00458c0b
0x00458c10
0x00458bf6
0x00458bf6
0x00458bfd
0x00458bfd
0x00458c17
0x00458c1f
0x00458c6c
0x00458c6c
0x00458c73
0x00458c79
0x00458c7c
0x00458c85
0x00458c8d
0x00458c95
0x00458c9a
0x00458ca3
0x00458caa
0x00458caa
0x00458cb8
0x00458cbc
0x00458cc6
0x00458ccf
0x00458d46
0x00458d49
0x00458d56
0x00458d62
0x00000000
0x00000000
0x00458d68
0x00458d6a
0x00458d8b
0x00458d8d
0x00458d92
0x00458d95
0x00458d97
0x00458dc5
0x00458dd4
0x00458dd9
0x00458ddf
0x00458d99
0x00458da1
0x00458dad
0x00458db2
0x00458db8
0x00458db8
0x00458d6c
0x00458d6f
0x00458d72
0x00458d7f
0x00458d7f
0x00458de9
0x00000000
0x00458deb
0x00458deb
0x00458df1
0x00458df4
0x00458dfc
0x00458e03
0x00000000
0x00000000
0x00458e0a
0x00458e0c
0x00458e18
0x00458e1a
0x00458e21
0x00458e21
0x00458e18
0x00458e24
0x00458e2b
0x00458e2e
0x00458e39
0x00458e3a
0x00458e3b
0x00458e3c
0x00000000
0x00458e3c
0x00458cd1
0x00458cd3
0x00458ce6
0x00458ce8
0x00458ced
0x00458cf2
0x00458cf7
0x00458cfb
0x00458d1b
0x00458d20
0x00458cfd
0x00458d01
0x00458d0a
0x00458d0f
0x00458d0f
0x00000000
0x00458cdb
0x00458cdb
0x00458ce4
0x00458d27
0x00458d2c
0x00458d34
0x00458d41
0x00000000
0x00458d41
0x00000000
0x00458ce4
0x00458cd3
0x00458c21
0x00458c23
0x00458c2f
0x00458e43
0x00458e43
0x00458e43
0x00458c35
0x00458c3a
0x00458c3d
0x00458c45
0x00458c48
0x00458c4f
0x00458c55
0x00458c5a
0x00458c66
0x00000000
0x00000000
0x00000000
0x00458c66
0x00458c1f
0x00458b6d
0x00458b74
0x00458b79
0x00458b7f
0x00000000
0x00000000
0x00458b81
0x00458b89
0x00458b8c
0x00458b8e
0x00458b94
0x00000000
0x00000000
0x00000000

APIs

GetDesktopWindow.USER32 ref: 00458BD1
GetDesktopWindow.USER32 ref: 00458D01
SetCursor.USER32(00000000), ref: 00458D56

Part of subcall function 00465C20: ImageList_EndDrag.COMCTL32(?,-0000000C,00458D31), ref: 00465C3C

SetCursor.USER32(00000000), ref: 00458D41

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CursorDesktopWindow$DragImageList_
String ID:
API String ID: 617806055-0
Opcode ID: 368c8bb4b059ed571f3ed7628eb8f26ac6c421cf563e29be506734e6c68b6f20
Instruction ID: 5b8a5ffc2676b61429797a4f75449b093ae134768df342a894d9c4663559b162
Opcode Fuzzy Hash: 368c8bb4b059ed571f3ed7628eb8f26ac6c421cf563e29be506734e6c68b6f20
Instruction Fuzzy Hash: C0915B742102088FE700DF29D8D9B5A77E1BBA9305F04859AE8449B376CB78EC4DDF95

Uniqueness

Uniqueness Score: -1.00%

Function 0041672C, Relevance: 6.1, APIs: 4, Instructions: 115
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0041672C(signed short* __eax) {
				char _v260;
				char _v768;
				char _v772;
				signed short* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if((_v776[0] & 0x00000020) == 0) {
					E00416574(0x80070057);
				}
				_t43 =  *_v776 & 0x0000ffff;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 = _v776[4];
					} else {
						_v780 =  *(_v776[4]);
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L004155AC();
							E00416574(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L004155B4();
							E00416574(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E004166D0(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E004166A0(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L004155CC();
						E00416574(_v780);
						E0041693C(_v792);
					}
				}
				L15:
				_push(_v776);
				L0041513C();
				return E00416574(_v776);
			}

0x00416738
0x00416748
0x0041674f
0x0041674f
0x0041675a
0x00416768
0x00416777
0x00416795
0x00416779
0x00416784
0x00416784
0x004167a4
0x004167b0
0x004167b3
0x004167b5
0x004167b6
0x004167b8
0x004167be
0x004167c0
0x004167cf
0x004167d0
0x004167da
0x004167db
0x004167e0
0x004167eb
0x004167ec
0x004167f6
0x004167f7
0x004167fc
0x00416817
0x00416819
0x0041681a
0x0041681d
0x0041681d
0x004167be
0x00416826
0x00416829
0x0041682b
0x0041682c
0x00416832
0x00416838
0x0041683a
0x0041683c
0x0041683f
0x00416842
0x00416842
0x00416845
0x00000000
0x00000000
0x00000000
0x00416845
0x00416845
0x0041684c
0x00416857
0x0041685f
0x00416866
0x0041686d
0x0041686e
0x00416873
0x0041687e
0x0041687e
0x0041688c
0x00416890
0x00416896
0x00416897
0x004168a7

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 004167DB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004167F7
SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0041686E
VariantClear.OLEAUT32(?), ref: 00416897

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ArraySafe$Bound$ClearIndexVariant
String ID:
API String ID: 920484758-0
Opcode ID: 91199727d6961b42540dbac8dddd4b8886eb87291677ac3a79942a3a37c52e04
Instruction ID: 3729195a26d3938dfdf18e59bcae220f4c3d5881819744d32fab3221a2c6a924
Opcode Fuzzy Hash: 91199727d6961b42540dbac8dddd4b8886eb87291677ac3a79942a3a37c52e04
Instruction Fuzzy Hash: 60410A75A016199BCB61EF59C890BC9B7BDAB48314F0141DAE548A7216DA38EFC08F58

Uniqueness

Uniqueness Score: -1.00%

Function 00434158, Relevance: 6.1, APIs: 4, Instructions: 83
windowCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00434158(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				intOrPtr _t33;
				intOrPtr _t59;
				struct HDC__* _t69;
				void* _t70;
				intOrPtr _t79;
				void* _t84;
				struct HPALETTE__* _t85;
				intOrPtr _t87;
				intOrPtr _t89;

				_t87 = _t89;
				_push(_t70);
				_v8 = __eax;
				_t33 = _v8;
				if( *((intOrPtr*)(_t33 + 0x58)) == 0) {
					return _t33;
				} else {
					L00431F8C(_v8);
					_push(_t87);
					_push(0x434237);
					_push( *[fs:eax]);
					 *[fs:eax] = _t89;
					L00435A60( *((intOrPtr*)(_v8 + 0x58)));
					L00433FD4( *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8));
					L00435C44( *((intOrPtr*)(_v8 + 0x58)));
					_t69 = CreateCompatibleDC(0);
					_t84 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8);
					if(_t84 == 0) {
						 *((intOrPtr*)(_v8 + 0x5c)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x5c)) = SelectObject(_t69, _t84);
					}
					_t85 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 0x10);
					if(_t85 == 0) {
						 *((intOrPtr*)(_v8 + 0x60)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x60)) = SelectPalette(_t69, _t85, 0xffffffff);
						RealizePalette(_t69);
					}
					E004325DC(_v8, _t69);
					_t59 =  *0x503270; // 0x25e68a0
					L004238E4(_t59, _t69, _t70, _v8, _t85);
					_pop(_t79);
					 *[fs:eax] = _t79;
					_push(0x43423e);
					return E00432448(_v8);
				}
			}

0x00434159
0x0043415b
0x0043415e
0x00434161
0x00434168
0x00434242
0x0043416e
0x00434171
0x00434178
0x00434179
0x0043417e
0x00434181
0x0043418a
0x0043419b
0x004341a6
0x004341b2
0x004341bd
0x004341c2
0x004341d8
0x004341c4
0x004341ce
0x004341ce
0x004341e4
0x004341e9
0x00434207
0x004341eb
0x004341f7
0x004341fb
0x004341fb
0x0043420f
0x00434217
0x0043421c
0x00434223
0x00434226
0x00434229
0x00434236
0x00434236

APIs

Part of subcall function 00431F8C: EnterCriticalSection.KERNEL32(0050AF20,00000000,004340D5,00000000,?,?,00435A5E,004364EC,00000000,?,?), ref: 00431F94
Part of subcall function 00431F8C: LeaveCriticalSection.KERNEL32(0050AF20,0050AF20,00000000,004340D5,00000000,?,?,00435A5E,004364EC,00000000,?,?), ref: 00431FA1
Part of subcall function 00431F8C: EnterCriticalSection.KERNEL32(?,0050AF20,0050AF20,00000000,004340D5,00000000,?,?,00435A5E,004364EC,00000000,?,?), ref: 00431FAA

Part of subcall function 00435C44: GetDC.USER32(00000000), ref: 00435C9A
Part of subcall function 00435C44: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00435CAF
Part of subcall function 00435C44: GetDeviceCaps.GDI32(00000000,0000000E), ref: 00435CB9
Part of subcall function 00435C44: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,004341AB,00000000,00434237), ref: 00435CDD
Part of subcall function 00435C44: ReleaseDC.USER32 ref: 00435CE8

CreateCompatibleDC.GDI32(00000000), ref: 004341AD
SelectObject.GDI32(00000000,?), ref: 004341C6
SelectPalette.GDI32(00000000,?,000000FF), ref: 004341EF
RealizePalette.GDI32(00000000), ref: 004341FB

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CriticalPaletteSection$CapsCreateDeviceEnterSelect$CompatibleHalftoneLeaveObjectRealizeRelease
String ID:
API String ID: 979337279-0
Opcode ID: fff205d747e362ac45f31b29a96dbe3da15874876ea942b91e2107e9cca26013
Instruction ID: d87175d742e0276230b70ddd67f8b8822d88cc7ec207c53e0907679b65e79936
Opcode Fuzzy Hash: fff205d747e362ac45f31b29a96dbe3da15874876ea942b91e2107e9cca26013
Instruction Fuzzy Hash: D6310774A00658EFCB04EB59C981D9EB3F5EF4C324B6251A6F804AB366C738EE41DB54

Uniqueness

Uniqueness Score: -1.00%

Function 004FAF4C, Relevance: 6.1, APIs: 4, Instructions: 81
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E004FAF4C(void* __eax, intOrPtr* __edx) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				struct tagRECT _v48;
				signed int _t26;
				signed int _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				void* _t50;
				signed int _t55;
				signed int _t56;
				void* _t57;
				long _t59;
				intOrPtr _t60;
				long _t61;
				intOrPtr _t62;
				intOrPtr* _t65;
				intOrPtr _t66;
				void* _t67;

				_t67 =  &_v32;
				_t65 = __edx;
				_t50 = __eax;
				_t1 = _t50 + 0x4c; // 0x0
				_push( *_t1);
				_push( &_v48);
				_t66 =  *((intOrPtr*)(__edx + 4));
				_t5 = _t50 + 0x4c; // 0x0
				_t55 =  *((intOrPtr*)(__edx + 0xc)) - _t66 -  *_t5;
				_t56 = _t55 >> 1;
				if(_t55 < 0) {
					asm("adc edx, 0x0");
				}
				_t57 = _t56 + _t66;
				_t64 =  *_t65;
				_t7 = _t50 + 0x48; // 0x26036a4
				_t26 =  *((intOrPtr*)(_t65 + 8)) -  *_t65 -  *_t7;
				_t69 = _t26;
				_t27 = _t26 >> 1;
				if(_t26 < 0) {
					asm("adc eax, 0x0");
				}
				_t8 = _t50 + 0x48; // 0x26036a4
				E00422058(_t27 + _t64,  *_t8, _t57);
				E004FA928(_t67,  &(_v48.right), _t69);
				_t32 = _v32;
				_t59 = _v48.left;
				if(_t32 < _t59) {
					OffsetRect( &_v48, _t32 - _t59, 0);
				}
				_t33 = _v20;
				_t60 = _v48.bottom;
				if(_t33 < _t60) {
					OffsetRect( &_v48, 0, _t33 - _t60);
				}
				_t34 = _v32;
				_t61 = _v48.left;
				if(_t34 > _t61) {
					OffsetRect( &_v48, _t34 - _t61, 0);
				}
				_t35 = _v28;
				_t62 = _v48.top;
				if(_t35 > _t62) {
					OffsetRect( &_v48, 0, _t35 - _t62);
				}
				return E0045A99C(_t50, _t67);
			}

0x004faf50
0x004faf53
0x004faf55
0x004faf57
0x004faf5a
0x004faf5f
0x004faf63
0x004faf68
0x004faf68
0x004faf6b
0x004faf6d
0x004faf6f
0x004faf6f
0x004faf72
0x004faf77
0x004faf7b
0x004faf7b
0x004faf7b
0x004faf7e
0x004faf80
0x004faf82
0x004faf82
0x004faf87
0x004faf8a
0x004faf95
0x004faf9a
0x004faf9e
0x004fafa4
0x004fafb0
0x004fafb0
0x004fafb5
0x004fafb9
0x004fafbf
0x004fafcb
0x004fafcb
0x004fafd0
0x004fafd4
0x004fafd9
0x004fafe5
0x004fafe5
0x004fafea
0x004fafee
0x004faff4
0x004fb000
0x004fb000
0x004fb015

APIs

OffsetRect.USER32(00000000,?,00000000), ref: 004FAFB0
OffsetRect.USER32(00000000,00000000,?), ref: 004FAFCB
OffsetRect.USER32(00000000,?,00000000), ref: 004FAFE5
OffsetRect.USER32(00000000,00000000,?), ref: 004FB000

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: OffsetRect
String ID:
API String ID: 177026234-0
Opcode ID: cb210d1bcc2253a2864a3c19c642cccce1b14fcde6a59f5816a3f89f47b6fa68
Instruction ID: 3950c7e52b127766a66e38bdb4d7a031cdb43fbd1104537f8e92d08780ab70a9
Opcode Fuzzy Hash: cb210d1bcc2253a2864a3c19c642cccce1b14fcde6a59f5816a3f89f47b6fa68
Instruction Fuzzy Hash: 0C2183B67042066FC700DE69CC85E6B77DAEBC4344F54C92AF644C7256E734EC0587A6

Uniqueness

Uniqueness Score: -1.00%

Function 0045EEC0, Relevance: 6.1, APIs: 4, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0045EEC0(intOrPtr _a4) {
				int _v8;
				int _v12;
				struct tagRECT _v28;
				int _t40;
				intOrPtr* _t62;

				_t62 = _a4 + 0xfffffffc;
				if(IsZoomed(L00463A10( *_t62)) == 0 || GetParent(L00463A10( *_t62)) != 0) {
					return E004042A8( *_t62, __eflags);
				} else {
					GetWindowRect(L00463A10( *_t62),  &_v28);
					_v8 =  *( *_t62 + 0x48);
					_v12 =  *( *_t62 + 0x4c);
					E0045CF64( *_t62,  &_v12,  &_v8);
					_t40 =  *( *_t62 + 0x48);
					if(_t40 != _v28.right - _v28.left ||  *( *_t62 + 0x4c) != _v28.bottom - _v28.top || _t40 != _v8 ||  *( *_t62 + 0x4c) != _v12) {
						SetWindowPos(L00463A10( *_t62), 0, 0, 0,  *( *_t62 + 0x48),  *( *_t62 + 0x4c), 0x16);
					}
					return  *((intOrPtr*)( *((intOrPtr*)( *_t62)) + 0x58))();
				}
			}

0x0045eeca
0x0045eedc
0x00000000
0x0045eef7
0x0045ef03
0x0045ef0d
0x0045ef15
0x0045ef20
0x0045ef27
0x0045ef32
0x0045ef6e
0x0045ef6e
0x00000000
0x0045ef77

APIs

IsZoomed.USER32(00000000), ref: 0045EED5
GetParent.USER32(00000000), ref: 0045EEEA
GetWindowRect.USER32 ref: 0045EF03
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000016,00000000,?,00000000), ref: 0045EF6E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$ParentRectZoomed
String ID:
API String ID: 3993858495-0
Opcode ID: fce9b03dda0c57b4364e0c7f05c3fd9ad5df3e529952553dbded3a850fd6afc4
Instruction ID: 41642b7a77ac7db3b31fab53975f0018cf67021daefd6c497e2176d5a0a4b7bb
Opcode Fuzzy Hash: fce9b03dda0c57b4364e0c7f05c3fd9ad5df3e529952553dbded3a850fd6afc4
Instruction Fuzzy Hash: 2421D935600104AFDB14EF6DC481E9EB3F5AF18305B20455AFA84E7392EB36EE54CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0047B090, Relevance: 6.1, APIs: 4, Instructions: 75
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E0047B090(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t24;
				intOrPtr _t31;
				signed int _t33;
				intOrPtr _t34;
				intOrPtr _t37;
				intOrPtr _t40;
				struct HWND__* _t43;
				intOrPtr _t46;
				signed int _t50;
				signed int _t51;
				struct HWND__* _t52;

				_t52 = _a4;
				_t51 = _t50 | 0xffffffff;
				_t43 = GetWindow(_t52, 4);
				if(_t43 == 0) {
					L3:
					_v8 = 0;
					L4:
					if(GetCurrentProcessId() == _v8) {
						_t34 =  *0x50b17c; // 0x25b4140
						if(L00423570( *((intOrPtr*)(_t34 + 0x94)), _t43) < 0) {
							_t37 =  *0x50b17c; // 0x25b4140
							L004233BC( *((intOrPtr*)(_t37 + 0x94)), _t43);
						}
					}
					if(_t43 != 0) {
						_t21 =  *0x50b17c; // 0x25b4140
						if(_t52 !=  *((intOrPtr*)(_t21 + 0x170))) {
							_t22 =  *0x50b17c; // 0x25b4140
							if(_t43 ==  *((intOrPtr*)(_t22 + 0x170)) && _t52 != _a8 && IsWindowVisible(_t52) != 0) {
								_t24 =  *0x50b17c; // 0x25b4140
								_push(L00407E5C( *((intOrPtr*)(_t24 + 0xd4))) + 1);
								E00408024();
								_t31 =  *0x50b17c; // 0x25b4140
								_t33 = L00407E5C( *((intOrPtr*)(_t31 + 0xd4)));
								_t46 =  *0x50b17c; // 0x25b4140
								 *( *((intOrPtr*)(_t46 + 0xd4)) + _t33 * 4 - 4) = _t52;
							}
						}
					}
					return _t51;
				}
				_t40 =  *0x50b17c; // 0x25b4140
				if(_t43 ==  *((intOrPtr*)(_t40 + 0x170))) {
					goto L3;
				} else {
					GetWindowThreadProcessId(_t43,  &_v8);
					goto L4;
				}
			}

0x0047b097
0x0047b09a
0x0047b0a5
0x0047b0a9
0x0047b0c4
0x0047b0c6
0x0047b0c9
0x0047b0d1
0x0047b0d3
0x0047b0e7
0x0047b0e9
0x0047b0f6
0x0047b0f6
0x0047b0e7
0x0047b0fd
0x0047b0ff
0x0047b10a
0x0047b10c
0x0047b117
0x0047b128
0x0047b139
0x0047b14f
0x0047b157
0x0047b162
0x0047b167
0x0047b173
0x0047b173
0x0047b117
0x0047b10a
0x0047b17e
0x0047b17e
0x0047b0ab
0x0047b0b6
0x00000000
0x0047b0b8
0x0047b0bd
0x00000000
0x0047b0bd

APIs

GetWindow.USER32(?,00000004), ref: 0047B0A0
GetWindowThreadProcessId.USER32(?,?), ref: 0047B0BD
GetCurrentProcessId.KERNEL32(?,00000004), ref: 0047B0C9
IsWindowVisible.USER32(?), ref: 0047B11F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Window$Process$CurrentThreadVisible
String ID:
API String ID: 3926708836-0
Opcode ID: 244113c8ad9d5ac25f580ebf26d470919350f8359faf86d05392c37ce22d0f28
Instruction ID: d67c3866086eed8f2567cea6c2f7e2bd062bd02c680e354b8e5b6e5be24fa7c2
Opcode Fuzzy Hash: 244113c8ad9d5ac25f580ebf26d470919350f8359faf86d05392c37ce22d0f28
Instruction Fuzzy Hash: 07212C35600240DBE701EB69D9D1FEA73B8EB18314F948177E91897362D738AD058BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00480C94, Relevance: 6.1, APIs: 4, Instructions: 64
fileCOMMON

Download Yara Rule

C-Code - Quality: 47%

			E00480C94(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr* _t6;
				WCHAR* _t15;
				WCHAR* _t24;
				intOrPtr _t36;
				void* _t38;
				intOrPtr _t43;

				_push(0);
				_push(__ebx);
				_t40 = __edx;
				_t38 = __eax;
				_push(_t43);
				_push(0x480d3b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t43;
				_t6 =  *0x505038; // 0x502914
				if( *_t6 != 2) {
					E00406604( &_v8, E004064D4(__edx));
					DeleteFileW(E004064D4(_v8));
					asm("sbb ebx, ebx");
					if(__ebx + 1 != 0 || GetLastError() == 2) {
						_t15 = E004064D4(_t40);
						MoveFileW(E004064D4(_t38), _t15);
						asm("sbb ebx, ebx");
					}
				} else {
					_t24 = E004064D4(__edx);
					MoveFileExW(E004064D4(_t38), _t24, 1);
					asm("sbb ebx, ebx");
				}
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(0x480d42);
				return L00406438( &_v8);
			}

0x00480c97
0x00480c99
0x00480c9c
0x00480c9e
0x00480ca2
0x00480ca3
0x00480ca8
0x00480cab
0x00480cae
0x00480cb6
0x00480ce3
0x00480cf1
0x00480cf9
0x00480cfe
0x00480d0c
0x00480d1a
0x00480d22
0x00480d24
0x00480cb8
0x00480cbc
0x00480cca
0x00480cd2
0x00480cd4
0x00480d27
0x00480d2a
0x00480d2d
0x00480d3a

APIs

MoveFileExW.KERNEL32(00000000,00000000,00000001,00000000,00480D3B,?,?,?,?,00000000), ref: 00480CCA
DeleteFileW.KERNEL32(00000000,00000000,00480D3B,?,?,?,?,00000000), ref: 00480CF1
GetLastError.KERNEL32(00000000,00000000,00480D3B,?,?,?,?,00000000), ref: 00480D00
MoveFileW.KERNEL32(00000000,00000000), ref: 00480D1A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: File$Move$DeleteErrorLast
String ID:
API String ID: 3032323431-0
Opcode ID: a64895e638b222cbc9ae2643fce958be8dbc920040bec2991c0ce87cd7c34bff
Instruction ID: 7f3b113f1acf62cc89dab94fccb5dc75004b554c2e88a941b9d914c948e82687
Opcode Fuzzy Hash: a64895e638b222cbc9ae2643fce958be8dbc920040bec2991c0ce87cd7c34bff
Instruction Fuzzy Hash: 6901C471710354AADB21BFBA8C8296E72DCDB4170CB62497BF001E3692DA3DAD19821D

Uniqueness

Uniqueness Score: -1.00%

Function 004371D0, Relevance: 6.1, APIs: 4, Instructions: 58
windowCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E004371D0(intOrPtr* __eax, struct HICON__* __edx) {
				intOrPtr* _v8;
				struct _ICONINFO _v28;
				intOrPtr _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr _t33;
				intOrPtr _t45;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xffffffd0;
				_v8 = __eax;
				E0043715C(_v8, __edx);
				if(__edx == 0 || GetIconInfo(__edx,  &_v28) == 0) {
					return  *((intOrPtr*)( *_v8 + 0x10))();
				} else {
					_push(_t49);
					_push(0x43724d);
					_push( *[fs:edx]);
					 *[fs:edx] = _t52;
					if(GetObjectW(_v28.hbmColor, 0x18,  &_v52) != 0) {
						_t33 =  *((intOrPtr*)(_v8 + 0x28));
						 *((intOrPtr*)(_t33 + 0xc)) = _v48;
						 *((intOrPtr*)(_t33 + 0x10)) = _v44;
					}
					_pop(_t45);
					 *[fs:eax] = _t45;
					_push(0x437254);
					DeleteObject(_v28.hbmMask);
					return DeleteObject(_v28.hbmColor);
				}
			}

0x004371d1
0x004371d3
0x004371d9
0x004371e3
0x004371ea
0x00437263
0x004371fa
0x004371fc
0x004371fd
0x00437202
0x00437205
0x00437219
0x0043721e
0x00437224
0x0043722a
0x0043722a
0x0043722f
0x00437232
0x00437235
0x0043723e
0x0043724c
0x0043724c

APIs

GetIconInfo.USER32(?,?), ref: 004371F1
GetObjectW.GDI32(?,00000018,?,00000000,0043724D,?,?,?), ref: 00437212
DeleteObject.GDI32(?), ref: 0043723E
DeleteObject.GDI32(?), ref: 00437247

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Object$Delete$IconInfo
String ID:
API String ID: 507670407-0
Opcode ID: eafc0576186234d666b26eab3bf862f164babea7372ad63040be5848730273f8
Instruction ID: 237573efb7d07f23659b9a36111f59eba5243dce53b0c9d3b6df79918595ad87
Opcode Fuzzy Hash: eafc0576186234d666b26eab3bf862f164babea7372ad63040be5848730273f8
Instruction Fuzzy Hash: 201142B5A04204AFDB14DFA6D981D9EF7F9EB8C310F1080AAF944E7351D634DD04CA54

Uniqueness

Uniqueness Score: -1.00%

Function 004FABE0, Relevance: 6.1, APIs: 4, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004FABE0(intOrPtr* __eax, int __ecx, int __edx, int _a4, int _a8) {
				int _v8;
				int _v12;
				int _t29;
				intOrPtr* _t38;
				int _t48;
				int _t51;
				int _t52;

				_t48 = __ecx;
				_t51 = __edx;
				_t38 = __eax;
				_t1 = _t38 + 0x40; // 0xf8031024
				_v8 = MulDiv( *_t1, __edx, __ecx);
				_t5 = _t38 + 0x44; // 0xe8c38b57
				_v12 = MulDiv( *_t5, _a8, _a4);
				if(( *(_t38 + 0x51) & 0x00000001) != 0) {
					_t11 = _t38 + 0x48; // 0xfff77f9e
					_t52 =  *_t11;
				} else {
					_t10 = _t38 + 0x48; // 0xfff77f9e
					_t52 = MulDiv( *_t10, _t51, _t48);
				}
				if(( *(_t38 + 0x51) & 0x00000002) != 0) {
					_t18 = _t38 + 0x4c; // 0xe8c38b50
					_t29 =  *_t18;
				} else {
					_t17 = _t38 + 0x4c; // 0xe8c38b50
					_t29 = MulDiv( *_t17, _a8, _a4);
				}
				return  *((intOrPtr*)( *_t38 + 0x88))(_t29, _t52);
			}

0x004fabe9
0x004fabeb
0x004fabed
0x004fabf1
0x004fabfa
0x004fac05
0x004fac0e
0x004fac15
0x004fac26
0x004fac26
0x004fac17
0x004fac19
0x004fac22
0x004fac22
0x004fac2d
0x004fac42
0x004fac42
0x004fac2f
0x004fac37
0x004fac3b
0x004fac3b
0x004fac5d

APIs

MulDiv.KERNEL32(F8031024,00000008,?), ref: 004FABF5
MulDiv.KERNEL32(E8C38B57,00000008,?), ref: 004FAC09
MulDiv.KERNEL32(FFF77F9E,00000008,?), ref: 004FAC1D
MulDiv.KERNEL32(E8C38B50,00000008,?), ref: 004FAC3B

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aeca573a1f523cd84a5b6c5d94893b92d42509870cb5d486b4303d0bd25cd7f
Instruction ID: 99f03527093ba141d6bc40404b96c78c056c1ce667647233cc714bd5f382aa4c
Opcode Fuzzy Hash: 5aeca573a1f523cd84a5b6c5d94893b92d42509870cb5d486b4303d0bd25cd7f
Instruction Fuzzy Hash: EF115E72604248AFCB44DE9DC884E9A7BECEF49364F1041A6BA08DB256D635DD00CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0045AB18, Relevance: 6.1, APIs: 4, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0045AB18(void* __eax, int __ecx, int __edx) {
				void* _t6;
				intOrPtr _t16;
				int _t27;
				int _t28;
				int _t29;
				int _t30;
				int _t31;
				int _t32;

				_t6 = __eax;
				_t27 = __ecx;
				_t28 = __edx;
				_t16 =  *((intOrPtr*)(__eax + 0x70));
				_t29 =  *(_t16 + 0x14);
				if(_t29 > 0) {
					_t6 = L00459958(_t16, MulDiv(_t29, __edx, __ecx), 3);
				}
				_t30 =  *(_t16 + 0xc);
				if(_t30 > 0) {
					_t6 = L00459958(_t16, MulDiv(_t30, _t28, _t27), 1);
				}
				_t31 =  *(_t16 + 0x10);
				if(_t31 > 0) {
					_t6 = L00459958(_t16, MulDiv(_t31, _t28, _t27), 2);
				}
				_t32 =  *(_t16 + 8);
				if(_t32 > 0) {
					return L00459958(_t16, MulDiv(_t32, _t28, _t27), 0);
				}
				return _t6;
			}

0x0045ab18
0x0045ab1c
0x0045ab1e
0x0045ab20
0x0045ab23
0x0045ab28
0x0045ab3b
0x0045ab3b
0x0045ab40
0x0045ab45
0x0045ab58
0x0045ab58
0x0045ab5d
0x0045ab62
0x0045ab75
0x0045ab75
0x0045ab7a
0x0045ab7f
0x00000000
0x0045ab8f
0x0045ab98

APIs

MulDiv.KERNEL32(?), ref: 0045AB2D
MulDiv.KERNEL32(?), ref: 0045AB4A
MulDiv.KERNEL32(?), ref: 0045AB67
MulDiv.KERNEL32(?), ref: 0045AB84

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d09a4a738704cd79c13d422565b661aeebc8cb04668fc7712c103bd51324070
Instruction ID: 2d14abfe5467a2a3f9f9f11384c12630c08dbb79469c23f87f0f05b8c0661458
Opcode Fuzzy Hash: 0d09a4a738704cd79c13d422565b661aeebc8cb04668fc7712c103bd51324070
Instruction Fuzzy Hash: 7D01562130024CABCB64BD275C44F9B7A5EDF82755B00413E7E2A9B353E96CEC1483A8

Uniqueness

Uniqueness Score: -1.00%

Function 0045AB9C, Relevance: 6.1, APIs: 4, Instructions: 56
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0045AB9C(void* __eax, int __ecx, int __edx) {
				void* _t6;
				intOrPtr _t16;
				int _t27;
				int _t28;
				int _t29;
				int _t30;
				int _t31;
				int _t32;

				_t6 = __eax;
				_t27 = __ecx;
				_t28 = __edx;
				_t16 =  *((intOrPtr*)(__eax + 0x74));
				_t29 =  *(_t16 + 8);
				if(_t29 > 0) {
					_t6 = L00469918(_t16, MulDiv(_t29, __edx, __ecx), 0);
				}
				_t30 =  *(_t16 + 0xc);
				if(_t30 > 0) {
					_t6 = L00469918(_t16, MulDiv(_t30, _t28, _t27), 1);
				}
				_t31 =  *(_t16 + 0x10);
				if(_t31 > 0) {
					_t6 = L00469918(_t16, MulDiv(_t31, _t28, _t27), 2);
				}
				_t32 =  *(_t16 + 0x14);
				if(_t32 > 0) {
					return L00469918(_t16, MulDiv(_t32, _t28, _t27), 3);
				}
				return _t6;
			}

0x0045ab9c
0x0045aba0
0x0045aba2
0x0045aba4
0x0045aba7
0x0045abac
0x0045abbc
0x0045abbc
0x0045abc1
0x0045abc6
0x0045abd9
0x0045abd9
0x0045abde
0x0045abe3
0x0045abf6
0x0045abf6
0x0045abfb
0x0045ac00
0x00000000
0x0045ac13
0x0045ac1c

APIs

MulDiv.KERNEL32(?), ref: 0045ABB1
MulDiv.KERNEL32(?), ref: 0045ABCB
MulDiv.KERNEL32(?), ref: 0045ABE8
MulDiv.KERNEL32(?), ref: 0045AC05

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06f21a4a6913cabdd891ad792af731c2aaea4be6a0c140d5fafcc18630e585cd
Instruction ID: d2d2d10dfd6d333d919af8afa6fafe424737bf13a2787c07879e9aebbf0cf12a
Opcode Fuzzy Hash: 06f21a4a6913cabdd891ad792af731c2aaea4be6a0c140d5fafcc18630e585cd
Instruction Fuzzy Hash: B1018B213002086BCB28BD275C85F5B7A9EDFC2754B00413E7D1A9B353E9BCED1483A8

Uniqueness

Uniqueness Score: -1.00%

Function 00426A4C, Relevance: 6.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00426A4C(void* __eax, struct HINSTANCE__* __edx, WCHAR* _a8) {
				WCHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				WCHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceW(__edx, _v8, _a8);
				 *(_t23 + 0x10) = _t29;
				if(_t29 == 0) {
					E004269AC(_t23, _t24, _t29, _t31, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x426ae8
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				if(_t30 == 0) {
					E004269AC(_t23, _t24, _t30, _t31, _t32);
				}
				_t7 = _t23 + 0x10; // 0x426ae8
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x42652c
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E004264EC(_t23, _t25, _t18);
			}

0x00426a53
0x00426a56
0x00426a58
0x00426a68
0x00426a6a
0x00426a6f
0x00426a72
0x00426a77
0x00426a77
0x00426a78
0x00426a82
0x00426a84
0x00426a89
0x00426a8c
0x00426a91
0x00426a92
0x00426a9c
0x00426a9d
0x00426aa1
0x00426aaa
0x00426ab5

APIs

FindResourceW.KERNEL32(00400000,?,?,0042178C,00400000,00000001,00000000,?,0042698E,00000000,00000000,?,00000000,?,?,004DE870), ref: 00426A63
LoadResource.KERNEL32(00400000,00426AE8,00400000,?,?,0042178C,00400000,00000001,00000000,?,0042698E,00000000,00000000,?,00000000,?), ref: 00426A7D
SizeofResource.KERNEL32(00400000,00426AE8,00400000,00426AE8,00400000,?,?,0042178C,00400000,00000001,00000000,?,0042698E,00000000,00000000), ref: 00426A97
LockResource.KERNEL32(0042652C,00000000,00400000,00426AE8,00400000,00426AE8,00400000,?,?,0042178C,00400000,00000001,00000000,?,0042698E,00000000), ref: 00426AA1

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: fbb838dfb8a984f98673c35adeec76654e77647bee0350a6b9b467abf03efca3
Instruction ID: 432f08dde49b013c1c90c5113a1f6abd0d78333a01f7ecda222a99177f0c13f5
Opcode Fuzzy Hash: fbb838dfb8a984f98673c35adeec76654e77647bee0350a6b9b467abf03efca3
Instruction Fuzzy Hash: 58F0ADB3204210AF8B45EE6DA881D2B73ECEE88364311402FF818DB207DA39DD01837C

Uniqueness

Uniqueness Score: -1.00%

Function 004122DA, Relevance: 6.0, APIs: 4, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004122DA() {
				LONG* _t9;
				void* _t10;
				void* _t11;

				_t10 = 0;
				_t11 = 0x20;
				_t9 = 0x508cc8;
				while( *_t9 != 0 || InterlockedCompareExchange(_t9, 1, 0) != 0) {
					_t9 =  &(_t9[2]);
					_t11 = _t11 - 1;
					if(_t11 != 0) {
						continue;
					} else {
						if(_t10 == 0) {
							_t10 = CreateEventW(0, 0, 0, 0);
						}
						ResetEvent(_t10);
					}
					L10:
					return _t10;
				}
				if(_t9[1] == 0) {
					_t9[1] = CreateEventW(0, 0, 0, 0);
				}
				_t3 =  &(_t9[1]); // 0x0
				_t10 =  *_t3;
				goto L10;
			}

0x004122df
0x004122e1
0x004122e6
0x004122eb
0x00412319
0x0041231c
0x0041231d
0x00000000
0x0041231f
0x00412321
0x00412330
0x00412330
0x00412333
0x00412333
0x00412338
0x0041233d
0x0041233d
0x00412302
0x00412311
0x00412311
0x00412314
0x00412314
0x00000000

APIs

InterlockedCompareExchange.KERNEL32(00508CC8,00000001,00000000), ref: 004122F5
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00508CC8,00000001,00000000), ref: 0041230C
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041232B
ResetEvent.KERNEL32(00000000), ref: 00412333

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Event$Create$CompareExchangeInterlockedReset
String ID:
API String ID: 2790937731-0
Opcode ID: 0b6e7f95aa852f2112274bb35bc7b4f38d397d601fbb649b345fd42333303064
Instruction ID: 15a20e893dbf27fb58bd0bfc73e983c82d05cf0c84bbe54bd10fc2f3c5e9e0e8
Opcode Fuzzy Hash: 0b6e7f95aa852f2112274bb35bc7b4f38d397d601fbb649b345fd42333303064
Instruction Fuzzy Hash: EDF03071380304BAFB3155224E42BA715549B90B69F244076FF14FE2C2D6FC9C51826D

Uniqueness

Uniqueness Score: -1.00%

Function 004B0A08, Relevance: 6.0, APIs: 4, Instructions: 41
registrywindowCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E004B0A08(void* __eax, void* __ecx, void* __edx, void* __eflags) {
				void* _v12;
				int _t13;
				void* _t20;
				void* _t26;

				_push(__ecx);
				_t20 = __edx;
				_t26 = __eax;
				if(E0047FD20(0,  *((intOrPtr*)(0x5042dc + (L0047FAF0() & 0x0000007f) * 4)), 0x80000002,  &_v12, 2, 0) == 0) {
					RegDeleteValueW(_v12, E004064D4(_t26));
					RegCloseKey(_v12);
				}
				_t13 = RemoveFontResourceW(E004064D4(_t20));
				if(_t13 != 0) {
					_t13 = SendNotifyMessageW(0xffff, 0x1d, 0, 0);
				}
				return _t13;
			}

0x004b0a0a
0x004b0a0b
0x004b0a0d
0x004b0a35
0x004b0a44
0x004b0a4d
0x004b0a4d
0x004b0a5a
0x004b0a61
0x004b0a6e
0x004b0a6e
0x004b0a76

APIs

Part of subcall function 0047FD20: RegOpenKeyExW.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,004803F6,?,00000000,?,00480396,00000001,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,004803F6), ref: 0047FD3C

RegDeleteValueW.ADVAPI32(?,00000000,?,00000002,00000000,?,?,?,004B73CF), ref: 004B0A44
RegCloseKey.ADVAPI32(00000000,?,00000000,?,00000002,00000000,?,?,?,004B73CF), ref: 004B0A4D
RemoveFontResourceW.GDI32(00000000), ref: 004B0A5A
SendNotifyMessageW.USER32(0000FFFF,0000001D,00000000,00000000), ref: 004B0A6E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CloseDeleteFontMessageNotifyOpenRemoveResourceSendValue
String ID:
API String ID: 4283692357-0
Opcode ID: 84d79110bd9787835a152570ffcba4b337baf7bd1386a28fcc43072c0620c182
Instruction ID: 68f3d6a6108326f095a0386f20cc17951fd509f527c3e1173e60b2f3b34f874f
Opcode Fuzzy Hash: 84d79110bd9787835a152570ffcba4b337baf7bd1386a28fcc43072c0620c182
Instruction Fuzzy Hash: C2F030B174031126E610B6B65C46F9B62CC5B48748F11883AB645EB2C3D97CDC04476D

Uniqueness

Uniqueness Score: -1.00%

Function 004589A4, Relevance: 6.0, APIs: 4, Instructions: 37
threadCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E004589A4(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t9;
				signed int _t16;
				struct HWND__* _t19;
				DWORD* _t20;

				_t17 = __ecx;
				_push(__ecx);
				_t19 = __eax;
				_t16 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t20) != 0 && GetCurrentProcessId() ==  *_t20) {
					_t9 =  *0x50b0f0; // 0x25e690c
					if(GlobalFindAtomW(E004064D4(_t9)) !=  *0x50b0ec) {
						_t16 = 0 | L0045783C(_t19, _t17) != 0x00000000;
					} else {
						_t16 = 0 | GetPropW(_t19,  *0x50b0ec & 0x0000ffff) != 0x00000000;
					}
				}
				return _t16;
			}

0x004589a4
0x004589a6
0x004589a7
0x004589a9
0x004589ad
0x004589c4
0x004589db
0x004589fb
0x004589dd
0x004589ed
0x004589ed
0x004589db
0x00458a03

APIs

GetWindowThreadProcessId.USER32(00000000), ref: 004589B1
GetCurrentProcessId.KERNEL32(00000000,?,?,00000000,00000000,00458A1C,-000000F4,?,?,004585DE,?,-0000000C,?), ref: 004589BA
GlobalFindAtomW.KERNEL32(00000000), ref: 004589CF
GetPropW.USER32 ref: 004589E6

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Process$AtomCurrentFindGlobalPropThreadWindow
String ID:
API String ID: 2582817389-0
Opcode ID: 02dd8a062a381729000d46ead6dfb8f7d2f5d6fbe194fcf8eb24a44b854f72ac
Instruction ID: c5b696a72588346249ad42f44ef6febf25fa79375e452dd96b9cf53597f99a7f
Opcode Fuzzy Hash: 02dd8a062a381729000d46ead6dfb8f7d2f5d6fbe194fcf8eb24a44b854f72ac
Instruction Fuzzy Hash: 44F0A792212122A6E6227B7B5C8597F328CAD00315300423FFC80E6197DF2DCC8991BF

Uniqueness

Uniqueness Score: -1.00%

Function 004FE5D0, Relevance: 6.0, APIs: 4, Instructions: 35
filesynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E004FE5D0(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				void* _t31;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_t21 = __ecx;
				DeleteFileW(E004064D4( *((intOrPtr*)(_t31 - 8))));
				DeleteFileW(E004064D4( *((intOrPtr*)(_t31 - 4))));
				_push(_t31);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E004FE1F4(__ebx, _t21, __edi, __esi, _t33);
				_pop(_t27);
				 *[fs:eax] = _t27;
				_t28 = 0x4fe609;
				 *[fs:eax] = _t28;
				_push(E004FE640);
				if( *(_t31 - 0x18) != 0) {
					ReleaseMutex( *(_t31 - 0x18));
					return CloseHandle( *(_t31 - 0x18));
				}
				return 0;
			}

0x004fe5d0
0x004fe5d0
0x004fe5d9
0x004fe5e7
0x004fe5ee
0x004fe5f4
0x004fe5f7
0x004fe5fa
0x004fe601
0x004fe604
0x004fe615
0x004fe618
0x004fe61b
0x004fe624
0x004fe62a
0x00000000
0x004fe633
0x004fe638

APIs

DeleteFileW.KERNEL32(00000000,00000000,004FE639,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668), ref: 004FE5D9
DeleteFileW.KERNEL32(00000000,00000000,00000000,004FE639,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668), ref: 004FE5E7
ReleaseMutex.KERNEL32(00000000,004FE640,004FE639,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668), ref: 004FE62A
CloseHandle.KERNEL32(00000000,00000000,004FE640,004FE639,?,?,00000005,?,00000000,00000000,00000000,Inno-Setup-RegSvr-Mutex,?,00000005,00000000,004FE668), ref: 004FE633

Strings

Setup, xrefs: 004FE306
.msg, xrefs: 004FE39A
Inno-Setup-RegSvr-Mutex, xrefs: 004FE325
.lst, xrefs: 004FE3B4
/REGU, xrefs: 004FE2EE
/REG, xrefs: 004FE2CA

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: DeleteFile$CloseHandleMutexRelease
String ID: .lst$.msg$/REG$/REGU$Inno-Setup-RegSvr-Mutex$Setup
API String ID: 3118534315-3672972446
Opcode ID: fa85f2ac61a7da334839cd553e2a91bc4c710ab9cea3fb493a88d8ee35a5527e
Instruction ID: a01dffca68a05d34cbb6413aea90befd7ed39e7fb173efff64097f4da04a2672
Opcode Fuzzy Hash: fa85f2ac61a7da334839cd553e2a91bc4c710ab9cea3fb493a88d8ee35a5527e
Instruction Fuzzy Hash: 56F0BB315082089EEB01EBB6D81296E77A8DB45304BA2083BF500E25A2C63D4C11C65C

Uniqueness

Uniqueness Score: -1.00%

Function 0047A5A0, Relevance: 6.0, APIs: 4, Instructions: 35
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0047A5A0(void* __ecx) {
				void* _t2;
				_Unknown_base(*)()* _t3;
				long _t4;
				_Unknown_base(*)()* _t5;
				DWORD* _t8;

				_t2 =  *0x50b17c; // 0x25b4140
				if( *((char*)(_t2 + 0xa9)) == 0) {
					if( *0x50b194 == 0) {
						_t4 = GetCurrentThreadId();
						_t5 =  *0x503d94; // 0x47a55c
						_t2 = SetWindowsHookExW(3, _t5, 0, _t4);
						 *0x50b194 = _t2;
					}
					if( *0x50b190 == 0) {
						_t2 = CreateEventW(0, 0, 0, 0);
						 *0x50b190 = _t2;
					}
					if( *0x50b198 == 0) {
						_t3 =  *0x503d90; // 0x47a500
						_t2 = CreateThread(0, 0x3e8, _t3, 0, 0, _t8);
						 *0x50b198 = _t2;
					}
				}
				return _t2;
			}

0x0047a5a1
0x0047a5ad
0x0047a5b6
0x0047a5b8
0x0047a5c0
0x0047a5c8
0x0047a5cd
0x0047a5cd
0x0047a5d9
0x0047a5e3
0x0047a5e8
0x0047a5e8
0x0047a5f4
0x0047a5fb
0x0047a608
0x0047a60d
0x0047a60d
0x0047a5f4
0x0047a613

APIs

GetCurrentThreadId.KERNEL32 ref: 0047A5B8
SetWindowsHookExW.USER32(00000003,0047A55C,00000000,00000000), ref: 0047A5C8
CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,0047DB9B), ref: 0047A5E3
CreateThread.KERNEL32 ref: 0047A608

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CreateThread$CurrentEventHookWindows
String ID:
API String ID: 1195359707-0
Opcode ID: fce3583073313e64405e8b32e39b1966a418c3b0a299ade769e8da19304fed34
Instruction ID: 5af294596652428082a2d10271691ea12361138bf71b4d4e0de4d4f74ec09c2b
Opcode Fuzzy Hash: fce3583073313e64405e8b32e39b1966a418c3b0a299ade769e8da19304fed34
Instruction Fuzzy Hash: 25F03071684344BEF7109B61ECABF6E3798A365705F54402AF30C6A2D1C3B81C99E71A

Uniqueness

Uniqueness Score: -1.00%

Function 004DEA98, Relevance: 6.0, APIs: 4, Instructions: 34
sleepCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E004DEA98(signed char __eax, void* __ecx, void* __edx, void* __eflags) {
				long _t7;
				void* _t9;
				void* _t14;
				void* _t15;
				signed char* _t16;

				_t17 = __eflags;
				_push(__ecx);
				_t14 = __ecx;
				_t15 = __edx;
				 *_t16 = __eax;
				while(1) {
					E004AD13C( *_t16 & 0x000000ff, _t15, _t17);
					asm("sbb ebx, ebx");
					_t9 = _t9 + 1;
					if(_t9 != 0 || GetLastError() == 2 || GetLastError() == 3) {
						break;
					}
					_t7 = GetTickCount();
					_t17 = _t7 - _t14 - 0x7d0;
					if(_t7 - _t14 < 0x7d0) {
						Sleep(0x32);
						continue;
					}
					break;
				}
				return _t9;
			}

0x004dea98
0x004dea9b
0x004dea9c
0x004dea9e
0x004deaa0
0x004deaa3
0x004deaa9
0x004deab1
0x004deab3
0x004deab6
0x00000000
0x00000000
0x004deacc
0x004dead3
0x004dead8
0x004deadc
0x00000000
0x004deadc
0x00000000
0x004dead8
0x004deae9

APIs

GetLastError.KERNEL32 ref: 004DEAB8
GetLastError.KERNEL32 ref: 004DEAC2
GetTickCount.KERNEL32 ref: 004DEACC
Sleep.KERNEL32(00000032), ref: 004DEADC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLast$CountSleepTick
String ID:
API String ID: 2227064392-0
Opcode ID: 26c987573a3ac03fda9003f2f7abd22ae2aa61c61d0e0d0eeac86a8fad1a22e2
Instruction ID: 1e46be7a8cc3b4af5acae25bd8e9ff16efaa17af0cf3f7a25a61c22b9beaa5f2
Opcode Fuzzy Hash: 26c987573a3ac03fda9003f2f7abd22ae2aa61c61d0e0d0eeac86a8fad1a22e2
Instruction Fuzzy Hash: A7E02BA230924329DA33356F189157F6545DAD2B15F28093FF0C4D6342C81D4D0E512E

Uniqueness

Uniqueness Score: -1.00%

Function 004D8C08, Relevance: 6.0, APIs: 4, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004D8C08() {
				long _v8;
				void _v12;
				void* _v16;
				void* _t16;
				HANDLE* _t17;

				_t17 =  &_v12;
				_t16 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 8, _t17) != 0) {
					_v12 = 0;
					if(GetTokenInformation(_v16, 0x12,  &_v12, 4,  &_v8) != 0) {
						_t16 = _v16;
					}
					CloseHandle( *_t17);
				}
				return _t16;
			}

0x004d8c09
0x004d8c0c
0x004d8c1e
0x004d8c22
0x004d8c40
0x004d8c42
0x004d8c42
0x004d8c4a
0x004d8c4a
0x004d8c55

APIs

GetCurrentProcess.KERNEL32(00000008), ref: 004D8C11
OpenProcessToken.ADVAPI32(00000000,00000008), ref: 004D8C17
GetTokenInformation.ADVAPI32(00000008,00000012(TokenIntegrityLevel),00000000,00000004,00000008,00000000,00000008), ref: 004D8C39
CloseHandle.KERNEL32(00000000,00000008,TokenIntegrityLevel,00000000,00000004,00000008,00000000,00000008), ref: 004D8C4A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: ce45d488497232d6495bdc8f9f740d195bf4cfa8be9f4b37a496b3fc2c77e68e
Instruction ID: 51fa21f25c06e328c69f26ed10c7d9100417013b7cd6ce2efd1497f92d756bd2
Opcode Fuzzy Hash: ce45d488497232d6495bdc8f9f740d195bf4cfa8be9f4b37a496b3fc2c77e68e
Instruction Fuzzy Hash: 6CF012716153007BD70096B58C81E5773DC9B44754F04483E7E54D72C1EA39DD489666

Uniqueness

Uniqueness Score: -1.00%

Function 00470E14, Relevance: 6.0, APIs: 4, Instructions: 24
threadCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00470E14(void* __eax) {
				char _v8;
				signed char _v12;
				void* _t11;
				void* _t14;
				long _t15;

				_t15 = _t14 + 0xfffffff8;
				_t11 = __eax;
				_v12 = GetActiveWindow();
				_v8 = 0;
				if(_t11 == 0) {
					EnumThreadWindows(GetCurrentThreadId(), E00470DBC, _t15);
				} else {
					EnumWindows(E00470DDC, _t15);
				}
				return _v12 & 0x000000ff;
			}

0x00470e15
0x00470e18
0x00470e1f
0x00470e22
0x00470e29
0x00470e48
0x00470e2b
0x00470e33
0x00470e33
0x00470e55

APIs

GetActiveWindow.USER32 ref: 00470E1A
EnumWindows.USER32(00470DDC), ref: 00470E33
GetCurrentThreadId.KERNEL32 ref: 00470E42
EnumThreadWindows.USER32(00000000,00470DBC), ref: 00470E48

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: EnumThreadWindows$ActiveCurrentWindow
String ID:
API String ID: 1202916826-0
Opcode ID: 8663e4fa51a25b22250b6f616eba7e7924732261bf014aeab7ed04c21ec16752
Instruction ID: 7712d82115595b5bbe0424392478e81f51976f73aa844afc3d5bfb08cee64333
Opcode Fuzzy Hash: 8663e4fa51a25b22250b6f616eba7e7924732261bf014aeab7ed04c21ec16752
Instruction Fuzzy Hash: 60E0865168D340BAF60062B60C027AA7AC8CA82324F14892FFCE8A72C3D53D4C05627F

Uniqueness

Uniqueness Score: -1.00%

Function 004A0690, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 308
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E004A0690(intOrPtr* __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v41;
				signed short _v44;
				char _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				intOrPtr _t142;
				intOrPtr* _t143;
				intOrPtr _t147;
				intOrPtr _t173;
				intOrPtr* _t175;
				signed int _t184;
				void* _t241;
				intOrPtr _t242;
				signed int _t243;
				void* _t244;
				void* _t245;
				intOrPtr _t263;
				intOrPtr _t265;
				intOrPtr _t275;
				signed int _t313;
				intOrPtr _t317;
				intOrPtr _t318;
				void* _t319;
				void* _t320;
				void* _t322;
				void* _t323;
				intOrPtr _t324;

				_t322 = _t323;
				_t324 = _t323 + 0xffffff9c;
				_push(__esi);
				_push(__edi);
				_v104 = 0;
				_v96 = 0;
				_v100 = 0;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				_t241 = __ecx;
				_v41 = __edx;
				_v8 = __eax;
				E00408880(_v8);
				_t263 =  *0x415080; // 0x415084
				L004071B8( &_v40, _t263);
				_push(_t322);
				_push(0x4a0ae3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t324;
				if(_v8 == 0) {
					L0049FA7C(_t241, "Variant is null, cannot invoke", 1, __edi, __esi, 0, 0, 0);
					E00404A74();
				}
				L00403540( &_v40, 0x20);
				if(_t241 != 0) {
					_v56 = L004076D0(_t241);
					_push(_t322);
					_push(0x4a07b4);
					_push( *[fs:eax]);
					 *[fs:eax] = _t324;
					if(_v8 == 0) {
						E00408D5C(0x485350,  &_v80);
						L00411930(_v80, 1);
						E00404A74();
					}
					_push( &_v52);
					_push(0x800);
					_push(1);
					_push( &_v56);
					_t142 =  *0x504c90; // 0x502b84
					_push(_t142);
					_t143 = _v8;
					_push(_t143);
					if( *((intOrPtr*)( *_t143 + 0x14))() != 0) {
						E00408D5C(0x485358,  &_v84);
						L00411930(_v84, 1);
						E00404A74();
					}
					_pop(_t265);
					 *[fs:eax] = _t265;
					_push(0x4a07bb);
					_t147 = _v56;
					_push(_t147);
					L0041510C();
					return _t147;
				} else {
					_v52 = 0;
					_v64 = 0;
					_v72 = 0;
					_t242 = _a8;
					_t316 = _t242 + 1;
					_v68 = _t242 + 1;
					if(_v41 == 0) {
						_v44 = 3;
					} else {
						_v44 = 4;
						_v64 = 1;
						_v72 = 0x5041b8;
					}
					_v60 = E00482D60(1);
					_push(_t322);
					_push(0x4a0a86);
					_push( *[fs:edx]);
					 *[fs:edx] = _t324;
					_v76 = E00403018(_t316 << 4);
					L00403540(_t163, _a8 + 1 << 4);
					_push(_t322);
					_push(0x4a0a47);
					_push( *[fs:edx]);
					 *[fs:edx] = _t324;
					_t317 = _t242;
					if(_t317 >= 0) {
						_t320 = _t317 + 1;
						_t245 = 0;
						do {
							_t311 = _a8 - _t245 + _a8 - _t245;
							if( *((short*)(_a12 + (_a8 - _t245 + _a8 - _t245) * 8)) != 0x100) {
								_t313 = _a8 - _t245 + _a8 - _t245;
								if( *((short*)(_a12 + _t313 * 8)) == 8 ||  *((short*)(_a12 + _t313 * 8)) == 0x102) {
									 *((short*)(_v76 + (_t245 + _t245) * 8)) = 8;
									L0041B3A8( &_v92, _t245, _a12 + _t313 * 8, _t313, _t320);
									 *((intOrPtr*)(_v76 + 8 + (_t245 + _t245) * 8)) = L00407750(_v92);
									E00482E40(_v60,  *((intOrPtr*)(_v76 + 8 + (_t245 + _t245) * 8)));
								} else {
									 *((short*)(_v76 + (_t245 + _t245) * 8)) = 0x400c;
									 *((intOrPtr*)(_v76 + 8 + (_t245 + _t245) * 8)) = L0040766C();
									E004031D0(_a12 + _t313 * 8, 0x10,  *((intOrPtr*)(_v76 + 8 + (_t245 + _t245) * 8)));
								}
							} else {
								 *((short*)(_v76 + (_t245 + _t245) * 8)) = 8;
								E0041A3CC( &_v88, _t245, _a12 + _t311 * 8, _t311, _t320);
								 *((intOrPtr*)(_v76 + 8 + (_t245 + _t245) * 8)) = L004076D0(_v88);
								E00482E40(_v60,  *((intOrPtr*)(_v76 + 8 + (_t245 + _t245) * 8)));
							}
							_t245 = _t245 + 1;
							_t320 = _t320 - 1;
						} while (_t320 != 0);
					}
					_t173 =  *0x504c90; // 0x502b84
					_t175 = _v8;
					_t243 =  *((intOrPtr*)( *_t175 + 0x18))(_t175, _v52, _t173, 0x800, _v44 & 0x0000ffff,  &_v76, _a4,  &_v40,  &_v48);
					if((_t243 & 0x80000000) != 0) {
						if(_t243 != 0x80020009) {
							E00410F70(_t243,  &_v104);
							L00411930(_v104, 1);
							E00404A74();
						} else {
							_push(_v36);
							_push(0x4a0b24);
							_push(_v32);
							E004060D4();
							E004066A8( &_v96, _v100);
							L00411930(_v96, 1);
							E00404A74();
						}
					}
					_pop(_t275);
					 *[fs:eax] = _t275;
					_push(0x4a0a4e);
					_t318 = _a8;
					if(_t318 >= 0) {
						_t319 = _t318 + 1;
						_t244 = 0;
						do {
							_t184 = _t244 + _t244;
							if( *((short*)(_v76 + _t184 * 8)) == 0x400c &&  *((intOrPtr*)(_v76 + 8 + _t184 * 8)) != 0) {
								L00407680( *((intOrPtr*)(_v76 + 8 + (_t244 + _t244) * 8)));
							}
							_t244 = _t244 + 1;
							_t319 = _t319 - 1;
						} while (_t319 != 0);
					}
					return E00403034(_v76);
				}
			}

0x004a0691
0x004a0693
0x004a0697
0x004a0698
0x004a069b
0x004a069e
0x004a06a1
0x004a06a4
0x004a06a7
0x004a06aa
0x004a06ad
0x004a06b0
0x004a06b2
0x004a06b5
0x004a06bb
0x004a06c3
0x004a06c9
0x004a06d0
0x004a06d1
0x004a06d6
0x004a06d9
0x004a06e0
0x004a06f4
0x004a06f9
0x004a06f9
0x004a0708
0x004a070f
0x004a0722
0x004a0727
0x004a0728
0x004a072d
0x004a0730
0x004a0737
0x004a0741
0x004a0750
0x004a0755
0x004a0755
0x004a075d
0x004a075e
0x004a0763
0x004a0768
0x004a0769
0x004a076e
0x004a076f
0x004a0772
0x004a077a
0x004a0784
0x004a0793
0x004a0798
0x004a0798
0x004a079f
0x004a07a2
0x004a07a5
0x004a07aa
0x004a07ad
0x004a07ae
0x004a07b3
0x004a0711
0x004a0713
0x004a07bd
0x004a07c2
0x004a07c5
0x004a07ca
0x004a07cb
0x004a07d2
0x004a07ea
0x004a07d4
0x004a07d4
0x004a07da
0x004a07e1
0x004a07e1
0x004a07fc
0x004a0801
0x004a0802
0x004a0807
0x004a080a
0x004a0819
0x004a0829
0x004a0830
0x004a0831
0x004a0836
0x004a0839
0x004a083c
0x004a0840
0x004a0846
0x004a0847
0x004a0849
0x004a0850
0x004a085d
0x004a08ac
0x004a08b8
0x004a08ce
0x004a08dd
0x004a08f1
0x004a0903
0x004a090a
0x004a0911
0x004a092e
0x004a0948
0x004a0948
0x004a085f
0x004a0866
0x004a0875
0x004a0889
0x004a089b
0x004a089b
0x004a094d
0x004a094e
0x004a094e
0x004a0849
0x004a096f
0x004a0979
0x004a0982
0x004a098a
0x004a0992
0x004a09d2
0x004a09e1
0x004a09e6
0x004a0994
0x004a0994
0x004a0997
0x004a099c
0x004a09a7
0x004a09b2
0x004a09c1
0x004a09c6
0x004a09c6
0x004a0992
0x004a09ed
0x004a09f0
0x004a09f3
0x004a09f8
0x004a09fd
0x004a09ff
0x004a0a00
0x004a0a02
0x004a0a04
0x004a0a0f
0x004a0a2c
0x004a0a2c
0x004a0a31
0x004a0a32
0x004a0a32
0x004a0a02
0x004a0a46
0x004a0a46

APIs

SysFreeString.OLEAUT32(?), ref: 004A07AE

Part of subcall function 00408D5C: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00408DA1

Strings

LQH, xrefs: 004A06EF
Variant is null, cannot invoke, xrefs: 004A06E8

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: String$FreeLoad
String ID: LQH$Variant is null, cannot invoke
API String ID: 62760895-3362311783
Opcode ID: e00ff518b07a38c679171dfb521fb24418a68dbbfc2ee5892375a28d1e188b10
Instruction ID: 4281f03da930e244770ebd361fafc753e52955df40b18311f485a30cc41cdd94
Opcode Fuzzy Hash: e00ff518b07a38c679171dfb521fb24418a68dbbfc2ee5892375a28d1e188b10
Instruction Fuzzy Hash: D3C19E74A002099FCB10DFA9C981A9EB7F5FF59314F24803AE804EB351D779AD46CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0048410C, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 256
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0048410C(intOrPtr* __eax, void* __ebx, intOrPtr* __ecx, signed char* __edx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, signed int* _a8) {
				char _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				signed int _v48;
				signed int _v52;
				signed int* _v56;
				signed int* _v60;
				signed int _v64;
				signed int* _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				char _v84;
				signed int _v1620;
				signed int _t140;
				intOrPtr _t141;
				intOrPtr* _t142;
				intOrPtr _t145;
				signed char _t153;
				signed char _t154;
				signed int* _t161;
				signed int _t203;
				signed int _t204;
				void* _t205;
				intOrPtr _t220;
				intOrPtr _t222;
				intOrPtr _t223;
				intOrPtr _t224;
				signed int _t253;
				signed char* _t256;
				void* _t259;
				void* _t260;
				intOrPtr _t261;
				void* _t275;

				_t275 = __fp0;
				_t259 = _t260;
				_t261 = _t260 + 0xfffff9b0;
				_v44 = __ecx;
				_t256 = __edx;
				_v40 = __eax;
				_t222 =  *0x415080; // 0x415084
				L004071B8( &_v36, _t222);
				_push(_t259);
				_push(0x484437);
				_push( *[fs:eax]);
				 *[fs:eax] = _t261;
				_v52 = 0;
				_push(_t259);
				_push(0x484414);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t261;
				_t253 =  *(__edx + 1) & 0x000000ff;
				if(_t253 > 0x40) {
					_t220 =  *0x504bd8; // 0x4836f8
					L004119EC(_t220, 1);
					E00404A74();
				}
				if(_t253 == 0) {
					L25:
					_v84 =  &_v1620;
					_v80 = _v44 + 4;
					_v76 = _t253;
					_v72 = _t256[2] & 0x000000ff;
					_t223 =  *_v44;
					_t140 =  *_t256 & 0x000000ff;
					if(_t140 != 4) {
						if(_t140 == 1 && _t253 == 0 && _a4 != 0) {
							_t140 = 3;
						}
					} else {
						if((_v1620 & 0x00000fff) == 9) {
							_t140 = 8;
						}
						 *_v44 = 0xfffffffd;
						_v80 = _v80 - 4;
						_v72 = _v72 + 1;
					}
					_push(0);
					_push( &_v36);
					_push(_a4);
					_t210 =  &_v84;
					_push( &_v84);
					_push(_t140);
					_push(0);
					_t141 =  *0x504c90; // 0x502b84
					_push(_t141);
					_push(_t223);
					_t142 = _v40;
					_push(_t142);
					if( *((intOrPtr*)( *_t142 + 0x18))() != 0) {
						E004846E8();
					}
					_t203 = _v52;
					if(_t203 == 0) {
						L39:
						_t145 = 0;
						_pop(_t224);
						 *[fs:eax] = _t224;
						_push(0x48441b);
						_t204 = _v52;
						if(_t204 == 0) {
							L41:
							return _t145;
						} else {
							goto L40;
						}
						do {
							L40:
							_t204 = _t204 - 1;
							_t145 =  *((intOrPtr*)(_t259 + _t204 * 8 - 0x250));
							_push(_t145);
							L0041510C();
						} while (_t204 != 0);
						goto L41;
					} else {
						do {
							_t203 = _t203 - 1;
							_t257 = _t259 + _t203 * 8 - 0x250;
							_t254 =  *((intOrPtr*)(_t259 + _t203 * 8 - 0x250 + 4));
							if( *((intOrPtr*)(_t259 + _t203 * 8 - 0x250 + 4)) != 0) {
								L004076B4( *_t257, _t210, _t254);
							}
						} while (_t203 != 0);
						goto L39;
					}
				} else {
					_v56 = _a8;
					_v60 = _t259 + (_t253 + _t253) * 8 - 0x650;
					_t205 = 0;
					do {
						_v60 = _v60 - 0x10;
						_t153 = _t256[_t205 + 3] & 0x000000ff;
						_v48 = _t153 & 0x7f;
						_t154 = _t153 & 0x00000080;
						if(_v48 != 0xa) {
							if(_v48 != 0x48) {
								if(_t154 == 0) {
									if(_v48 != 0xc) {
										 *_v60 = _v48;
										_v60[2] =  *_v56;
										if(_v48 >= 5 && _v48 <= 7) {
											_v56 =  &(_v56[1]);
											_v60[3] =  *_v56;
										}
									} else {
										if( *_v56 != 0x100) {
											_t161 = _v56;
											 *_v60 =  *_t161;
											_v60[1] = _t161[1];
											_v60[2] = _t161[2];
											_v60[3] = _t161[3];
											_v56 =  &(_v56[3]);
										} else {
											_v68 = _t259 + _v52 * 8 - 0x250;
											 *_v68 = L004076D0(_v56[2]);
											_v68[1] = 0;
											 *_v60 = 8;
											_v60[2] =  *_v68;
											_v52 = _v52 + 1;
										}
									}
								} else {
									if(_v48 == 0xc &&  *( *_v56) == 0x100) {
										L00417260( *_v56, 8,  *_v56, _t253, _t275);
									}
									 *_v60 = _v48 | 0x00004000;
									_v60[2] =  *_v56;
								}
							} else {
								_v64 = _t259 + _v52 * 8 - 0x250;
								if(_t154 == 0) {
									 *_v64 = L004076D0( *_v56);
									 *(_v64 + 4) = 0;
									 *_v60 = 8;
									_v60[2] =  *_v64;
								} else {
									 *_v64 = L004076D0( *( *_v56));
									 *(_v64 + 4) =  *_v56;
									 *_v60 = 0x4008;
									_v60[2] = _v64;
								}
								_v52 = _v52 + 1;
							}
							_v56 =  &(_v56[1]);
						} else {
							 *_v60 = 0xa;
							_v60[2] = 0x80020004;
						}
						_t205 = _t205 + 1;
					} while (_t253 != _t205);
					goto L25;
				}
			}

0x0048410c
0x0048410d
0x0048410f
0x00484118
0x0048411b
0x0048411d
0x00484123
0x00484129
0x00484130
0x00484131
0x00484136
0x00484139
0x0048413e
0x00484143
0x00484144
0x00484149
0x0048414c
0x0048414f
0x00484156
0x00484158
0x00484165
0x0048416a
0x0048416a
0x00484171
0x00484338
0x0048433e
0x00484347
0x0048434a
0x00484351
0x00484357
0x00484359
0x0048435f
0x0048438c
0x00484398
0x00484398
0x00484361
0x00484370
0x00484372
0x00484372
0x0048437a
0x00484380
0x00484384
0x00484384
0x0048439d
0x004843a2
0x004843a6
0x004843a7
0x004843aa
0x004843ab
0x004843ac
0x004843ae
0x004843b3
0x004843b4
0x004843b5
0x004843b8
0x004843c0
0x004843c5
0x004843c5
0x004843ca
0x004843cf
0x004843ed
0x004843ed
0x004843ef
0x004843f2
0x004843f5
0x004843fa
0x004843ff
0x00484413
0x00484413
0x00000000
0x00000000
0x00000000
0x00484401
0x00484401
0x00484401
0x00484402
0x00484409
0x0048440a
0x0048440f
0x00000000
0x004843d1
0x004843d1
0x004843d1
0x004843d2
0x004843d9
0x004843de
0x004843e4
0x004843e4
0x004843e9
0x00000000
0x004843d1
0x00484177
0x0048417a
0x00484188
0x0048418b
0x0048418d
0x0048418d
0x00484191
0x0048419e
0x004841a1
0x004841a7
0x004841c5
0x0048423d
0x00484288
0x00484303
0x0048430d
0x00484314
0x0048431c
0x00484328
0x00484328
0x0048428a
0x00484292
0x004842d2
0x004842da
0x004842e2
0x004842eb
0x004842f4
0x004842f7
0x00484294
0x0048429e
0x004842af
0x004842b6
0x004842bc
0x004842ca
0x004842cd
0x004842cd
0x00484292
0x0048423f
0x00484243
0x00484262
0x00484262
0x00484272
0x0048427c
0x0048427c
0x004841c7
0x004841d1
0x004841d6
0x00484215
0x0048421c
0x00484222
0x00484230
0x004841d8
0x004841e7
0x004841f1
0x004841f7
0x00484203
0x00484203
0x00484233
0x00484233
0x0048432b
0x004841a9
0x004841ac
0x004841b5
0x004841b5
0x0048432f
0x00484330
0x00000000
0x0048418d

APIs

SysFreeString.OLEAUT32(?), ref: 0048440A

Strings

H, xrefs: 004841C1
48H, xrefs: 00484160

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: FreeString
String ID: 48H$H
API String ID: 3341692771-1350225257
Opcode ID: 57153d850ff5c1ada33f49336ce6d8587e68e96bab4bfb2cfc2a608684ad3357
Instruction ID: 6209862446b9a05c525dd6954695b70c720c436fc9378fb4ce7688ec02123eb0
Opcode Fuzzy Hash: 57153d850ff5c1ada33f49336ce6d8587e68e96bab4bfb2cfc2a608684ad3357
Instruction Fuzzy Hash: 34B1F374A01609EFDB10DF99D880A9EBBF1FF89314F24856AE805AB361D738AC45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004B8190, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 73%

			E004B8190(void* __eax, void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __fp0, signed int _a4) {
				intOrPtr _v4104;
				intOrPtr* _v4108;
				signed int _v4109;
				intOrPtr _v4113;
				intOrPtr _v4117;
				char _v4119;
				intOrPtr _v4123;
				signed int _v4235;
				intOrPtr _v4239;
				intOrPtr _v4243;
				intOrPtr _v4247;
				char _v4375;
				char _v4503;
				void _v4567;
				intOrPtr _v4572;
				intOrPtr _v4576;
				intOrPtr _t90;
				signed char _t124;
				intOrPtr _t125;
				intOrPtr _t152;
				intOrPtr _t158;
				intOrPtr _t170;
				void* _t172;
				void* _t174;
				void* _t176;
				void* _t177;
				intOrPtr _t179;

				_t176 = _t177;
				_push(__eax);
				_t179 = _t177 + 0xffffffffffffee28;
				_v4109 = __ecx;
				_t172 = __eax;
				_v4104 = 0;
				_t124 = _v4109 & 0x000000ff ^ 0x00000001;
				if(_t124 == 0) {
					_v4108 = E004AAA68(1, 0, 2, 2);
				} else {
					_v4108 = E004AAA68(1, 0, 2, 0);
				}
				_push(_t176);
				_push(0x4b83f9);
				_push( *[fs:edx]);
				 *[fs:edx] = _t179;
				if(_t124 == 0) {
					_t130 = 0x1c0;
					E004AAA00(_v4108, 0x1c0,  &_v4567);
					E004AAA28(_v4108, _v4239);
					E004AAC74(_v4108);
				} else {
					L00403540( &_v4567, 0x1c0);
					_t130 = 0x1c0;
					 *((intOrPtr*)( *_v4108 + 0x10))();
				}
				_t125 =  *((intOrPtr*)(_t172 + 4));
				while(_t125 != 0) {
					_v4119 =  *(_t125 + 0x10) & 0x0000ffff;
					_v4117 =  *((intOrPtr*)(_t125 + 8));
					_v4113 =  *((intOrPtr*)(_t125 + 0xc));
					E004B8114( &_v4119, 0xa, _t176);
					E004B8114(_t125 + 0x12,  *((intOrPtr*)(_t125 + 0xc)), _t176);
					_pop(_t130);
					_t170 = _v4243;
					if(_t170 < 0 || _t170 >= 0x7fffffff) {
						L004ADAE0(L"NumRecs range exceeded", _t125);
					}
					_v4243 = _v4243 + 1;
					_t125 =  *((intOrPtr*)(_t125 + 4));
				}
				E004B8090(_t130, _t176);
				 *((intOrPtr*)( *_v4108))();
				if(_v4572 != 0) {
					L004ADAE0(L"EndOffset range exceeded", _t125);
				}
				 *((intOrPtr*)( *_v4108))();
				_v4239 = _v4576;
				E004AAA28(_v4108, 0);
				_t152 =  *0x504d5c; // 0x503e88
				memcpy( &_v4567, _t152 + (( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff) + ( *(_t172 + 0x10) & 0x000000ff)) * 8, 0x10 << 2);
				_t174 = _t172;
				L004B7F3C(_t125,  *((intOrPtr*)(_t174 + 0x14)),  &_v4503, 0x80);
				if((_v4109 & 0x000000ff ^ 0x00000001 | _a4) != 0) {
					L004B7F3C(_t125,  *((intOrPtr*)(_t174 + 0x18)),  &_v4375, 0x80);
				}
				_t90 =  *((intOrPtr*)(_t174 + 0x20));
				if(_t90 > _v4247) {
					_v4247 = _t90;
				}
				_v4235 =  *(_t174 + 0x1d) & 0x000000ff | _v4235;
				_v4123 = L004AB488( &_v4567, 0x1bc);
				FlushFileBuffers( *(_v4108 + 4));
				 *((intOrPtr*)( *_v4108 + 0x10))();
				_pop(_t158);
				 *[fs:eax] = _t158;
				_push(0x4b8400);
				return E00404098(_v4108);
			}

0x004b8191
0x004b8199
0x004b819a
0x004b81a3
0x004b81ab
0x004b81af
0x004b81bc
0x004b81c1
0x004b81f3
0x004b81c3
0x004b81d7
0x004b81d7
0x004b81fb
0x004b81fc
0x004b8201
0x004b8204
0x004b8209
0x004b823b
0x004b8246
0x004b8257
0x004b8262
0x004b820b
0x004b8218
0x004b8223
0x004b8230
0x004b8230
0x004b8267
0x004b826c
0x004b8272
0x004b827c
0x004b8285
0x004b8297
0x004b82a4
0x004b82a9
0x004b82aa
0x004b82b2
0x004b82c1
0x004b82c1
0x004b82c6
0x004b82cc
0x004b82cf
0x004b82d4
0x004b82e8
0x004b82f1
0x004b82f8
0x004b82f8
0x004b830b
0x004b8313
0x004b8321
0x004b8330
0x004b8345
0x004b8347
0x004b8358
0x004b8369
0x004b837b
0x004b837b
0x004b8380
0x004b8389
0x004b838b
0x004b838b
0x004b83a3
0x004b83b5
0x004b83c5
0x004b83dd
0x004b83e2
0x004b83e5
0x004b83e8
0x004b83f8

APIs

Part of subcall function 004AAC74: SetEndOfFile.KERNEL32(?,?,004B8267,00000000,004B83F9,?,00000000,00000002,00000002), ref: 004AAC7B

FlushFileBuffers.KERNEL32(?,00000080), ref: 004B83C5

Strings

EndOffset range exceeded, xrefs: 004B82F3
NumRecs range exceeded, xrefs: 004B82BC

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: File$BuffersFlush
String ID: EndOffset range exceeded$NumRecs range exceeded
API String ID: 3593489403-659731555
Opcode ID: 4ec4d2012c6bba52b351b74d71a9ec4575551dd185005456a7f1660f2adf8b85
Instruction ID: ee00a79579a7ad40b7723e2a7905eded266f5c9248d3b4cea0f408e4ae8acfa2
Opcode Fuzzy Hash: 4ec4d2012c6bba52b351b74d71a9ec4575551dd185005456a7f1660f2adf8b85
Instruction Fuzzy Hash: 8E616434A002548FCB24DF25C891ADAB7B5FF49304F0444DAE989AB396DB74AEC5CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00458FB4, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E00458FB4(intOrPtr __eax, intOrPtr __ecx, intOrPtr __edx, void* __fp0) {
				intOrPtr _v8;
				intOrPtr* _v12;
				struct tagPOINT _v20;
				intOrPtr _v24;
				char _v28;
				char _v36;
				void* __edi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t71;
				intOrPtr _t74;
				intOrPtr _t88;
				intOrPtr _t105;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t120;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t129;
				void* _t133;
				intOrPtr _t134;
				void* _t137;

				_t137 = __fp0;
				_v8 = __ecx;
				_t88 = __edx;
				_t124 = __eax;
				 *0x50b0fc = __eax;
				_push(_t133);
				_push(0x459159);
				_push( *[fs:edx]);
				 *[fs:edx] = _t134;
				_v12 = 0;
				 *0x50b104 = 0;
				_t135 =  *((char*)(__eax + 0x8b));
				if( *((char*)(__eax + 0x8b)) != 0) {
					E004042A8(__eax, __eflags);
					__eflags =  *0x50b0fc;
					if( *0x50b0fc != 0) {
						__eflags = _v12;
						if(_v12 == 0) {
							_v12 = E0045836C(1, _t124);
							 *0x50b104 = 1;
						}
						_t128 =  *((intOrPtr*)(_v12 + 0x40));
						_t105 =  *0x4561d8; // 0x456230
						_t54 = E00404238( *((intOrPtr*)(_v12 + 0x40)), _t105);
						__eflags = _t54;
						if(_t54 == 0) {
							_t129 =  *((intOrPtr*)(_v12 + 0x40));
							__eflags =  *((intOrPtr*)(_t129 + 0x30));
							if( *((intOrPtr*)(_t129 + 0x30)) != 0) {
								L14:
								__eflags = 0;
								L00409188(0,  &_v36, 0);
								E0045AAEC(_t129,  &_v28,  &_v36);
								_t60 = _v12;
								 *((intOrPtr*)(_t60 + 0x4c)) = _v28;
								 *((intOrPtr*)(_t60 + 0x50)) = _v24;
								L15:
								__eflags =  *(_v12 + 0x4c) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x40)) + 0x48));
								L00409188( *(_v12 + 0x4c) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x40)) + 0x48)),  &_v28,  *((intOrPtr*)(_v12 + 0x50)) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x40)) + 0x4c)));
								_t65 = _v12;
								 *((intOrPtr*)(_t65 + 0x54)) = _v28;
								 *((intOrPtr*)(_t65 + 0x58)) = _v24;
								goto L16;
							}
							_t116 =  *0x4561d8; // 0x456230
							_t71 = E00404238(_t129, _t116);
							__eflags = _t71;
							if(_t71 != 0) {
								goto L14;
							}
							GetCursorPos( &_v20);
							_t74 = _v12;
							 *(_t74 + 0x4c) = _v20.x;
							 *((intOrPtr*)(_t74 + 0x50)) = _v20.y;
							goto L15;
						} else {
							GetWindowRect(L00463A10(_t128), _v12 + 0x4c);
							L16:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							L17:
							E00458E44(_v12, _v8, _t88, _t133, _t137);
							_pop(_t115);
							 *[fs:eax] = _t115;
							return 0;
						}
					}
					_pop(_t120);
					 *[fs:eax] = _t120;
					return 0;
				}
				E004042A8(__eax, _t135);
				if( *0x50b0fc != 0) {
					__eflags = _v12;
					if(_v12 == 0) {
						_v12 = E00458244(_t124, 1);
						 *0x50b104 = 1;
					}
					goto L17;
				}
				_pop(_t123);
				 *[fs:eax] = _t123;
				return 0;
			}

0x00458fb4
0x00458fbd
0x00458fc0
0x00458fc2
0x00458fc4
0x00458fcc
0x00458fcd
0x00458fd2
0x00458fd5
0x00458fda
0x00458fdd
0x00458fe4
0x00458feb
0x00459041
0x00459046
0x0045904d
0x0045905c
0x00459060
0x00459070
0x00459073
0x00459073
0x0045907d
0x00459082
0x00459088
0x0045908d
0x0045908f
0x004590ad
0x004590b0
0x004590b4
0x004590e1
0x004590e6
0x004590e8
0x004590f5
0x004590fa
0x00459100
0x00459106
0x00459109
0x0045911b
0x00459121
0x00459126
0x0045912c
0x00459132
0x00000000
0x00459132
0x004590b8
0x004590be
0x004590c3
0x004590c5
0x00000000
0x00000000
0x004590cb
0x004590d0
0x004590d6
0x004590dc
0x00000000
0x00459091
0x004590a0
0x00459135
0x0045913e
0x0045913f
0x00459140
0x00459141
0x00459142
0x0045914a
0x00459151
0x00459154
0x00000000
0x00459154
0x0045908f
0x00459051
0x00459054
0x00000000
0x00459054
0x00458ff6
0x00459002
0x00459011
0x00459015
0x00459029
0x0045902c
0x0045902c
0x00000000
0x00459015
0x00459006
0x00459009
0x00000000

Strings

0bE, xrefs: 00459082, 004590B8

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID:
String ID: 0bE
API String ID: 0-2320990392
Opcode ID: e13f7d6370c10b124c3a81da77be748c2a4f6f97622c2c1ad18eef8128e78c0f
Instruction ID: ab28fe0629281bc3a8d619394c7c62e31fb3bd75857d63831c3b6f351b1356e2
Opcode Fuzzy Hash: e13f7d6370c10b124c3a81da77be748c2a4f6f97622c2c1ad18eef8128e78c0f
Instruction Fuzzy Hash: E551C930A00605DFDB00DF59C881A9EBBF5FF98315F1184AAEC04A7392D779AD89CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040480A, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

C-Code - Quality: 54%

			E0040480A(void* __ebx, long __edi, void* __esi, void* __ebp, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v44;
				intOrPtr* _t31;
				long _t34;
				long _t35;
				intOrPtr* _t36;
				intOrPtr* _t38;
				long _t42;
				intOrPtr _t44;
				long _t45;
				void* _t46;
				intOrPtr* _t47;
				void* _t51;
				long _t52;
				void* _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t64;
				intOrPtr* _t67;
				intOrPtr* _t69;
				long _t70;
				void* _t73;
				long* _t74;
				void* _t76;
				long _t77;
				intOrPtr _t80;

				_t76 = __ebp;
				_t73 = __esi;
				_t70 = __edi;
				_t51 = __ebx;
				_t31 = _a4;
				if(( *(_t31 + 4) & 0x00000006) == 0) {
					if( *_t31 == 0xeedfade) {
						_t34 =  *( *(_t31 + 0x18));
						goto L6;
					} else {
						asm("cld");
						L00403F54(_t31);
						_t69 =  *0x50600c; // 0x411e78
						if(_t69 != 0) {
							_t34 =  *_t69();
							if(_t34 != 0) {
								L6:
								_push(_t51);
								_push(_t73);
								_push(_t70);
								_push(_t76);
								_t57 =  *((intOrPtr*)(_a8 + 4));
								_t52 =  *(_t57 + 5);
								_t9 = _t57 + 9; // 0xf
								_t74 = _t9;
								_t77 = _t34;
								while(1) {
									L7:
									_t35 =  *_t74;
									__eflags = _t35;
									if(_t35 == 0) {
										break;
									}
									_t70 = _t77;
									while(1) {
										_t46 =  *_t35;
										__eflags = _t46 - _t70;
										if(_t46 == _t70) {
											goto L17;
										}
										__eflags =  *((intOrPtr*)(_t46 - 0x34)) -  *((intOrPtr*)(_t70 - 0x34));
										if( *((intOrPtr*)(_t46 - 0x34)) !=  *((intOrPtr*)(_t70 - 0x34))) {
											L14:
											_t70 =  *(_t70 - 0x30);
											_t35 =  *_t74;
											__eflags = _t70;
											if(_t70 != 0) {
												_t70 =  *_t70;
												continue;
											} else {
												_t74 =  &(_t74[2]);
												_t52 = _t52 - 1;
												__eflags = _t52;
												if(_t52 != 0) {
													goto L7;
												} else {
												}
											}
										} else {
											_t47 =  *((intOrPtr*)(_t46 - 0x38));
											_t67 =  *((intOrPtr*)(_t70 - 0x38));
											_t62 =  *_t47;
											__eflags =  *_t47 -  *_t67;
											if( *_t47 !=  *_t67) {
												goto L14;
											} else {
												__eflags = _t67 + 1;
												L004034D0(_t47 + 1, _t62, _t67 + 1);
												if(__eflags == 0) {
													goto L17;
												} else {
													goto L14;
												}
											}
										}
										goto L26;
									}
									break;
								}
								L17:
								_t36 = _a4;
								__eflags =  *_t36 - 0xeedfade;
								_t64 =  *((intOrPtr*)(_t36 + 0x18));
								_t58 =  *((intOrPtr*)(_t36 + 0x14));
								if( *_t36 == 0xeedfade) {
									__eflags =  *0x50202c - 1;
									if( *0x50202c <= 1) {
										goto L25;
									}
									__eflags =  *0x502028;
									if( *0x502028 > 0) {
										goto L25;
									}
									_t42 = UnhandledExceptionFilter( &_v12);
									__eflags = _t42;
									_t58 = _t58;
									_t64 = _t64;
									_t36 = _t36;
									if(_t42 != 0) {
										goto L25;
									}
								} else {
									_t44 = E004045F8( *0x506010(), _a12, _t70);
									__eflags =  *0x50202c;
									if( *0x50202c <= 0) {
										L21:
										_t64 = _t44;
										_t36 = _a4;
										_t58 =  *((intOrPtr*)(_t36 + 0xc));
										L25:
										 *(_t36 + 4) =  *(_t36 + 4) | 0x00000002;
										 *0x506018(_a8, 0x404940, _t36, 0, _t74, _t58, _t64, _t36,  *[fs:ebx]);
										_pop(_t55);
										_t38 = E00408F00();
										_push( *_t38);
										 *_t38 = _t80;
										 *((intOrPtr*)(_v12.ContextRecord + 4)) = E0040496C;
										E00404634(_v44, _t55, _t74);
										goto ( *((intOrPtr*)(_t55 + 4)));
									}
									__eflags =  *0x502028;
									if( *0x502028 > 0) {
										goto L21;
									}
									_t45 = UnhandledExceptionFilter( &_v12);
									__eflags = _t45;
									_t44 = _t44;
									if(_t45 != 0) {
										goto L21;
									}
								}
							} else {
							}
						}
					}
				}
				L26:
				return 1;
			}

0x0040480a
0x0040480a
0x0040480a
0x0040480a
0x0040480c
0x00404817
0x00404823
0x00404847
0x00000000
0x00404825
0x00404825
0x00404826
0x0040482b
0x00404833
0x00404839
0x0040483d
0x00404849
0x0040484d
0x0040484e
0x0040484f
0x00404850
0x00404851
0x00404854
0x00404857
0x00404857
0x0040485a
0x0040485c
0x0040485c
0x0040485c
0x0040485e
0x00404860
0x00000000
0x00000000
0x00404862
0x00404868
0x00404868
0x0040486a
0x0040486c
0x00000000
0x00000000
0x00404871
0x00404874
0x0040488d
0x0040488d
0x00404890
0x00404892
0x00404894
0x00404866
0x00000000
0x00404896
0x00404896
0x00404899
0x00404899
0x0040489a
0x00000000
0x0040489c
0x0040489f
0x0040489a
0x00404876
0x00404876
0x00404879
0x0040487e
0x00404880
0x00404882
0x00000000
0x00404884
0x00404885
0x00404886
0x0040488b
0x00000000
0x00000000
0x00000000
0x00000000
0x0040488b
0x00404882
0x00000000
0x00404874
0x00000000
0x00404868
0x004048a5
0x004048a5
0x004048a9
0x004048af
0x004048b2
0x004048b5
0x004048f8
0x004048ff
0x00000000
0x00000000
0x00404901
0x00404908
0x00000000
0x00000000
0x00404912
0x00404917
0x0040491a
0x0040491b
0x0040491c
0x0040491d
0x00000000
0x00000000
0x004048b7
0x004048c1
0x004048c6
0x004048cd
0x004048ed
0x004048ed
0x004048ef
0x004048f3
0x0040491f
0x0040492c
0x0040493a
0x00404940
0x00404945
0x0040494a
0x00404950
0x00404959
0x00404964
0x00404969
0x00404969
0x004048cf
0x004048d6
0x00000000
0x00000000
0x004048de
0x004048e3
0x004048e6
0x004048e7
0x00000000
0x00000000
0x004048e7
0x00000000
0x0040483f
0x0040483d
0x00404833
0x00404823
0x0040498c
0x00404991

APIs

UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 004048DE

Strings

\ A, xrefs: 004048B7

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID: \ A
API String ID: 3192549508-246963042
Opcode ID: b97392c655309058888e59248b43969724a22c519db2f725899549ab6976b3e9
Instruction ID: 944144e095c94397589ecc7d7f5ba5fd6072c5f8c0ec0c01817427e5dfe7f2a2
Opcode Fuzzy Hash: b97392c655309058888e59248b43969724a22c519db2f725899549ab6976b3e9
Instruction Fuzzy Hash: F041B3F56042419FD310EF25C884B2BB7A5EBC4324F15887EE644AB3A1C738EC85CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00411074, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106
threadCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00411074(void* __ebx, void* __edi, void* __esi) {
				int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _t53;
				void* _t54;
				intOrPtr _t80;
				void* _t83;
				void* _t84;
				void* _t86;
				void* _t87;
				intOrPtr _t90;

				_t89 = _t90;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t90);
				_push(0x411187);
				_push( *[fs:eax]);
				 *[fs:eax] = _t90;
				_v8 = GetThreadLocale();
				_t53 = 1;
				_t86 = 0x508bbc;
				_t83 = 0x508bec;
				do {
					_t3 = _t53 + 0x44; // 0x45
					E00411038(_t3 - 1, _t53 - 1,  &_v16, 0xb, _t89);
					E00406448(_t86, _v16);
					_t6 = _t53 + 0x38; // 0x39
					E00411038(_t6 - 1, _t53 - 1,  &_v20, 0xb, _t89);
					E00406448(_t83, _v20);
					_t53 = _t53 + 1;
					_t83 = _t83 + 4;
					_t86 = _t86 + 4;
				} while (_t53 != 0xd);
				_t54 = 1;
				_t87 = 0x508c1c;
				_t84 = 0x508c38;
				do {
					_t8 = _t54 + 5; // 0x6
					asm("cdq");
					_v12 = _t8 % 7;
					E00411038(_v12 + 0x31, _t54 - 1,  &_v24, 6, _t89);
					E00406448(_t87, _v24);
					E00411038(_v12 + 0x2a, _t54 - 1,  &_v28, 6, _t89);
					E00406448(_t84, _v28);
					_t54 = _t54 + 1;
					_t84 = _t84 + 4;
					_t87 = _t87 + 4;
				} while (_t54 != 8);
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(0x41118e);
				return L00406440( &_v28, 4);
			}

0x00411075
0x00411079
0x0041107a
0x0041107b
0x0041107c
0x0041107d
0x0041107e
0x00411084
0x00411085
0x0041108a
0x0041108d
0x00411095
0x00411098
0x0041109d
0x004110a2
0x004110a7
0x004110b6
0x004110ba
0x004110c5
0x004110d9
0x004110dd
0x004110e8
0x004110ed
0x004110ee
0x004110f1
0x004110f4
0x004110f9
0x004110fe
0x00411103
0x00411108
0x00411108
0x00411110
0x00411113
0x0041112b
0x00411136
0x00411150
0x0041115b
0x00411160
0x00411161
0x00411164
0x00411167
0x0041116e
0x00411171
0x00411174
0x00411186

APIs

GetThreadLocale.KERNEL32(00000000,00411187,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00411090

Strings

X*P, xrefs: 00411142
<*P, xrefs: 0041111D

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LocaleThread
String ID: <*P$X*P
API String ID: 635194068-628368254
Opcode ID: 52dc1b13e0e2b0ffdd653057525880b3fe53e6f7c7912d1678e4b8d21896f8ab
Instruction ID: 5836da1b360b6cbb10a15eeaf75eb8dd80c660c823a45f6c764e19074c377661
Opcode Fuzzy Hash: 52dc1b13e0e2b0ffdd653057525880b3fe53e6f7c7912d1678e4b8d21896f8ab
Instruction Fuzzy Hash: 5731C871F005086FD704DB45C882EAE7BADE788314F65447BFA09DB381D939ED818369

Uniqueness

Uniqueness Score: -1.00%

Function 00468B5C, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00468B5C(int __eax, signed int __ecx, void* __edx, void* __fp0, char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v5;
				char _v12;
				struct tagMSG _v40;
				char _v48;
				void* __ebp;
				int _t33;
				int _t40;
				char* _t41;
				void* _t43;
				int _t47;
				int _t60;
				intOrPtr _t61;
				intOrPtr _t75;
				int _t82;
				int _t83;
				void* _t84;
				void* _t90;

				_t90 = __fp0;
				_t33 = __eax;
				_v5 = __ecx;
				_t60 = __eax;
				if(__edx != 0) {
					L17:
					return _t33;
				}
				_t86 = _v5 & 0x00000040;
				if((_v5 & 0x00000040) == 0) {
					L00409188(_a12,  &_v48, _a8);
					_t64 =  &_v12;
					_t33 = E00466EE4(_t60,  &_v12,  &_v48, __eflags);
					_t82 = _t33;
					__eflags = _t82;
					if(_t82 == 0) {
						goto L17;
					}
					__eflags = _v12 - 0x12;
					if(__eflags != 0) {
						__eflags = _v12 - 2;
						if(_v12 != 2) {
							goto L17;
						}
						_t40 = PeekMessageW( &_v40, L00463A10( *((intOrPtr*)(_t60 + 0x14))), 0x203, 0x203, 0);
						__eflags = _t40;
						if(_t40 == 0) {
							_t75 =  *0x4561d8; // 0x456230
							_t47 = E00404238( *((intOrPtr*)(_t82 + 4)), _t75);
							__eflags = _t47;
							if(_t47 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t82 + 4)))) + 0xd8))();
							}
						}
						_t61 =  *((intOrPtr*)(_t82 + 4));
						__eflags =  *((char*)(_t61 + 0x8b)) - 1;
						if( *((char*)(_t61 + 0x8b)) == 1) {
							_t43 = E0045A28C(_t61);
							__eflags = _t43 - 1;
							if(_t43 == 1) {
								__eflags = 0;
								L0045B8C4( *((intOrPtr*)(_t82 + 4)), _t64 | 0xffffffff, 0, _t84, _t90);
							}
						}
						_t41 = _a4;
						 *_t41 = 1;
						return _t41;
					}
					L00409188(_a12,  &_v48, _a8);
					return E00468240(_t60,  &_v48, _t82, __eflags);
				}
				L00409188(_a12,  &_v48, _a8);
				_t33 = E00466EE4(_t60,  &_v12,  &_v48, _t86);
				_t83 = _t33;
				if(_t83 != 0 &&  *((intOrPtr*)(_t83 + 4)) != 0 && _v12 == 2) {
					L00459510();
					return L0045BF8C( *((intOrPtr*)(_t83 + 4)), 0, 0, 1);
				}
				goto L17;
			}

0x00468b5c
0x00468b5c
0x00468b64
0x00468b67
0x00468b6b
0x00468c83
0x00468c83
0x00468c83
0x00468b71
0x00468b75
0x00468bd1
0x00468bd9
0x00468bde
0x00468be3
0x00468be5
0x00468be7
0x00000000
0x00000000
0x00468bed
0x00468bf1
0x00468c0f
0x00468c13
0x00000000
0x00000000
0x00468c2e
0x00468c33
0x00468c35
0x00468c3a
0x00468c40
0x00468c45
0x00468c47
0x00468c4e
0x00468c4e
0x00468c47
0x00468c54
0x00468c57
0x00468c5e
0x00468c62
0x00468c67
0x00468c69
0x00468c6e
0x00468c73
0x00468c73
0x00468c69
0x00468c78
0x00468c7b
0x00000000
0x00468c7b
0x00468bfc
0x00000000
0x00468c08
0x00468b80
0x00468b8d
0x00468b92
0x00468b96
0x00468bb0
0x00000000
0x00468bbe
0x00000000

Strings

@, xrefs: 00468B71
0bE, xrefs: 00468C3A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: PointsWindow
String ID: 0bE$@
API String ID: 4123100037-122265358
Opcode ID: 8395b34624a7b65c480beec848bd49da82369e2aa995b346deec5b7bbbe1a8e2
Instruction ID: da6395379e4789248bb68ae9639d3fa7cdc2a154edf4300eda36607f7254129a
Opcode Fuzzy Hash: 8395b34624a7b65c480beec848bd49da82369e2aa995b346deec5b7bbbe1a8e2
Instruction Fuzzy Hash: B5319431A012049BCB20DF68C881ADEB3A4AF05714F00866FFC5567392EF39ED49C75A

Uniqueness

Uniqueness Score: -1.00%

Function 004046DE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E004046DE(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x50202c <= 1 ||  *0x502028 > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						L00403F54(_t22);
						_t43 =  *0x506010; // 0x41205c
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E004045F8(_t30, _t44, __edi);
									if( *0x50202c <= 0 ||  *0x502028 > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x506018(_a8, 0x4047b8, _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33);
											_t46 = _v8;
											_t25 = E00408F00();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E004047E4;
											E00404648(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}

0x004046de
0x004046de
0x004046de
0x004046de
0x004046e0
0x004046eb
0x004046f7
0x004046fa
0x004046fd
0x0040476d
0x00404774
0x00000000
0x00000000
0x00404787
0x0040478f
0x00404790
0x00404791
0x00404792
0x00000000
0x00000000
0x004046ff
0x004046ff
0x00404700
0x00404705
0x0040470d
0x00404713
0x00404717
0x0040471d
0x0040472b
0x00404764
0x00404764
0x00404766
0x0040476a
0x00000000
0x0040472d
0x0040472d
0x00404739
0x00000000
0x00404744
0x0040474a
0x00404752
0x00404753
0x00404759
0x0040475b
0x0040475f
0x00404794
0x00404794
0x004047b2
0x004047b8
0x004047bc
0x004047c1
0x004047c7
0x004047d3
0x004047dd
0x004047e2
0x004047e2
0x00404753
0x00404739
0x0040472b
0x00404717
0x0040470d
0x004046fd
0x00404809

APIs

UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 0040474A
UnhandledExceptionFilter.KERNEL32(?,?,?,Function_000046E0), ref: 00404787

Strings

\ A, xrefs: 00404705

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID: \ A
API String ID: 3192549508-246963042
Opcode ID: b94d733d0d93fb81519900a0396d60ac4bce79653e49cdbb28dcf04530c8336d
Instruction ID: 1bc4bc4d7f7abdd48e6c3e0363a4802e2756a4669e4bd8d61a5b9db4a02780b2
Opcode Fuzzy Hash: b94d733d0d93fb81519900a0396d60ac4bce79653e49cdbb28dcf04530c8336d
Instruction Fuzzy Hash: 063180B4604341AFD720EB15C888B2B77E9EBC5714F15C56EF608A7291C738EC44CA29

Uniqueness

Uniqueness Score: -1.00%

Function 004AA2DC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76
windowCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E004AA2DC(void* __eax, void* __ebx, void* __edx) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr _t27;
				intOrPtr _t31;
				short* _t47;
				void* _t52;
				intOrPtr _t59;
				void* _t69;

				_v8 = 0;
				_t52 = __eax;
				_push(_t69);
				_push(0x4aa3bb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t69 + 0xffffffe8;
				_t27 =  *((intOrPtr*)(__edx + 8));
				_t55 =  *((intOrPtr*)(_t27 + 8)) == 0x70b;
				if( *((intOrPtr*)(_t27 + 8)) == 0x70b &&  *((intOrPtr*)(_t27 + 0xc)) == 0x202) {
					_v16 =  *((intOrPtr*)(_t27 + 0x18));
					_v12 =  *((intOrPtr*)(_t27 + 0x1c));
					_t31 = _v16;
					if(_t31 >= 0 && _t31 < _v12) {
						_t33 = _v12 - _t31 + 1;
						if(_v12 - _t31 + 1 > 1) {
							E004067BC( &_v8, _t55, _t33);
							_v28 = _v16;
							_v24 = _v12;
							_v20 = E004064D4(_v8);
							E004067BC( &_v8, _t55, SendMessageW(L00463A10(_t52), 0x44b, 0,  &_v28));
							if(_v8 != 0) {
								_t47 = E004064D4(_v8);
								ShellExecuteW(L00463A10(_t52), L"open", _t47, 0, 0, 1);
							}
						}
					}
				}
				_pop(_t59);
				 *[fs:eax] = _t59;
				_push(0x4aa3c2);
				return L00406438( &_v8);
			}

0x004aa2e5
0x004aa2e8
0x004aa2ec
0x004aa2ed
0x004aa2f2
0x004aa2f5
0x004aa2f8
0x004aa2fe
0x004aa304
0x004aa31a
0x004aa320
0x004aa323
0x004aa328
0x004aa336
0x004aa33a
0x004aa340
0x004aa348
0x004aa34e
0x004aa359
0x004aa379
0x004aa382
0x004aa38d
0x004aa3a0
0x004aa3a0
0x004aa382
0x004aa33a
0x004aa328
0x004aa3a7
0x004aa3aa
0x004aa3ad
0x004aa3ba

APIs

SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004AA36F
ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004AA3A0

Strings

open, xrefs: 004AA393

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ExecuteMessageSendShell
String ID: open
API String ID: 812272486-2758837156
Opcode ID: 6226b72d3a908e6b84aff4b5a83d13064dfccb5c0d45ef645fc4726cb8e648b8
Instruction ID: e303f42d2cf0764dadaa1299d1c4007adbfe1eed8e9935e8a168fd1f04f58973
Opcode Fuzzy Hash: 6226b72d3a908e6b84aff4b5a83d13064dfccb5c0d45ef645fc4726cb8e648b8
Instruction Fuzzy Hash: EF214F70A00204AFDF04DFA9C882B9EB7B8EB55704F51847AA805E7292D779AE50CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00404C1E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00404C1E(struct _EXCEPTION_POINTERS _a4, long _a8) {
				long _v12;
				void* _t18;
				long _t19;
				long _t24;
				long _t25;
				void* _t29;
				void* _t30;
				void* _t39;
				void* _t40;

				if((_a4.ExceptionRecord->ExceptionFlags & 0x00000006) != 0) {
					L43:
					__eflags = 0;
					return 0;
				} else {
					__eflags =  *0x502028;
					if( *0x502028 > 0) {
						L36:
						__eax = _a4.ExceptionRecord;
						asm("cld");
						__eax = L00403F54(_a4.ExceptionRecord);
						__edx = _a8;
						__eax =  *0x506018(_a8, 0x404c66, __eax, 0);
						__ebx = _v12;
						__eflags =  *__ebx - 0xeedfade;
						__edx =  *(__ebx + 0x14);
						__eax =  *(__ebx + 0x18);
						if( *__ebx == 0xeedfade) {
							L40:
							__eax = E004046C0(__eax);
							__ecx =  *0x506004; // 0x412150
							__eflags = __ecx;
							if(__ecx != 0) {
								__eax =  *__ecx();
							}
							__ecx = _v12;
							__eax = 0xd9;
							__edx =  *(__ecx + 0x14);
							 *__esp =  *(__ecx + 0x14);
							_pop( *0x502004);
							 *0x502000 = 0xd9;
							E00405084();
							return 0xd9;
						} else {
							__edx =  *0x506010; // 0x41205c
							__eflags = __edx;
							if(__edx == 0) {
								L1:
								_t32 = _v12;
								_t18 =  *_v12;
								_t39 = _t18 - 0xc0000092;
								if(_t39 > 0) {
									__eflags = _t18 - 0xc0000096;
									if(__eflags > 0) {
										_t19 = _t18 - 0xc00000fd;
										__eflags = _t19;
										if(_t19 == 0) {
										} else {
											__eflags = _t19 != 0x3d;
											if(_t19 != 0x3d) {
												goto L32;
											}
										}
									} else {
										if(__eflags == 0) {
										} else {
											_t24 = _t18 - 0xc0000093;
											__eflags = _t24;
											if(_t24 == 0) {
												goto L27;
											} else {
												_t25 = _t24 - 1;
												__eflags = _t25;
												if(_t25 == 0) {
												} else {
													__eflags = _t25 != 1;
													if(_t25 != 1) {
														goto L32;
													}
												}
											}
										}
									}
								} else {
									if(_t39 == 0) {
										L24:
									} else {
										_t40 = _t18 - 0xc000008e;
										if(_t40 > 0) {
											__eflags = _t18 + 0x3fffff71 - 2;
											if(__eflags < 0) {
												goto L24;
											} else {
												if(__eflags != 0) {
													goto L32;
												}
											}
										} else {
											if(_t40 == 0) {
											} else {
												_t29 = _t18 - 0xc0000005;
												if(_t29 == 0) {
												} else {
													_t30 = _t29 - 0x87;
													if(_t30 == 0) {
													} else {
														if(_t30 == 1) {
															L27:
														} else {
															L32:
														}
													}
												}
											}
										}
									}
								}
								return E0040311C( *((intOrPtr*)(_t32 + 0xc)));
							} else {
								__eax = __ebx;
								__eax =  *__edx();
								__eflags = __eax;
								if(__eax == 0) {
									goto L1;
								} else {
									__edx =  *(__ebx + 0xc);
									goto L40;
								}
							}
						}
					} else {
						__eax =  &_a4;
						__eax = UnhandledExceptionFilter( &_a4);
						__eflags = __eax;
						if(__eax == 0) {
							goto L43;
						} else {
							goto L36;
						}
					}
				}
			}

0x00404c2b
0x00404cba
0x00404cba
0x00404cbc
0x00404c31
0x00404c31
0x00404c38
0x00404c49
0x00404c49
0x00404c4d
0x00404c4e
0x00404c53
0x00404c60
0x00404c66
0x00404c6a
0x00404c70
0x00404c73
0x00404c76
0x00404c95
0x00404c95
0x00404c9a
0x00404ca0
0x00404ca2
0x00404ca4
0x00404ca4
0x00404ca6
0x00404caa
0x00404caf
0x00404cb2
0x004051bc
0x004051b0
0x004051b5
0x004051ba
0x00404c78
0x00404c78
0x00404c7e
0x00404c80
0x00404b80
0x00404b83
0x00404b86
0x00404b88
0x00404b8d
0x00404bbb
0x00404bc0
0x00404bd3
0x00404bd3
0x00404bd8
0x00404bda
0x00404bda
0x00404bdd
0x00000000
0x00404bdf
0x00404bdd
0x00404bc2
0x00404bc2
0x00404bc4
0x00404bc4
0x00404bc4
0x00404bc9
0x00000000
0x00404bcb
0x00404bcb
0x00404bcb
0x00404bcc
0x00404bce
0x00404bce
0x00404bcf
0x00000000
0x00404bd1
0x00404bcf
0x00404bcc
0x00404bc9
0x00404bc2
0x00404b8f
0x00404b8f
0x00404bed
0x00404b91
0x00404b91
0x00404b96
0x00404bb2
0x00404bb5
0x00000000
0x00404bb7
0x00404bb7
0x00000000
0x00404bb9
0x00404bb7
0x00404b98
0x00404b98
0x00404b9a
0x00404b9a
0x00404b9f
0x00404ba1
0x00404ba1
0x00404ba6
0x00404ba8
0x00404ba9
0x00404bf9
0x00404bab
0x00404c0d
0x00404c0d
0x00404ba9
0x00404ba6
0x00404b9f
0x00404b98
0x00404b96
0x00404b8f
0x00404c1b
0x00404c86
0x00404c86
0x00404c88
0x00404c8a
0x00404c8c
0x00000000
0x00404c92
0x00404c92
0x00000000
0x00404c92
0x00404c8c
0x00404c80
0x00404c3a
0x00404c3a
0x00404c3f
0x00404c44
0x00404c47
0x00000000
0x00000000
0x00000000
0x00000000
0x00404c47
0x00404c38

APIs

UnhandledExceptionFilter.KERNEL32(00000006), ref: 00404C3F

Strings

\ A, xrefs: 00404C78
P!A, xrefs: 00404C9A

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID: P!A$\ A
API String ID: 3192549508-3379768250
Opcode ID: 40465d0e78c16ef4045f7ef22523c6181a5f9457741a525cf81e34ca3a341dc5
Instruction ID: 43a7d8734ff0b15bab19693d876828bb040418b7638adb91ee80f7916073c9dc
Opcode Fuzzy Hash: 40465d0e78c16ef4045f7ef22523c6181a5f9457741a525cf81e34ca3a341dc5
Instruction Fuzzy Hash: 4A21A4B43042019BE724DF18C885B2B73A5ABC4314F15C53AE648AB3D5C73CEC44DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00412ED8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51
threadCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00412ED8() {
				signed short _t11;
				void* _t30;

				 *0x508c54 = 0x409;
				 *0x00508C58 = 9;
				 *0x00508C5C = 1;
				_t11 = GetThreadLocale();
				if(_t11 != 0) {
					 *0x508c54 = _t11;
				}
				if(_t11 != 0) {
					 *0x00508C58 = _t11 & 0x3ff;
					 *0x00508C5C = (_t11 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x50295c, 0x412f70, 8 << 2);
				if( *0x502918 <= 4 ||  *0x502914 != 2) {
					 *0x00508C61 = GetSystemMetrics(0x4a) & 0xffffff00 | _t13 != 0x00000000;
				} else {
					 *((char*)(0x508c61)) = 1;
				}
				 *0x00508C60 = 1;
				if(1 != 0) {
					return E00412E7C(_t30);
				}
				return 1;
			}

0x00412ee6
0x00412eec
0x00412ef3
0x00412efa
0x00412f01
0x00412f03
0x00412f03
0x00412f08
0x00412f14
0x00412f1d
0x00412f1d
0x00412f2f
0x00412f38
0x00412f55
0x00412f43
0x00412f43
0x00412f43
0x00412f5a
0x00412f5f
0x00000000
0x00412f67
0x00412f6e

APIs

GetThreadLocale.KERNEL32 ref: 00412EFA
GetSystemMetrics.USER32 ref: 00412F4B

Strings

\)P, xrefs: 00412F25

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: LocaleMetricsSystemThread
String ID: \)P
API String ID: 3035471613-3049963737
Opcode ID: f1529f4f3e982c8e6eb539465a84f6e727f9ce11be0cf3805865be927159e22a
Instruction ID: 50cd9c9b77890bafca8ea87f72a24f18ef828198aef6e3af61819e877b2cc8b6
Opcode Fuzzy Hash: f1529f4f3e982c8e6eb539465a84f6e727f9ce11be0cf3805865be927159e22a
Instruction Fuzzy Hash: 7801D6702042518ADB109E2695853A37BE5AB51315F08C0ABED48CF3D7DABDC8D6D3B9

Uniqueness

Uniqueness Score: -1.00%

Function 0044AAAC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47
timeCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E0044AAAC(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				char _v8;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t28;
				int _t32;
				intOrPtr _t35;

				_push(0);
				_t23 = __eax;
				_push(_t35);
				_push(0x44ab2b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				KillTimer( *(__eax + 0x34), 1);
				_t32 =  *(_t23 + 0x30);
				if(_t32 != 0 &&  *((char*)(_t23 + 0x40)) != 0 &&  *((short*)(_t23 + 0x3a)) != 0 && SetTimer( *(_t23 + 0x34), 1, _t32, 0) == 0) {
					_t18 =  *0x505014; // 0x42e414
					E00408D5C(_t18,  &_v8);
					L00411930(_v8, 1);
					E00404A74();
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(0x44ab32);
				return L00406438( &_v8);
			}

0x0044aaaf
0x0044aab3
0x0044aab7
0x0044aab8
0x0044aabd
0x0044aac0
0x0044aac9
0x0044aace
0x0044aad3
0x0044aaf7
0x0044aafc
0x0044ab0b
0x0044ab10
0x0044ab10
0x0044ab17
0x0044ab1a
0x0044ab1d
0x0044ab2a

APIs

KillTimer.USER32(?,00000001,00000000,0044AB2B,?,?,?,00000000), ref: 0044AAC9
SetTimer.USER32(?,00000001,?,00000000), ref: 0044AAEB

Part of subcall function 00408D5C: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 00408DA1

Strings

8B, xrefs: 0044AB06

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: Timer$KillLoadString
String ID: 8B
API String ID: 1423459280-4165284811
Opcode ID: 0a3234fbc0903c3fb04e2019c515a137aac41003fe305c9b6d742416ca09ee96
Instruction ID: b9c06d8f07b52db84a512ba5dd8922f7f6612851b00a9a57e0db484b0ae24fa4
Opcode Fuzzy Hash: 0a3234fbc0903c3fb04e2019c515a137aac41003fe305c9b6d742416ca09ee96
Instruction Fuzzy Hash: 0401D430350240AFEB21EF61CD86F5A37ADEB08748F5005A6FE00AB2D6D679BC50C65D

Uniqueness

Uniqueness Score: -1.00%

Function 004380F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
threadCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004380F8(LONG* __eax, void* __ecx) {
				intOrPtr* _t2;
				long _t9;
				signed int _t12;
				signed int _t13;
				long _t14;
				LONG* _t15;
				char* _t16;

				_t15 = __eax;
				_t2 =  *0x504f9c; // 0x506058
				 *_t16 =  *_t2 - 1 > 0;
				if( *_t16 == 0) {
					_t13 = _t12 | 0xffffffff;
				} else {
					_t13 = 0xfa0;
				}
				L3:
				_t9 =  *_t15 & 0xfffffffe;
				_t14 = _t9;
				if(InterlockedCompareExchange(_t15, _t14 | 0x00000001, _t14) != _t14) {
					if(_t13 >= 0) {
						asm("pause");
					} else {
						SwitchToThread();
						if( *_t16 == 0) {
							_t13 = 0;
						} else {
							_t13 = 0xfa0;
						}
					}
					_t13 = _t13 - 1;
					goto L3;
				}
				return _t9;
			}

0x004380fd
0x004380ff
0x00438107
0x0043810f
0x00438118
0x00438111
0x00438111
0x00438111
0x0043811b
0x0043811e
0x00438121
0x00438132
0x00438136
0x0043814e
0x00438138
0x00438138
0x00438141
0x0043814a
0x00438143
0x00438143
0x00438143
0x00438141
0x00438150
0x00000000
0x00438150
0x0043815a

APIs

InterlockedCompareExchange.KERNEL32(?), ref: 0043812B
SwitchToThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00438095), ref: 00438138

Strings

X`P, xrefs: 004380FF

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: CompareExchangeInterlockedSwitchThread
String ID: X`P
API String ID: 3384000618-2474155081
Opcode ID: f4ae14c70a5bbde5847d0e2af1d60944898d8ced8394b342272b69a43e0bbee8
Instruction ID: a684994c5c8966657b84c01853d2f82025a43701f920f47f23174a89fcf2eaf0
Opcode Fuzzy Hash: f4ae14c70a5bbde5847d0e2af1d60944898d8ced8394b342272b69a43e0bbee8
Instruction Fuzzy Hash: 97F0FC722097845AEB2115199C41B3AA699DBC6371F35163FF098872D1C92D4C43836A

Uniqueness

Uniqueness Score: -1.00%

Function 00452924, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32
keyboardCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E00452924(void* __eax) {
				signed char _v17;
				signed char _v24;
				signed int _t8;

				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t8 = _v24 & 0x000000ff;
				if(_t8 != 0) {
					if(GetKeyState(0x10) < 0) {
						_t8 = _t8 + 0x2000;
					}
					if(GetKeyState(0x11) < 0) {
						_t8 = _t8 + 0x4000;
					}
					if((_v17 & 0x00000020) != 0) {
						_t8 = _t8 + 0x8000;
					}
				}
				return _t8;
			}

0x0045292f
0x00452930
0x00452931
0x00452932
0x00452933
0x0045293b
0x00452947
0x00452949
0x00452949
0x00452958
0x0045295a
0x0045295a
0x00452964
0x00452966
0x00452966
0x00452964
0x00452973

APIs

GetKeyState.USER32(00000010), ref: 0045293F
GetKeyState.USER32(00000011), ref: 00452950

Strings

, xrefs: 0045295F

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-3916222277
Opcode ID: 7d93798c207586ada7ae01befcddc06c46c426bd79fde4a8b4352762cc2e625d
Instruction ID: e5f2dde1b85970a6f7d963af67b364511ef951f9b4c27a929f10f444735450ec
Opcode Fuzzy Hash: 7d93798c207586ada7ae01befcddc06c46c426bd79fde4a8b4352762cc2e625d
Instruction Fuzzy Hash: CCE022A2700A4602FB11757A1D103EB17D04F537AAF0806AFBEC03A2C3E1DE0E0A90A9

Uniqueness

Uniqueness Score: -1.00%

Function 00480A80, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 62%

			E00480A80(void* __eax, void* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t9;
				void* _t11;
				intOrPtr* _t12;
				void* _t14;
				void* _t15;

				_t14 = __edx;
				_t15 = __eax;
				E00480B10(__eax, __eflags);
				_t12 = E00409620(_t11, _t15, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonCreate");
				if(_t12 == 0) {
					__eflags = 0;
					return 0;
				}
				_t9 =  *_t12(_t15, E004064D4(_t14));
				asm("sbb eax, eax");
				return _t9 + 1;
			}

0x00480a83
0x00480a85
0x00480a89
0x00480aa3
0x00480aa7
0x00480abc
0x00000000
0x00480abc
0x00480ab2
0x00480ab7
0x00000000

APIs

Part of subcall function 00480B10: GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,00480A8E,?,00000001,00000000,004E2A27,-00000010,?,00000004,0000001C,00000000,004E2CF7), ref: 00480B1E

GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonCreate,?,00000001,00000000,004E2A27,-00000010,?,00000004,0000001C,00000000,004E2CF7,?,004B9C20,00000000,004E2D5F), ref: 00480A98

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Strings

user32.dll, xrefs: 00480A93
ShutdownBlockReasonCreate, xrefs: 00480A8E

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: HandleModule$AddressProc
String ID: ShutdownBlockReasonCreate$user32.dll
API String ID: 1883125708-2866557904
Opcode ID: cba206176e321c2248df8f07573990aafbe82fc30c36031109e3db0fced35097
Instruction ID: 79447cd1c673bd27a84cde0503538fed572911d91e3c84c19a2cc8397376a013
Opcode Fuzzy Hash: cba206176e321c2248df8f07573990aafbe82fc30c36031109e3db0fced35097
Instruction Fuzzy Hash: 74E0C2227307203A828572BE0C91E2F008C8EE165D3250C3BF011E2243D9ADCC0A43AD

Uniqueness

Uniqueness Score: -1.00%

Function 00480B10, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00480B10(void* __eax, void* __eflags) {
				void* __ebx;
				void* __esi;
				void* _t7;
				intOrPtr* _t8;
				void* _t9;

				_t9 = __eax;
				_t8 = E00409620(_t7, _t9, GetModuleHandleW(L"user32.dll"), L"ShutdownBlockReasonDestroy");
				if(_t8 == 0) {
					L2:
					return 0;
				} else {
					_push(_t9);
					if( *_t8() != 0) {
						return 1;
					} else {
						goto L2;
					}
				}
			}

0x00480b12
0x00480b29
0x00480b2d
0x00480b36
0x00480b3a
0x00480b2f
0x00480b2f
0x00480b34
0x00480b3f
0x00000000
0x00000000
0x00000000
0x00480b34

APIs

GetModuleHandleW.KERNEL32(user32.dll,ShutdownBlockReasonDestroy,?,00000000,00480A8E,?,00000001,00000000,004E2A27,-00000010,?,00000004,0000001C,00000000,004E2CF7), ref: 00480B1E

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Strings

ShutdownBlockReasonDestroy, xrefs: 00480B14
user32.dll, xrefs: 00480B19

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ShutdownBlockReasonDestroy$user32.dll
API String ID: 1646373207-260599015
Opcode ID: a7eb69d71fc96fd2ddc9f0547160bb4e08446ee1fd4729be9739ec2ba6458bc7
Instruction ID: 2959378bc619908520cc3192cfb0d83b3cedef6012161ff5f635b626915d44a1
Opcode Fuzzy Hash: a7eb69d71fc96fd2ddc9f0547160bb4e08446ee1fd4729be9739ec2ba6458bc7
Instruction Fuzzy Hash: E9D0C77277171226569035FD1CD1E9F41CC4E5029D3250C77F600E2141D65DEC0553AC

Uniqueness

Uniqueness Score: -1.00%

Function 004FE938, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E004FE938(void* __eflags) {
				intOrPtr* _t2;
				void* _t4;
				void* _t5;

				_t2 = E00409620(_t4, _t5, GetModuleHandleW(L"user32.dll"), L"DisableProcessWindowsGhosting");
				if(_t2 != 0) {
					return  *_t2();
				}
				return _t2;
			}

0x004fe948
0x004fe94f
0x00000000
0x004fe951
0x004fe953

APIs

GetModuleHandleW.KERNEL32(user32.dll,DisableProcessWindowsGhosting,005015C1,00000001,00000000,005015E7,?,?,000000EC,00000000), ref: 004FE942

Part of subcall function 00409620: GetProcAddress.KERNEL32(?,?), ref: 00409644

Strings

user32.dll, xrefs: 004FE93D
DisableProcessWindowsGhosting, xrefs: 004FE938

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: DisableProcessWindowsGhosting$user32.dll
API String ID: 1646373207-834958232
Opcode ID: b750718c54b1d66c76d5268335dadb66959e94e7d35c1e60bece79ba6f437278
Instruction ID: f581f122bcf6faacbdd4851cc66fbe71bba6765382ad350e4d823a968a8ec416
Opcode Fuzzy Hash: b750718c54b1d66c76d5268335dadb66959e94e7d35c1e60bece79ba6f437278
Instruction Fuzzy Hash: 5DB092E024030B20E89036B30C02F7E0988098070AB20082B3710E01E6DDEDC801903E

Uniqueness

Uniqueness Score: -1.00%

Function 004B0150, Relevance: 5.0, APIs: 4, Instructions: 45
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004B0150(long __eax, intOrPtr __edx, long _a4, long _a8) {
				intOrPtr _v8;
				long _t5;
				long _t9;
				void* _t10;
				void* _t13;
				void* _t15;
				void* _t16;

				_t5 = __eax;
				_v8 = __edx;
				_t9 = __eax;
				_t15 = _t10 - 1;
				if(_t15 < 0) {
					L10:
					return _t5;
				}
				_t16 = _t15 + 1;
				_t13 = 0;
				while(1) {
					_t19 = _t13 - 1;
					if(_t13 != 1) {
						__eflags = _t13 - 1;
						if(__eflags > 0) {
							Sleep(_a4);
						}
					} else {
						Sleep(_a8);
					}
					_t5 = E004AD13C(_t9, _v8, _t19);
					if(_t5 != 0) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 2) {
						goto L10;
					}
					_t5 = GetLastError();
					if(_t5 == 3) {
						goto L10;
					}
					_t13 = _t13 + 1;
					_t16 = _t16 - 1;
					if(_t16 != 0) {
						continue;
					}
					goto L10;
				}
				goto L10;
			}

0x004b0150
0x004b0157
0x004b015a
0x004b015e
0x004b0161
0x004b01af
0x004b01af
0x004b01af
0x004b0163
0x004b0164
0x004b0166
0x004b0166
0x004b0169
0x004b0176
0x004b0179
0x004b017f
0x004b017f
0x004b016b
0x004b016f
0x004b016f
0x004b0189
0x004b0190
0x00000000
0x00000000
0x004b0192
0x004b019a
0x00000000
0x00000000
0x004b019c
0x004b01a4
0x00000000
0x00000000
0x004b01a6
0x004b01a7
0x004b01a8
0x00000000
0x00000000
0x00000000
0x004b01a8
0x00000000

APIs

Sleep.KERNEL32(?), ref: 004B016F
Sleep.KERNEL32(?), ref: 004B017F
GetLastError.KERNEL32 ref: 004B0192
GetLastError.KERNEL32 ref: 004B019C

Memory Dump Source

Source File: 00000016.00000002.649193739.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000016.00000002.649160080.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650032924.0000000000500000.00000020.00020000.sdmp Download File
Associated: 00000016.00000002.650057369.0000000000502000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650085438.0000000000505000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650100818.0000000000506000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650132116.000000000050A000.00000004.00020000.sdmp Download File
Associated: 00000016.00000002.650159430.000000000050F000.00000008.00020000.sdmp Download File
Associated: 00000016.00000002.650179683.0000000000513000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650217395.000000000051A000.00000002.00020000.sdmp Download File
Associated: 00000016.00000002.650236053.000000000051F000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_400000_video_editor_x64.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: 2a20ea5c357fa76bf68922a9d51dcfae2eb4a350e1347d0b0853438793fad237
Instruction ID: 92681db64e874939f8d1900fd927e10286de231ff93eb9788c8e0b68939e36e1
Opcode Fuzzy Hash: 2a20ea5c357fa76bf68922a9d51dcfae2eb4a350e1347d0b0853438793fad237
Instruction Fuzzy Hash: 2DF05073A01214775B38A59F8D419DFB65DDA4175671002ABF444D7305D93FCD4243BC

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vcredist_x64.exe PID: 6120 Parent PID: 4276 vcredist_x64.exeCOMMON

Executed Functions

Function 00C83BC3, Relevance: 47.6, APIs: 23, Strings: 4, Instructions: 311
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 75%

			E00C83BC3(void* __edx, WCHAR* _a4, unsigned int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1078;
				intOrPtr _v1592;
				intOrPtr _v1594;
				struct _WIN32_FIND_DATAW _v1640;
				signed int _v1644;
				signed int _v1648;
				WCHAR* _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t66;
				signed char _t80;
				void* _t81;
				short _t87;
				void* _t89;
				short _t93;
				signed char _t94;
				int _t95;
				signed short _t97;
				int _t100;
				int _t101;
				signed short _t102;
				signed short _t106;
				int _t108;
				signed short _t112;
				short _t114;
				signed short _t116;
				signed short _t121;
				signed short _t123;
				long _t124;
				WCHAR* _t125;
				signed char _t126;
				void* _t130;
				void* _t132;
				signed int _t160;

				_t130 = __edx;
				_t66 =  *0xcea008; // 0x4c290ae8
				_v8 = _t66 ^ _t160;
				_v1648 = _v1648 | 0xffffffff;
				_v1660 = _a8 & 0x00000001;
				_t125 = _a4;
				_v1656 = _a8 >> 0x00000001 & 0x00000001;
				_v1652 = _t125;
				_t133 = 0;
				_v1664 = _a8 >> 0x00000002 & 0x00000001;
				_v1644 = _v1644 & 0;
				E00CAF670(0x208,  &_v1048, 0, 0x208);
				E00CAF670(0x208,  &_v528, 0, 0x208);
				_t80 = GetFileAttributesW(_t125); // executed
				_t132 = GetLastError;
				_t126 = _t80;
				if(_t126 != 0xffffffff) {
					L4:
					if((_t126 & 0x00000010) == 0) {
						_t133 = 0x8000ffff;
						L54:
						_t81 = _v1648;
						if(_t81 != 0xffffffff) {
							FindClose(_t81);
						}
						L56:
						if(_v1644 != 0) {
							E00CC54EF(_v1644);
						}
						return E00CADE36(_t126, _v8 ^ _t160, _t130, _t132, _t133);
					}
					if((_t126 & 0x00000001) == 0 || SetFileAttributesW(_v1652, 0x80) != 0) {
						if(_v1660 != 0 || _v1656 != 0) {
							_t126 = _v1664;
							if(_t126 == 0 || GetTempPathW(0x104,  &_v1048) != 0) {
								_t87 = E00C82D79(_t127, _v1652, L"*.*",  &_v1644);
								_t133 = _t87;
								if(_t87 < 0) {
									goto L56;
								}
								_t89 = FindFirstFileW(_v1644,  &_v1640); // executed
								_v1648 = _t89;
								if(_t89 != 0xffffffff) {
									while(1) {
										_t130 = 0x2e;
										if(_t130 != _v1640.cFileName) {
											goto L20;
										}
										_t127 = 0;
										if(0 == _v1594 || _t130 == _v1594 && 0 == _v1592) {
											L36:
											_t127 =  &_v1640;
											_t95 = FindNextFileW(_t89,  &_v1640); // executed
											if(_t95 == 0) {
												if(GetLastError() != 0x12) {
													_t97 = GetLastError();
													_t136 =  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000;
													_t98 = 0x80004005;
													_t133 =  >=  ? 0x80004005 :  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t97 : _t97 & 0x0000ffff | 0x80070000);
													_push(0x132);
													goto L39;
												}
												_t133 = 0;
												goto L45;
											}
											_t89 = _v1648;
											continue;
										}
										L20:
										_v1078 = 0;
										_t93 = E00C82D79(_t127, _v1652,  &(_v1640.cFileName),  &_v1644);
										_t133 = _t93;
										if(_t93 < 0) {
											goto L54;
										}
										_t94 = _v1640.dwFileAttributes;
										if(_v1656 == 0 || (_t94 & 0x00000010) == 0) {
											if(_v1660 == 0) {
												goto L35;
											}
											if((_t94 & 0x00000007) == 0 || SetFileAttributesW(_v1644, 0x80) != 0) {
												_t101 = DeleteFileW(_v1644); // executed
												if(_t101 != 0) {
													goto L35;
												}
												if(_t126 == 0) {
													_t102 = GetLastError();
													_t141 =  <=  ? _t102 : _t102 & 0x0000ffff | 0x80070000;
													_t98 = 0x80004005;
													_t133 =  >=  ? 0x80004005 :  <=  ? _t102 : _t102 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t102 : _t102 & 0x0000ffff | 0x80070000);
													_push(0x125);
													goto L39;
												}
												if(GetTempFileNameW( &_v1048, L"DEL", 0,  &_v528) == 0) {
													_t106 = GetLastError();
													_t144 =  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000;
													_t98 = 0x80004005;
													_t133 =  >=  ? 0x80004005 :  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t106 : _t106 & 0x0000ffff | 0x80070000);
													_push(0x115);
													goto L39;
												}
												_t108 = MoveFileExW(_v1644,  &_v528, 1);
												_push(4);
												_push(0);
												if(_t108 == 0) {
													_push(_v1644);
												} else {
													_push( &_v528);
												}
												MoveFileExW();
												goto L35;
											} else {
												_t112 = GetLastError();
												_t148 =  <=  ? _t112 : _t112 & 0x0000ffff | 0x80070000;
												_t98 = 0x80004005;
												_t133 =  >=  ? 0x80004005 :  <=  ? _t112 : _t112 & 0x0000ffff | 0x80070000;
												_push( >=  ? 0x80004005 :  <=  ? _t112 : _t112 & 0x0000ffff | 0x80070000);
												_push(0x10b);
												goto L39;
											}
										} else {
											_t114 = E00C82B2E(_t127, _t132,  &_v1644);
											_t133 = _t114;
											if(_t114 < 0) {
												goto L54;
											}
											E00C83BC3(_t130, _v1644, _a8); // executed
											L35:
											_t89 = _v1648;
											goto L36;
										}
									}
								}
								_t116 = GetLastError();
								_t151 =  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
								_t117 = 0x80004005;
								_t133 =  >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
								_push( >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000);
								_push(0xe7);
							} else {
								_t121 = GetLastError();
								_t154 =  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
								_t117 = 0x80004005;
								_t133 =  >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
								_push( >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000);
								_push(0xdc);
							}
							goto L3;
						} else {
							_t126 = _v1664;
							L45:
							_t100 = RemoveDirectoryW(_v1652); // executed
							if(_t100 != 0) {
								goto L54;
							}
							_t133 =  <=  ? GetLastError() : _t98 & 0x0000ffff | 0x80070000;
							if(_t133 != 0x80070020) {
								L50:
								if(_t133 >= 0) {
									goto L54;
								}
								L51:
								_push(_t133);
								_push(0x141);
								L39:
								_push("dirutil.cpp");
								E00C837D3(_t98);
								goto L54;
							}
							if(_t126 == 0 || MoveFileExW(_v1652, 0, 4) == 0) {
								goto L51;
							} else {
								_t133 = 0;
								goto L50;
							}
						}
					} else {
						_t123 = GetLastError();
						_t157 =  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
						_t117 = 0x80004005;
						_t133 =  >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000);
						_push(0xd1);
						L3:
						_push("dirutil.cpp");
						E00C837D3(_t117);
						goto L56;
					}
				}
				_t124 = GetLastError();
				_t127 = 3;
				_t117 =  ==  ? _t127 : _t124;
				_t133 =  <=  ?  ==  ? _t127 : _t124 : ( ==  ? _t127 : _t124) & 0x0000ffff | 0x80070000;
				if(_t133 >= 0) {
					goto L4;
				}
				_push(_t133);
				_push(0xc8);
				goto L3;
			}

0x00c83bc3
0x00c83bcc
0x00c83bd3
0x00c83bd9
0x00c83be3
0x00c83bf2
0x00c83bf5
0x00c83c0b
0x00c83c11
0x00c83c13
0x00c83c19
0x00c83c28
0x00c83c36
0x00c83c3f
0x00c83c45
0x00c83c4b
0x00c83c50
0x00c83c84
0x00c83c87
0x00c83fd3
0x00c83fd8
0x00c83fd8
0x00c83fe1
0x00c83fe4
0x00c83fe4
0x00c83fea
0x00c83ff1
0x00c83ff9
0x00c83ff9
0x00c84010
0x00c84010
0x00c83c90
0x00c83cd0
0x00c83cdf
0x00c83ce7
0x00c83d36
0x00c83d3b
0x00c83d3f
0x00000000
0x00000000
0x00c83d52
0x00c83d58
0x00c83d61
0x00c83d88
0x00c83d8a
0x00c83d92
0x00000000
0x00000000
0x00c83d94
0x00c83d9d
0x00c83ebc
0x00c83ebc
0x00c83ec4
0x00c83ecc
0x00c83f51
0x00c83fae
0x00c83fbb
0x00c83fbe
0x00c83fc5
0x00c83fc8
0x00c83fc9
0x00000000
0x00c83fc9
0x00c83f53
0x00000000
0x00c83f53
0x00c83ece
0x00000000
0x00c83ece
0x00c83db9
0x00c83dbb
0x00c83dd6
0x00c83ddb
0x00c83ddf
0x00000000
0x00000000
0x00c83dec
0x00c83df2
0x00c83e28
0x00000000
0x00000000
0x00c83e30
0x00c83e51
0x00c83e59
0x00000000
0x00000000
0x00c83e5d
0x00c83f2a
0x00c83f37
0x00c83f3a
0x00c83f41
0x00c83f44
0x00c83f45
0x00000000
0x00c83f45
0x00c83e80
0x00c83f08
0x00c83f15
0x00c83f18
0x00c83f1f
0x00c83f22
0x00c83f23
0x00000000
0x00c83f23
0x00c83e9b
0x00c83e9d
0x00c83e9f
0x00c83ea3
0x00c83eae
0x00c83ea5
0x00c83eab
0x00c83eab
0x00c83eb4
0x00000000
0x00c83ed9
0x00c83ed9
0x00c83ee6
0x00c83ee9
0x00c83ef0
0x00c83ef3
0x00c83ef4
0x00000000
0x00c83ef4
0x00c83df8
0x00c83dff
0x00c83e04
0x00c83e08
0x00000000
0x00000000
0x00c83e17
0x00c83eb6
0x00c83eb6
0x00000000
0x00c83eb6
0x00c83df2
0x00c83d88
0x00c83d63
0x00c83d70
0x00c83d73
0x00c83d7a
0x00c83d7d
0x00c83d7e
0x00c83cff
0x00c83cff
0x00c83d0c
0x00c83d0f
0x00c83d16
0x00c83d19
0x00c83d1a
0x00c83d1a
0x00000000
0x00c83f57
0x00c83f57
0x00c83f5d
0x00c83f63
0x00c83f6b
0x00000000
0x00000000
0x00c83f7a
0x00c83f83
0x00c83f9f
0x00c83fa1
0x00000000
0x00000000
0x00c83fa3
0x00c83fa3
0x00c83fa4
0x00c83ef9
0x00c83ef9
0x00c83efe
0x00000000
0x00c83efe
0x00c83f87
0x00000000
0x00c83f9d
0x00c83f9d
0x00000000
0x00c83f9d
0x00c83f87
0x00c83ca7
0x00c83ca7
0x00c83cb4
0x00c83cb7
0x00c83cbe
0x00c83cc1
0x00c83cc2
0x00c83c75
0x00c83c75
0x00c83c7a
0x00000000
0x00c83c7a
0x00c83c90
0x00c83c52
0x00c83c59
0x00c83c5a
0x00c83c68
0x00c83c6d
0x00000000
0x00000000
0x00c83c6f
0x00c83c70
0x00000000

APIs

GetFileAttributesW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00C83C3F
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83C52
SetFileAttributesW.KERNEL32(?,00000080,?,?,?,00000001,00000000,?), ref: 00C83C9D
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83CA7
GetTempPathW.KERNEL32(00000104,?,?,?,?,00000001,00000000,?), ref: 00C83CF5
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83CFF
FindFirstFileW.KERNELBASE(?,?,?,*.*,?,?,?,?,00000001,00000000,?), ref: 00C83D52
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83D63
SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,00000001,00000000,?), ref: 00C83E3D
DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,00000001,00000000,?), ref: 00C83E51
GetTempFileNameW.KERNEL32(?,DEL,00000000,?,?,?,?,00000001,00000000,?), ref: 00C83E78
MoveFileExW.KERNEL32(?,?,00000001,?,?,?,00000001,00000000,?), ref: 00C83E9B
MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00C83EB4
FindNextFileW.KERNELBASE(000000FF,?,?,?,?,?,?,?,00000001,00000000,?), ref: 00C83EC4
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83ED9
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83F08
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83F2A
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83F4C
RemoveDirectoryW.KERNELBASE(?,?,?,?,00000001,00000000,?), ref: 00C83F63
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83F6D
MoveFileExW.KERNEL32(?,00000000,00000004,?,?,?,00000001,00000000,?), ref: 00C83F93
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00C83FAE
FindClose.KERNEL32(000000FF,?,?,?,00000001,00000000,?), ref: 00C83FE4

Strings

dirutil.cpp, xrefs: 00C83C75, 00C83EF9
DEL, xrefs: 00C83E6C
*.*, xrefs: 00C83D2B
)L, xrefs: 00C83BCC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
String ID: *.*$DEL$dirutil.cpp$)L
API String ID: 1544372074-1195374279
Opcode ID: d35f7d800da337793aa7dc0fa6d147b43e9ff27b859d964695dc492ec0882592
Instruction ID: c7411c50fea70bde6196ee5d84b8fc05234522ce8fb4a391be30ac2401182618
Opcode Fuzzy Hash: d35f7d800da337793aa7dc0fa6d147b43e9ff27b859d964695dc492ec0882592
Instruction Fuzzy Hash: 1EB1CA71E00275AAEB31AAB5CC45FAAB6F5EF44B14F0112A5ED19F7190D7318F80CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C81070, Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 77
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C81070(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char* _v24;
				char* _v28;
				char* _v32;
				char* _v36;
				char* _v40;
				char* _v44;
				WCHAR* _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t24;
				void* _t29;
				void* _t33;
				void* _t35;
				void* _t40;
				intOrPtr _t41;
				void* _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t47;
				signed int _t48;
				void* _t49;
				signed int _t50;

				_t45 = __edx;
				_t42 = __ecx;
				_t24 =  *0xcea008; // 0x4c290ae8
				_v8 = _t24 ^ _t50;
				_t41 = _a4;
				_t46 = _a12;
				_t49 = _t48 | 0xffffffff;
				_v52 = 0;
				_v48 = 0;
				_v44 = L"cabinet.dll";
				_v40 = L"msi.dll";
				_v36 = L"version.dll";
				_v32 = L"wininet.dll";
				_v28 = L"comres.dll";
				_v24 = L"clbcatq.dll";
				_v20 = L"msasn1.dll";
				_v16 = L"crypt32.dll";
				_v12 = L"feclient.dll";
				if(E00C833D7( &_v48, 0) >= 0) {
					_t40 = CreateFileW(_v48, 0x80000000, 5, 0, 3, 0x80, 0); // executed
					_t49 = _t40;
				}
				_t29 = E00C8501B(_t46); // executed
				_t52 = _t29;
				if(_t29 == 0) {
					E00C81174(_t42,  &_v44, 9);
				} else {
					E00C811FB();
				}
				_t33 = E00C8508D(_t42, _t45, _t52, _t41, _t49, _t46, _a16,  &_v52); // executed
				_t47 = _t33;
				if(_t49 != 0xffffffff) {
					FindCloseChangeNotification(_t49); // executed
				}
				if(_v48 != 0) {
					E00CC54EF(_v48);
				}
				_t35 =  <  ? _t47 : _v52;
				return E00CADE36(_t41, _v8 ^ _t50, _t45, _t47, _t49);
			}

0x00c81070
0x00c81070
0x00c81076
0x00c8107d
0x00c81081
0x00c81088
0x00c8108b
0x00c8108f
0x00c81092
0x00c81099
0x00c810a0
0x00c810a7
0x00c810ae
0x00c810b5
0x00c810bc
0x00c810c3
0x00c810ca
0x00c810d1
0x00c810df
0x00c810f6
0x00c810fc
0x00c810fc
0x00c810ff
0x00c81104
0x00c81106
0x00c81115
0x00c81108
0x00c81108
0x00c81108
0x00c81124
0x00c81129
0x00c8112e
0x00c81131
0x00c81131
0x00c8113b
0x00c81140
0x00c81140
0x00c8114d
0x00c8115d

APIs

Part of subcall function 00C833D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00C810DD,?,00000000), ref: 00C833F8

CreateFileW.KERNELBASE(?,80000000,00000005,00000000,00000003,00000080,00000000,?,00000000), ref: 00C810F6

Part of subcall function 00C81174: HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C81185
Part of subcall function 00C81174: GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C81190
Part of subcall function 00C81174: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C8119E
Part of subcall function 00C81174: GetLastError.KERNEL32(?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C811B9
Part of subcall function 00C81174: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C811C1
Part of subcall function 00C81174: GetLastError.KERNEL32(?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C811D6

FindCloseChangeNotification.KERNELBASE(?,?,?,?,00CCB4C0,?,cabinet.dll,00000009,?,?,00000000), ref: 00C81131

Strings

wininet.dll, xrefs: 00C810AE
cabinet.dll, xrefs: 00C81099
feclient.dll, xrefs: 00C810D1
version.dll, xrefs: 00C810A7
msasn1.dll, xrefs: 00C810C3
msi.dll, xrefs: 00C810A0
)L, xrefs: 00C81076
comres.dll, xrefs: 00C810B5
crypt32.dll, xrefs: 00C810CA
clbcatq.dll, xrefs: 00C810BC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AddressErrorFileLastModuleProc$ChangeCloseCreateFindHandleHeapInformationNameNotification
String ID: cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msasn1.dll$msi.dll$version.dll$wininet.dll$)L
API String ID: 2670336470-3293330388
Opcode ID: 2db4e631f68094acd0f40f80185312c9e9cb62bf28f3ffe2886790e39f7b80eb
Instruction ID: 31214bcdab49fc8f00ee004d0080a577595bc9cfb55c4d4a92ab1789bf4fb923
Opcode Fuzzy Hash: 2db4e631f68094acd0f40f80185312c9e9cb62bf28f3ffe2886790e39f7b80eb
Instruction Fuzzy Hash: E52182B1900208AACB00EFE5CC4AFEEBBFCAF04315F104118E921B7291D7709905DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C99EB7, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00C99EB7(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _t12;
				void* _t13;
				void* _t27;

				_v8 = 0;
				_t12 = E00C980AE(__edx, _a4,  &_v8); // executed
				if(_t12 >= 0) {
					_t13 = E00C84013(_v8, 0); // executed
					_t27 = _t13;
					if(_t27 >= 0) {
						__imp__DecryptFileW(_v8, 0); // executed
						if(_a8 != 0) {
							_t27 = E00C821A5(_a8, _v8, 0);
							if(_t27 < 0) {
								_push("Failed to copy working folder.");
								goto L7;
							}
						}
					} else {
						_push("Failed create working folder.");
						goto L7;
					}
				} else {
					_push("Failed to calculate working folder to ensure it exists.");
					L7:
					_push(_t27);
					E00CC012F();
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t27;
			}

0x00c99ec6
0x00c99ec9
0x00c99ed2
0x00c99edf
0x00c99ee4
0x00c99ee8
0x00c99ef5
0x00c99efe
0x00c99f0c
0x00c99f10
0x00c99f12
0x00000000
0x00c99f12
0x00c99f10
0x00c99eea
0x00c99eea
0x00000000
0x00c99eea
0x00c99ed4
0x00c99ed4
0x00c99f17
0x00c99f17
0x00c99f18
0x00c99f1e
0x00c99f22
0x00c99f27
0x00c99f27
0x00c99f33

Strings

Failed create working folder., xrefs: 00C99EEA
Failed to copy working folder., xrefs: 00C99F12
Failed to calculate working folder to ensure it exists., xrefs: 00C99ED4

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CurrentDirectoryErrorLastProcessWindows
String ID: Failed create working folder.$Failed to calculate working folder to ensure it exists.$Failed to copy working folder.
API String ID: 3841436932-2072961686
Opcode ID: 161c9ba7d6b28435ee9324d11deaabd8a18e92bcc3782a68280ac2611081c378
Instruction ID: 9f654778de12b5031481233e1011e4231936ec9ac4f1229d784b461b2d72f3fa
Opcode Fuzzy Hash: 161c9ba7d6b28435ee9324d11deaabd8a18e92bcc3782a68280ac2611081c378
Instruction Fuzzy Hash: 3F018832D04529F78F32AB99CC0ED6FBA79DF80720B10416AF904A6211DB719F50F6D0

Uniqueness

Uniqueness Score: -1.00%

Function 00CB4812, Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00CB4812(int _a4) {
				void* _t14;
				void* _t15;
				void* _t17;
				void* _t18;
				void* _t19;

				if(E00CB8A73(_t14, _t15, _t17, _t18, _t19) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00CB4897(_t15, _a4);
				ExitProcess(_a4);
			}

0x00cb481e
0x00cb483a
0x00cb483a
0x00cb4843
0x00cb484c

APIs

GetCurrentProcess.KERNEL32(00000000,?,00CB47E8,00000000,00CE7CF8,0000000C,00CB493F,00000000,00000002,00000000), ref: 00CB4833
TerminateProcess.KERNEL32(00000000,?,00CB47E8,00000000,00CE7CF8,0000000C,00CB493F,00000000,00000002,00000000), ref: 00CB483A
ExitProcess.KERNEL32 ref: 00CB484C

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 5c9b51023514d7e221580883c63b898745a084cd012e9d3445a03b02b9749c9b
Instruction ID: 339111b3322ccb401e8a83f3ef4d3e07d8404b0bc0a8d9f8da9a03b435caff2f
Opcode Fuzzy Hash: 5c9b51023514d7e221580883c63b898745a084cd012e9d3445a03b02b9749c9b
Instruction Fuzzy Hash: 78E0B631404688AFCF156FA5DD0AF9E3F69FB41341F450064F8158B172CB36ED42EA84

Uniqueness

Uniqueness Score: -1.00%

Function 00C838D4, Relevance: 3.0, APIs: 2, Instructions: 13
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 58%

			E00C838D4(long _a4, signed int _a8) {
				void* _t7;

				asm("sbb eax, eax");
				_t7 = RtlAllocateHeap(GetProcessHeap(),  ~_a8 & 0x00000008, _a4); // executed
				return _t7;
			}

0x00c838df
0x00c838ec
0x00c838f3

APIs

GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 369a353741b110cf8668ff8d07db690d3dcfe1a96cf3b56c8d621805540e9d9f
Instruction ID: cd1c9a9ccd4a8e2e376e2e82f698ddc8c91841fd25ec74263d5a5d8943377b91
Opcode Fuzzy Hash: 369a353741b110cf8668ff8d07db690d3dcfe1a96cf3b56c8d621805540e9d9f
Instruction Fuzzy Hash: 2DC01232190208A78B005FF5DD0EE5D779CA714602B048400F505C3110C73CE4149B60

Uniqueness

Uniqueness Score: -1.00%

Function 00CAE773, Relevance: 1.5, APIs: 1, Instructions: 3
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CAE773() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00CAE77F); // executed
				return _t1;
			}

0x00cae778
0x00cae77e

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_0002E77F,00CADEF8), ref: 00CAE778

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 02210bf07a4c12a6cf8db3dcf7242deba987feae92b5733c42c2e9d343cb6f68
Instruction ID: efa52f7866f4644699b863deba85faa74caeaa881a0ccd00c7c0c794a5a7a567
Opcode Fuzzy Hash: 02210bf07a4c12a6cf8db3dcf7242deba987feae92b5733c42c2e9d343cb6f68
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00C8DE25, Relevance: 124.9, APIs: 11, Strings: 60, Instructions: 646
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E00C8DE25(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				short** _v40;
				intOrPtr* _t208;
				intOrPtr* _t213;
				intOrPtr _t223;
				signed int _t224;
				int _t235;
				signed int _t238;
				signed int _t254;
				int _t262;
				signed int _t268;
				intOrPtr _t271;
				intOrPtr _t275;
				signed int _t279;
				intOrPtr _t280;
				signed int _t290;
				intOrPtr _t302;
				signed int _t303;
				intOrPtr* _t318;
				short** _t320;
				intOrPtr* _t322;
				intOrPtr* _t324;
				intOrPtr* _t325;
				signed int _t328;
				signed int _t329;
				intOrPtr* _t330;
				signed int _t336;
				void* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				short** _t358;
				void* _t360;

				_v20 = _v20 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_t351 = E00CC3803(_a12, L"RollbackBoundary",  &_v20);
				if(_t351 >= 0) {
					_t208 = _v20;
					_t321 =  *_t208;
					_t351 =  *((intOrPtr*)( *_t208 + 0x20))(_t208,  &_v24);
					if(_t351 >= 0) {
						_t210 = _v24;
						_push(__ebx);
						_t318 = _a4;
						if(_v24 == 0) {
							L17:
							_t322 = _v20;
							if(_t322 != 0) {
								 *((intOrPtr*)( *_t322 + 8))(_t322);
								_v20 = _v20 & 0x00000000;
							}
							if(E00CC3803(_a12, L"Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage",  &_v20) >= 0) {
								_t213 = _v20;
								_t340 =  &_v24;
								_push( &_v24);
								_push(_t213);
								if( *((intOrPtr*)( *_t213 + 0x20))() >= 0) {
									_t215 = _v24;
									if(_v24 == 0) {
										L123:
										_t351 = 0;
										goto L124;
									}
									_t223 = E00C838D4(_t215 * 0xe0, 1);
									 *((intOrPtr*)(_t318 + 8)) = _t223;
									if(_t223 != 0) {
										_t224 = _v24;
										_v32 = _v32 & 0x00000000;
										 *((intOrPtr*)(_t318 + 0xc)) = _t224;
										if(_t224 == 0) {
											L106:
											_t351 = E00C8D87E(_t318, _a12);
											if(_t351 >= 0) {
												goto L123;
											}
											_push("Failed to parse target product codes.");
											goto L108;
										}
										_t328 = 0;
										_v36 = 0;
										while(1) {
											_t346 =  *((intOrPtr*)(_t318 + 8)) + _t328;
											_t351 = E00CC3760(_t328, _v20,  &_v8,  &_v12);
											if(_t351 < 0) {
												break;
											}
											_t351 = E00CC31C7(_v8, L"Id", _t346);
											if(_t351 < 0) {
												L121:
												_push("Failed to get @Id.");
												goto L108;
											}
											_t351 = E00CC31C7(_v8, L"Cache",  &_v16);
											if(_t351 < 0) {
												_push("Failed to get @Cache.");
												goto L108;
											}
											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
												if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
													_t235 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"always", 0xffffffff);
													_t328 = 2;
													if(_t235 != _t328) {
														_push(_v16);
														_t351 = 0x8000ffff;
														_push("Invalid cache type: %ls");
														L119:
														_push(_t351);
														E00CC012F();
														goto L124;
													}
													 *(_t346 + 0x20) = _t328;
													L37:
													_t238 = E00CC31C7(_v8, L"CacheId", _t346 + 0x24); // executed
													_t351 = _t238;
													if(_t351 < 0) {
														_push("Failed to get @CacheId.");
														goto L108;
													}
													_t351 = E00CC329B(_v8, L"Size", _t346 + 0x30);
													if(_t351 < 0) {
														_push("Failed to get @Size.");
														goto L108;
													}
													_t351 = E00CC329B(_v8, L"InstallSize", _t346 + 0x28);
													if(_t351 < 0) {
														_push("Failed to get @InstallSize.");
														goto L108;
													}
													_t351 = E00CC33DB(_t328, _v8, L"PerMachine", _t346 + 0x14);
													if(_t351 < 0) {
														_push("Failed to get @PerMachine.");
														goto L108;
													}
													_t351 = E00CC33DB(_t328, _v8, L"Permanent", _t346 + 0x18);
													if(_t351 < 0) {
														_push("Failed to get @Permanent.");
														goto L108;
													}
													 *(_t346 + 0x18) = 0 |  *(_t346 + 0x18) == 0x00000000;
													_t351 = E00CC33DB(_t328, _v8, L"Vital", _t346 + 0x1c);
													if(_t351 < 0) {
														L112:
														_push("Failed to get @Vital.");
														goto L108;
													}
													_t351 = E00CC31C7(_v8, L"LogPathVariable", _t346 + 4);
													if(_t351 == 0x80070490 || _t351 >= 0) {
														_t254 = E00CC31C7(_v8, L"RollbackLogPathVariable", _t346 + 8); // executed
														_t351 = _t254;
														if(_t351 == 0x80070490 || _t351 >= 0) {
															_t351 = E00CC31C7(_v8, L"InstallCondition", _t346 + 0xc);
															if(_t351 == 0x80070490 || _t351 >= 0) {
																_t351 = E00CC31C7(_v8, L"RollbackBoundaryForward",  &_v16);
																if(_t351 == 0x80070490) {
																	L52:
																	_t351 = E00CC31C7(_v8, L"RollbackBoundaryBackward",  &_v16);
																	if(_t351 == 0x80070490) {
																		L55:
																		if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"ExePackage", 0xffffffff) != 2) {
																			_t262 = CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsiPackage", 0xffffffff);
																			_t329 = 2;
																			if(_t262 != _t329) {
																				if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MspPackage", 0xffffffff) != 2) {
																					if(CompareStringW(0x7f, 0, _v12, 0xffffffff, L"MsuPackage", 0xffffffff) != 2) {
																						L66:
																						_t351 = E00C8D9EE(_t318, _t346, _a8, _v8);
																						if(_t351 < 0) {
																							_push("Failed to parse payload references.");
																							goto L108;
																						}
																						_t351 = E00CA7CD9(_t346, _v8);
																						if(_t351 < 0) {
																							_push("Failed to parse dependency providers.");
																							goto L108;
																						}
																						_t330 = _v8;
																						if(_t330 != 0) {
																							 *((intOrPtr*)( *_t330 + 8))(_t330);
																							_v8 = _v8 & 0x00000000;
																						}
																						if(_v12 != 0) {
																							__imp__#6(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t268 = _v32 + 1;
																						_t328 = _v36 + 0xe0;
																						_v32 = _t268;
																						_v36 = _t328;
																						if(_t268 < _v24) {
																							continue;
																						} else {
																							_t356 = _v28;
																							if(_v28 == 0) {
																								goto L106;
																							}
																							_t271 = E00C838D4(_t356 << 4, 1);
																							 *((intOrPtr*)(_t318 + 0x20)) = _t271;
																							if(_t271 != 0) {
																								 *((intOrPtr*)(_t318 + 0x24)) = E00C838D4(_t356 << 2, 1);
																								if( *((intOrPtr*)(_t318 + 0x20)) != 0) {
																									_t275 = 0;
																									_a8 = 0;
																									if( *((intOrPtr*)(_t318 + 0xc)) <= 0) {
																										goto L106;
																									}
																									_t347 = 0;
																									_v28 = 0;
																									do {
																										_t358 =  *((intOrPtr*)(_t318 + 8)) + _t347;
																										_v40 = _t358;
																										if( *((intOrPtr*)(_t358 + 0x8c)) != 3) {
																											goto L105;
																										}
																										 *((intOrPtr*)( *((intOrPtr*)(_t318 + 0x20)) + ( *(_t318 + 0x28) +  *(_t318 + 0x28)) * 8)) =  *((intOrPtr*)(_t358 + 0x94));
																										 *((intOrPtr*)( *((intOrPtr*)(_t318 + 0x20)) + 4 + ( *(_t318 + 0x28) +  *(_t318 + 0x28)) * 8)) = 2;
																										 *((intOrPtr*)( *((intOrPtr*)(_t318 + 0x24)) +  *(_t318 + 0x28) * 4)) = _t358;
																										_t336 = 0;
																										 *(_t318 + 0x28) =  *(_t318 + 0x28) + 1;
																										_v36 = 0;
																										if( *((intOrPtr*)(_t318 + 0xc)) <= 0) {
																											L104:
																											_t275 = _a8;
																											goto L105;
																										}
																										_t279 = 0;
																										_v32 = 0;
																										do {
																											_t360 =  *((intOrPtr*)(_t318 + 8)) + _t279;
																											if( *((intOrPtr*)(_t360 + 0x8c)) != 2) {
																												goto L102;
																											}
																											_t348 = 0;
																											if( *((intOrPtr*)(_t360 + 0xd4)) <= 0) {
																												goto L102;
																											}
																											_t320 = _v40;
																											do {
																												_t280 =  *((intOrPtr*)(_t360 + 0xd0));
																												if( *(_t280 + _t348 * 4) != 0 && CompareStringW(0x7f, 0,  *_t320, 0xffffffff,  *(_t280 + _t348 * 4), 0xffffffff) == 2) {
																													 *( *((intOrPtr*)(_t360 + 0xcc)) + _t348 * 4) = _t320;
																													_t283 =  *((intOrPtr*)(_t360 + 0xd0));
																													if( *( *((intOrPtr*)(_t360 + 0xd0)) + _t348 * 4) != 0) {
																														E00CC54EF( *((intOrPtr*)(_t283 + _t348 * 4)));
																														 *( *((intOrPtr*)(_t360 + 0xd0)) + _t348 * 4) =  *( *((intOrPtr*)(_t360 + 0xd0)) + _t348 * 4) & 0x00000000;
																													}
																												}
																												_t348 = _t348 + 1;
																											} while (_t348 <  *((intOrPtr*)(_t360 + 0xd4)));
																											_t318 = _a4;
																											_t279 = _v32;
																											_t336 = _v36;
																											L102:
																											_t336 = _t336 + 1;
																											_t279 = _t279 + 0xe0;
																											_v36 = _t336;
																											_v32 = _t279;
																										} while (_t336 <  *((intOrPtr*)(_t318 + 0xc)));
																										_t347 = _v28;
																										goto L104;
																										L105:
																										_t275 = _t275 + 1;
																										_t347 = _t347 + 0xe0;
																										_a8 = _t275;
																										_v28 = _t347;
																									} while (_t275 <  *((intOrPtr*)(_t318 + 0xc)));
																									goto L106;
																								}
																								_t349 = 0x8007000e;
																								_t351 = 0x8007000e;
																								E00C837D3(_t274, "package.cpp", 0x100, 0x8007000e);
																								_push("Failed to allocate memory for patch sequence information to package lookup.");
																								L87:
																								_push(_t349);
																								goto L109;
																							}
																							_t349 = 0x8007000e;
																							_t351 = 0x8007000e;
																							E00C837D3(_t271, "package.cpp", 0xfd, 0x8007000e);
																							_push("Failed to allocate memory for MSP patch sequence information.");
																							goto L87;
																						}
																					}
																					 *(_t346 + 0x8c) = 4;
																					_t290 = E00CA6F47(_v8, _t346); // executed
																					_t351 = _t290;
																					if(_t351 < 0) {
																						_push("Failed to parse MSU package.");
																						goto L108;
																					}
																					goto L66;
																				}
																				 *(_t346 + 0x8c) = 3;
																				_t351 = E00CA643A(_t318, _v8, _t346);
																				if(_t351 < 0) {
																					_push("Failed to parse MSP package.");
																					goto L108;
																				}
																				_v28 = _v28 + 1;
																				goto L66;
																			}
																			 *(_t346 + 0x8c) = _t329;
																			_t351 = E00CA4888(_t340, _v8, _t346);
																			if(_t351 >= 0) {
																				goto L66;
																			}
																			_push("Failed to parse MSI package.");
																			goto L108;
																		}
																		 *(_t346 + 0x8c) = 1;
																		_t351 = E00CA25AF(_t328, _v8, _t346);
																		if(_t351 >= 0) {
																			goto L66;
																		}
																		_push("Failed to parse EXE package.");
																		goto L108;
																	}
																	if(_t351 < 0) {
																		_push("Failed to get @RollbackBoundaryBackward.");
																		goto L108;
																	}
																	_t351 = E00C8D82F(_t318, _v16, _t346 + 0x3c);
																	if(_t351 < 0) {
																		_push(_v16);
																		_push("Failed to find backward transaction boundary: %ls");
																		goto L119;
																	}
																	goto L55;
																}
																if(_t351 < 0) {
																	_push("Failed to get @RollbackBoundaryForward.");
																	goto L108;
																}
																_t351 = E00C8D82F(_t318, _v16, _t346 + 0x38);
																if(_t351 < 0) {
																	_push(_v16);
																	_push("Failed to find forward transaction boundary: %ls");
																	goto L119;
																}
																goto L52;
															} else {
																_push("Failed to get @InstallCondition.");
																goto L108;
															}
														} else {
															_push("Failed to get @RollbackLogPathVariable.");
															goto L108;
														}
													} else {
														_push("Failed to get @LogPathVariable.");
														goto L108;
													}
												}
												 *(_t346 + 0x20) = 1;
												goto L37;
											}
											 *(_t346 + 0x20) =  *(_t346 + 0x20) & 0x00000000;
											goto L37;
										}
										L122:
										_push("Failed to get next node.");
										goto L108;
									}
									_t349 = 0x8007000e;
									_t351 = 0x8007000e;
									E00C837D3(_t223, "package.cpp", 0x5f, 0x8007000e);
									_push("Failed to allocate memory for package structs.");
									goto L87;
								}
								_push("Failed to get package node count.");
								goto L108;
							} else {
								_push("Failed to select package nodes.");
								L108:
								_push(_t351);
								L109:
								E00CC012F();
								L124:
								L125:
								_t324 = _v20;
								if(_t324 != 0) {
									 *((intOrPtr*)( *_t324 + 8))(_t324);
								}
								_t325 = _v8;
								if(_t325 != 0) {
									 *((intOrPtr*)( *_t325 + 8))(_t325);
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
								}
								if(_v16 != 0) {
									E00CC54EF(_v16);
								}
								return _t351;
							}
						}
						_t302 = E00C838D4(_t210 << 3, 1);
						 *_t318 = _t302;
						if(_t302 != 0) {
							_t303 = _v24;
							_t350 = 0;
							 *((intOrPtr*)(_t318 + 4)) = _t303;
							if(_t303 == 0) {
								goto L17;
							} else {
								goto L9;
							}
							while(1) {
								L9:
								_v32 =  *_t318 + _t350 * 8;
								_t351 = E00CC3760(_t321, _v20,  &_v8,  &_v12);
								if(_t351 < 0) {
									goto L122;
								}
								_t351 = E00CC31C7(_v8, L"Id", _v32);
								if(_t351 < 0) {
									goto L121;
								}
								_t351 = E00CC33DB(_t321, _v8, L"Vital", _v32 + 4);
								if(_t351 < 0) {
									goto L112;
								}
								_t321 = _v8;
								if(_t321 != 0) {
									 *((intOrPtr*)( *_t321 + 8))(_t321);
									_v8 = _v8 & 0x00000000;
								}
								if(_v12 != 0) {
									__imp__#6(_v12);
									_v12 = _v12 & 0x00000000;
								}
								_t350 = _t350 + 1;
								if(_t350 < _v24) {
									continue;
								} else {
									goto L17;
								}
							}
							goto L122;
						}
						_t349 = 0x8007000e;
						_t351 = 0x8007000e;
						E00C837D3(_t302, "package.cpp", 0x34, 0x8007000e);
						_push("Failed to allocate memory for rollback boundary structs.");
						goto L87;
					}
					_push("Failed to get rollback bundary node count.");
					L2:
					_push(_t351);
					E00CC012F();
					goto L125;
				}
				_push("Failed to select rollback boundary nodes.");
				goto L2;
			}

0x00c8de2b
0x00c8de32
0x00c8de36
0x00c8de3a
0x00c8de3e
0x00c8de42
0x00c8de55
0x00c8de59
0x00c8de6d
0x00c8de75
0x00c8de7a
0x00c8de7e
0x00c8de87
0x00c8de8a
0x00c8de8b
0x00c8de91
0x00c8df5e
0x00c8df5e
0x00c8df63
0x00c8df68
0x00c8df6b
0x00c8df6b
0x00c8df84
0x00c8df90
0x00c8df93
0x00c8df96
0x00c8df97
0x00c8dfa1
0x00c8dfad
0x00c8dfb2
0x00c8e603
0x00c8e603
0x00000000
0x00c8e603
0x00c8dfc1
0x00c8dfc6
0x00c8dfcb
0x00c8dfeb
0x00c8dfee
0x00c8dff2
0x00c8dff7
0x00c8e580
0x00c8e589
0x00c8e58d
0x00000000
0x00000000
0x00c8e58f
0x00000000
0x00c8e58f
0x00c8dffd
0x00c8dfff
0x00c8e002
0x00c8e00c
0x00c8e017
0x00c8e01b
0x00000000
0x00000000
0x00c8e02f
0x00c8e033
0x00c8e5f5
0x00c8e5f5
0x00000000
0x00c8e5f5
0x00c8e04a
0x00c8e04e
0x00c8e5ee
0x00000000
0x00c8e5ee
0x00c8e06f
0x00c8e08c
0x00c8e0a7
0x00c8e0ab
0x00c8e0ae
0x00c8e5d6
0x00c8e5d9
0x00c8e5de
0x00c8e5e3
0x00c8e5e3
0x00c8e5e4
0x00000000
0x00c8e5e9
0x00c8e0b4
0x00c8e0b7
0x00c8e0c3
0x00c8e0c8
0x00c8e0cc
0x00c8e5cf
0x00000000
0x00c8e5cf
0x00c8e0e3
0x00c8e0e7
0x00c8e5c8
0x00000000
0x00c8e5c8
0x00c8e0fe
0x00c8e102
0x00c8e5c1
0x00000000
0x00c8e5c1
0x00c8e119
0x00c8e11d
0x00c8e5ba
0x00000000
0x00c8e5ba
0x00c8e134
0x00c8e138
0x00c8e5b3
0x00000000
0x00c8e5b3
0x00c8e146
0x00c8e15a
0x00c8e15e
0x00c8e5ac
0x00c8e5ac
0x00000000
0x00c8e5ac
0x00c8e175
0x00c8e17d
0x00c8e193
0x00c8e198
0x00c8e1a0
0x00c8e1bb
0x00c8e1c3
0x00c8e1de
0x00c8e1e6
0x00c8e207
0x00c8e218
0x00c8e220
0x00c8e241
0x00c8e25c
0x00c8e295
0x00c8e299
0x00c8e29c
0x00c8e2d2
0x00c8e30b
0x00c8e32a
0x00c8e336
0x00c8e33a
0x00c8e5a5
0x00000000
0x00c8e5a5
0x00c8e349
0x00c8e34d
0x00c8e59e
0x00000000
0x00c8e59e
0x00c8e353
0x00c8e358
0x00c8e35d
0x00c8e360
0x00c8e360
0x00c8e368
0x00c8e36d
0x00c8e373
0x00c8e373
0x00c8e37d
0x00c8e37e
0x00c8e384
0x00c8e387
0x00c8e38d
0x00000000
0x00c8e393
0x00c8e393
0x00c8e398
0x00000000
0x00000000
0x00c8e3a6
0x00c8e3ab
0x00c8e3b0
0x00c8e448
0x00c8e44b
0x00c8e46f
0x00c8e471
0x00c8e477
0x00000000
0x00000000
0x00c8e47d
0x00c8e47f
0x00c8e482
0x00c8e485
0x00c8e487
0x00c8e491
0x00000000
0x00000000
0x00c8e4a5
0x00c8e4b0
0x00c8e4be
0x00c8e4c1
0x00c8e4c3
0x00c8e4c6
0x00c8e4cc
0x00c8e567
0x00c8e567
0x00000000
0x00c8e567
0x00c8e4d2
0x00c8e4d4
0x00c8e4d7
0x00c8e4da
0x00c8e4e3
0x00000000
0x00000000
0x00c8e4e5
0x00c8e4ed
0x00000000
0x00000000
0x00c8e4ef
0x00c8e4f2
0x00c8e4f2
0x00c8e4fc
0x00c8e51c
0x00c8e51f
0x00c8e529
0x00c8e52e
0x00c8e539
0x00c8e539
0x00c8e529
0x00c8e53d
0x00c8e53e
0x00c8e546
0x00c8e549
0x00c8e54c
0x00c8e54f
0x00c8e54f
0x00c8e550
0x00c8e555
0x00c8e558
0x00c8e55b
0x00c8e564
0x00000000
0x00c8e56a
0x00c8e56a
0x00c8e56b
0x00c8e571
0x00c8e574
0x00c8e577
0x00000000
0x00c8e482
0x00c8e44d
0x00c8e45d
0x00c8e45f
0x00c8e464
0x00c8e469
0x00c8e469
0x00000000
0x00c8e469
0x00c8e3b6
0x00c8e3c6
0x00c8e3c8
0x00c8e3cd
0x00000000
0x00c8e3cd
0x00c8e38d
0x00c8e30e
0x00c8e31b
0x00c8e320
0x00c8e324
0x00c8e42d
0x00000000
0x00c8e42d
0x00000000
0x00c8e324
0x00c8e2d5
0x00c8e2e7
0x00c8e2eb
0x00c8e423
0x00000000
0x00c8e423
0x00c8e2f1
0x00000000
0x00c8e2f1
0x00c8e29f
0x00c8e2ad
0x00c8e2b1
0x00000000
0x00000000
0x00c8e2b3
0x00000000
0x00c8e2b3
0x00c8e25f
0x00c8e271
0x00c8e275
0x00000000
0x00000000
0x00c8e27b
0x00000000
0x00c8e27b
0x00c8e224
0x00c8e419
0x00000000
0x00c8e419
0x00c8e237
0x00c8e23b
0x00c8e40c
0x00c8e40f
0x00000000
0x00c8e40f
0x00000000
0x00c8e23b
0x00c8e1ea
0x00c8e402
0x00000000
0x00c8e402
0x00c8e1fd
0x00c8e201
0x00c8e3f5
0x00c8e3f8
0x00000000
0x00c8e3f8
0x00000000
0x00c8e3eb
0x00c8e3eb
0x00000000
0x00c8e3eb
0x00c8e3e1
0x00c8e3e1
0x00000000
0x00c8e3e1
0x00c8e3d7
0x00c8e3d7
0x00000000
0x00c8e3d7
0x00c8e17d
0x00c8e08e
0x00000000
0x00c8e08e
0x00c8e071
0x00000000
0x00c8e071
0x00c8e5fc
0x00c8e5fc
0x00000000
0x00c8e5fc
0x00c8dfcd
0x00c8dfda
0x00c8dfdc
0x00c8dfe1
0x00000000
0x00c8dfe1
0x00c8dfa3
0x00000000
0x00c8df86
0x00c8df86
0x00c8e594
0x00c8e594
0x00c8e595
0x00c8e595
0x00c8e605
0x00c8e607
0x00c8e607
0x00c8e60c
0x00c8e611
0x00c8e611
0x00c8e614
0x00c8e619
0x00c8e61e
0x00c8e61e
0x00c8e625
0x00c8e62a
0x00c8e62a
0x00c8e634
0x00c8e639
0x00c8e639
0x00c8e644
0x00c8e644
0x00c8df84
0x00c8de9d
0x00c8dea2
0x00c8dea6
0x00c8dec6
0x00c8dec9
0x00c8decb
0x00c8ded0
0x00000000
0x00000000
0x00000000
0x00000000
0x00c8ded6
0x00c8ded6
0x00c8dedb
0x00c8deee
0x00c8def2
0x00000000
0x00000000
0x00c8df08
0x00c8df0c
0x00000000
0x00000000
0x00c8df26
0x00c8df2a
0x00000000
0x00000000
0x00c8df30
0x00c8df35
0x00c8df3a
0x00c8df3d
0x00c8df3d
0x00c8df45
0x00c8df4a
0x00c8df50
0x00c8df50
0x00c8df54
0x00c8df58
0x00000000
0x00000000
0x00000000
0x00000000
0x00c8df58
0x00000000
0x00c8ded6
0x00c8dea8
0x00c8deb5
0x00c8deb7
0x00c8debc
0x00000000
0x00c8debc
0x00c8de80
0x00c8de60
0x00c8de60
0x00c8de61
0x00000000
0x00c8de67
0x00c8de5b
0x00000000

APIs

SysFreeString.OLEAUT32(00000000), ref: 00C8DF4A
SysFreeString.OLEAUT32(00000000), ref: 00C8E62A

Part of subcall function 00C838D4: GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
Part of subcall function 00C838D4: RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

Strings

Failed to get package node count., xrefs: 00C8DFA3
Failed to select package nodes., xrefs: 00C8DF86
Invalid cache type: %ls, xrefs: 00C8E5DE
ExePackage, xrefs: 00C8E249
Permanent, xrefs: 00C8E127
Failed to parse MSP package., xrefs: 00C8E423
Failed to parse dependency providers., xrefs: 00C8E59E
crypt32.dll, xrefs: 00C8E1AD
MsuPackage, xrefs: 00C8E2F8
RollbackBoundary, xrefs: 00C8DE48
Failed to get rollback bundary node count., xrefs: 00C8DE80
Failed to get @RollbackBoundaryBackward., xrefs: 00C8E419
Vital, xrefs: 00C8DF19, 00C8E14D
CacheId, xrefs: 00C8E0BB
Failed to get @InstallCondition., xrefs: 00C8E3EB
comres.dll, xrefs: 00C8E126
RollbackBoundaryBackward, xrefs: 00C8E20B
RollbackBoundaryForward, xrefs: 00C8E1D1
Failed to get @RollbackBoundaryForward., xrefs: 00C8E402
Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage, xrefs: 00C8DF73
LogPathVariable, xrefs: 00C8E168
Failed to find backward transaction boundary: %ls, xrefs: 00C8E40F
package.cpp, xrefs: 00C8DEB0, 00C8DFD5, 00C8E3C1, 00C8E458
Failed to get @RollbackLogPathVariable., xrefs: 00C8E3E1
Failed to allocate memory for rollback boundary structs., xrefs: 00C8DEBC
feclient.dll, xrefs: 00C8E18A
Failed to parse MSU package., xrefs: 00C8E42D
msi.dll, xrefs: 00C8E0BA
MspPackage, xrefs: 00C8E2BF
Failed to get @CacheId., xrefs: 00C8E5CF
yes, xrefs: 00C8E079
Failed to get @Size., xrefs: 00C8E5C8
PerMachine, xrefs: 00C8E10C
Failed to get @InstallSize., xrefs: 00C8E5C1
always, xrefs: 00C8E099
wininet.dll, xrefs: 00C8E14C
Failed to parse EXE package., xrefs: 00C8E27B
Failed to get @LogPathVariable., xrefs: 00C8E3D7
Failed to parse payload references., xrefs: 00C8E5A5
Failed to parse MSI package., xrefs: 00C8E2B3
Failed to get @Permanent., xrefs: 00C8E5B3
MsiPackage, xrefs: 00C8E287
Size, xrefs: 00C8E0D6
Failed to allocate memory for package structs., xrefs: 00C8DFE1
Failed to allocate memory for MSP patch sequence information., xrefs: 00C8E3CD
RollbackLogPathVariable, xrefs: 00C8E18B
Failed to get @PerMachine., xrefs: 00C8E5BA
Failed to get @Id., xrefs: 00C8E5F5
InstallSize, xrefs: 00C8E0F1
Failed to find forward transaction boundary: %ls, xrefs: 00C8E3F8
Failed to parse target product codes., xrefs: 00C8E58F
clbcatq.dll, xrefs: 00C8E10B
cabinet.dll, xrefs: 00C8E0F0
InstallCondition, xrefs: 00C8E1AE
Failed to select rollback boundary nodes., xrefs: 00C8DE5B
Failed to get @Vital., xrefs: 00C8E5AC
Failed to get next node., xrefs: 00C8E5FC
Cache, xrefs: 00C8E03D
Failed to allocate memory for patch sequence information to package lookup., xrefs: 00C8E464
Failed to get @Cache., xrefs: 00C8E5EE

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: FreeHeapString$AllocateProcess
String ID: Cache$CacheId$Chain/ExePackage|Chain/MsiPackage|Chain/MspPackage|Chain/MsuPackage$ExePackage$Failed to allocate memory for MSP patch sequence information.$Failed to allocate memory for package structs.$Failed to allocate memory for patch sequence information to package lookup.$Failed to allocate memory for rollback boundary structs.$Failed to find backward transaction boundary: %ls$Failed to find forward transaction boundary: %ls$Failed to get @Cache.$Failed to get @CacheId.$Failed to get @Id.$Failed to get @InstallCondition.$Failed to get @InstallSize.$Failed to get @LogPathVariable.$Failed to get @PerMachine.$Failed to get @Permanent.$Failed to get @RollbackBoundaryBackward.$Failed to get @RollbackBoundaryForward.$Failed to get @RollbackLogPathVariable.$Failed to get @Size.$Failed to get @Vital.$Failed to get next node.$Failed to get package node count.$Failed to get rollback bundary node count.$Failed to parse EXE package.$Failed to parse MSI package.$Failed to parse MSP package.$Failed to parse MSU package.$Failed to parse dependency providers.$Failed to parse payload references.$Failed to parse target product codes.$Failed to select package nodes.$Failed to select rollback boundary nodes.$InstallCondition$InstallSize$Invalid cache type: %ls$LogPathVariable$MsiPackage$MspPackage$MsuPackage$PerMachine$Permanent$RollbackBoundary$RollbackBoundaryBackward$RollbackBoundaryForward$RollbackLogPathVariable$Size$Vital$always$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$feclient.dll$msi.dll$package.cpp$wininet.dll$yes
API String ID: 336948655-2612374807
Opcode ID: 2f871eb885d0fd05553a6c0053970eaa062bde3ba2d830c0b1182bac4da375c7
Instruction ID: 6c71611e33cec4ec428712ebef89daba4ccb84e2195324f102705dce8103982b
Opcode Fuzzy Hash: 2f871eb885d0fd05553a6c0053970eaa062bde3ba2d830c0b1182bac4da375c7
Instruction Fuzzy Hash: CA32D771D00226BBCB11AB94CC45FAEBBB4AF04728F214265F915BB291D774EE40DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00C8F86E, Relevance: 112.4, APIs: 3, Strings: 61, Instructions: 445
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E00C8F86E(void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				short* _v16;
				void* _v20;
				void* _t88;
				void* _t112;
				int _t158;
				void* _t164;
				signed int _t166;
				intOrPtr* _t167;
				intOrPtr* _t168;
				intOrPtr* _t169;
				void* _t174;
				intOrPtr _t176;
				void* _t179;
				void* _t188;
				void* _t190;

				_t174 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				_t88 = E00CC388A(_a8, L"Registration",  &_v12);
				_t164 = 0x80070490;
				_t179 =  ==  ? 0x80070490 : _t88;
				if(_t179 >= 0) {
					_push(__edi);
					_t176 = _a4;
					_t8 = _t176 + 0x10; // 0xc8534d
					if(E00CC31C7(_v12, L"Id", _t8) >= 0) {
						_t10 = _t176 + 0x14; // 0xc85351
						if(E00CC31C7(_v12, L"Tag", _t10) >= 0) {
							if(E00C8E936(_t176, _t176, _a8) >= 0) {
								if(E00CC31C7(_v12, L"Version",  &_v16) >= 0) {
									_t15 = _t176 + 0x38; // 0xc85375
									if(E00CC4B5A(_t174, _v16, 0, _t15) >= 0) {
										_t18 = _t176 + 0x44; // 0xc85381
										if(E00CC31C7(_v12, L"ProviderKey", _t18) >= 0) {
											_t20 = _t176 + 0x48; // 0xc85385
											if(E00CC31C7(_v12, L"ExecutableName", _t20) >= 0) {
												if(E00CC33DB(_t166, _v12, L"PerMachine", _t176) >= 0) {
													_t188 = E00CC388A(_v12, L"Arp",  &_v8);
													if(_t188 == 1) {
														L71:
														_t62 = _t176 + 0x98; // 0xc853d5
														_t63 = _t176 + 0x94; // 0xc853d1
														if(E00C8EBB2(_v12, _t63, _t62) >= 0) {
															_t190 = E00CC388A(_v12, L"Update",  &_v20);
															if(_t190 == 1) {
																L88:
																_t112 = E00C8EFE5(_t166, _t176); // executed
																_t190 = _t112;
																if(_t190 >= 0) {
																	L91:
																	L92:
																	_t167 = _v12;
																	if(_t167 != 0) {
																		 *((intOrPtr*)( *_t167 + 8))(_t167);
																	}
																	_t168 = _v8;
																	if(_t168 != 0) {
																		 *((intOrPtr*)( *_t168 + 8))(_t168);
																	}
																	_t169 = _v20;
																	if(_t169 != 0) {
																		 *((intOrPtr*)( *_t169 + 8))(_t169);
																	}
																	if(_v16 != 0) {
																		E00CC54EF(_v16);
																	}
																	return _t190;
																}
																_push("Failed to set registration paths.");
																L90:
																_push(_t190);
																E00CC012F();
																goto L91;
															}
															if(_t190 >= 0) {
																 *((intOrPtr*)(_t176 + 0x9c)) = 1;
																_t68 = _t176 + 0xa0; // 0xc853dd
																_t190 = E00CC31C7(_v20, L"Manufacturer", _t68);
																if(_t190 >= 0) {
																	_t70 = _t176 + 0xa4; // 0xc853e1
																	_t190 = E00CC31C7(_v20, L"Department", _t70);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t72 = _t176 + 0xa8; // 0xc853e5
																		_t190 = E00CC31C7(_v20, L"ProductFamily", _t72);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t74 = _t176 + 0xac; // 0xc853e9
																			_t190 = E00CC31C7(_v20, L"Name", _t74);
																			if(_t190 >= 0) {
																				_t76 = _t176 + 0xb0; // 0xc853ed
																				_t190 = E00CC31C7(_v20, L"Classification", _t76);
																				if(_t190 >= 0) {
																					goto L88;
																				}
																				_push("Failed to get @Classification.");
																				goto L90;
																			}
																			_push("Failed to get @Name.");
																		} else {
																			_push("Failed to get @ProductFamily.");
																		}
																	} else {
																		_push("Failed to get @Department.");
																	}
																	goto L90;
																}
																_push("Failed to get @Manufacturer.");
																goto L90;
															}
															_push("Failed to select Update node.");
															goto L90;
														}
														_push("Failed to parse software tag.");
														goto L90;
													}
													if(_t188 >= 0) {
														_t25 = _t176 + 4; // 0xc85341
														_t190 = E00CC33DB(_t166, _v8, L"Register", _t25);
														if(_t190 >= 0) {
															_t27 = _t176 + 0x60; // 0xc8539d
															_t190 = E00CC31C7(_v8, L"DisplayName", _t27);
															if(_t190 == 0x80070490 || _t190 >= 0) {
																_t29 = _t176 + 0x64; // 0xc853a1
																_t190 = E00CC31C7(_v8, L"DisplayVersion", _t29);
																if(_t190 == _t164 || _t190 >= 0) {
																	_t31 = _t176 + 0x68; // 0xc853a5
																	_t190 = E00CC31C7(_v8, L"Publisher", _t31);
																	if(_t190 == _t164 || _t190 >= 0) {
																		_t33 = _t176 + 0x6c; // 0xc853a9
																		_t190 = E00CC31C7(_v8, L"HelpLink", _t33);
																		if(_t190 == _t164 || _t190 >= 0) {
																			_t35 = _t176 + 0x70; // 0xc853ad
																			_t190 = E00CC31C7(_v8, L"HelpTelephone", _t35);
																			if(_t190 == _t164 || _t190 >= 0) {
																				_t37 = _t176 + 0x74; // 0xc853b1
																				_t190 = E00CC31C7(_v8, L"AboutUrl", _t37);
																				if(_t190 == _t164 || _t190 >= 0) {
																					_t39 = _t176 + 0x78; // 0xc853b5
																					_t190 = E00CC31C7(_v8, L"UpdateUrl", _t39);
																					if(_t190 == _t164 || _t190 >= 0) {
																						_t41 = _t176 + 0x7c; // 0xc853b9
																						_t190 = E00CC31C7(_v8, L"ParentDisplayName", _t41);
																						if(_t190 == _t164 || _t190 >= 0) {
																							_t43 = _t176 + 0x80; // 0xc853bd
																							_t190 = E00CC31C7(_v8, L"Comments", _t43);
																							if(_t190 == _t164 || _t190 >= 0) {
																								_t45 = _t176 + 0x84; // 0xc853c1
																								_t190 = E00CC31C7(_v8, L"Contact", _t45);
																								if(_t190 == _t164 || _t190 >= 0) {
																									_t190 = E00CC31C7(_v8, L"DisableModify",  &_v16);
																									if(_t190 < 0) {
																										if(_t190 == _t164) {
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											_t190 = 0;
																										}
																										L65:
																										if(_t190 >= 0) {
																											_t59 = _t176 + 0x90; // 0xc853cd
																											_t190 = E00CC33DB(_t166, _v8, L"DisableRemove", _t59);
																											if(_t190 == _t164) {
																												goto L71;
																											}
																											if(_t190 >= 0) {
																												 *(_t176 + 0x8c) = 1;
																												goto L71;
																											}
																											_push("Failed to get @DisableRemove.");
																											goto L90;
																										}
																										_push("Failed to get @DisableModify.");
																										goto L90;
																									}
																									_t158 = CompareStringW(0x7f, 0, _v16, 0xffffffff, L"button", 0xffffffff);
																									_t166 = 2;
																									if(_t158 != _t166) {
																										if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"yes", 0xffffffff) != 2) {
																											if(CompareStringW(0x7f, 0, _v16, 0xffffffff, L"no", 0xffffffff) != 2) {
																												_t190 = 0x8000ffff;
																												E00C837D3(_t160, "registration.cpp", 0xf6, 0x8000ffff);
																												_push(_v16);
																												_push("Invalid modify disabled type: %ls");
																												L62:
																												_push(_t190);
																												E00CC012F();
																												goto L91;
																											}
																											 *(_t176 + 0x88) =  *(_t176 + 0x88) & 0x00000000;
																											L60:
																											_t164 = 0x80070490;
																											goto L65;
																										}
																										 *(_t176 + 0x88) = 1;
																										goto L60;
																									}
																									 *(_t176 + 0x88) = _t166;
																									goto L60;
																								} else {
																									_push("Failed to get @Contact.");
																									goto L90;
																								}
																							} else {
																								_push("Failed to get @Comments.");
																								goto L90;
																							}
																						} else {
																							_push("Failed to get @ParentDisplayName.");
																							goto L90;
																						}
																					} else {
																						_push("Failed to get @UpdateUrl.");
																						goto L90;
																					}
																				} else {
																					_push("Failed to get @AboutUrl.");
																					goto L90;
																				}
																			} else {
																				_push("Failed to get @HelpTelephone.");
																				goto L90;
																			}
																		} else {
																			_push("Failed to get @HelpLink.");
																			goto L90;
																		}
																	} else {
																		_push("Failed to get @Publisher.");
																		goto L90;
																	}
																} else {
																	_push("Failed to get @DisplayVersion.");
																	goto L90;
																}
															} else {
																_push("Failed to get @DisplayName.");
																goto L90;
															}
														}
														_push("Failed to get @Register.");
														goto L90;
													}
													_push("Failed to select ARP node.");
													goto L90;
												}
												_push("Failed to get @PerMachine.");
												goto L90;
											}
											_push("Failed to get @ExecutableName.");
											goto L90;
										}
										_push("Failed to get @ProviderKey.");
										goto L90;
									}
									_push(_v16);
									_push("Failed to parse @Version: %ls");
									goto L62;
								}
								_push("Failed to get @Version.");
								goto L90;
							}
							_push("Failed to parse related bundles");
							goto L90;
						}
						_push("Failed to get @Tag.");
						goto L90;
					}
					_push("Failed to get @Id.");
					goto L90;
				}
				_push("Failed to select registration node.");
				_push(_t179);
				E00CC012F();
				goto L92;
			}

0x00c8f86e
0x00c8f878
0x00c8f87b
0x00c8f87e
0x00c8f881
0x00c8f890
0x00c8f897
0x00c8f89f
0x00c8f8a4
0x00c8f8b8
0x00c8f8b9
0x00c8f8bc
0x00c8f8d1
0x00c8f8dd
0x00c8f8f2
0x00c8f90b
0x00c8f92c
0x00c8f938
0x00c8f94a
0x00c8f959
0x00c8f96e
0x00c8f97a
0x00c8f98f
0x00c8f9ad
0x00c8f9ca
0x00c8f9cf
0x00c8fc7e
0x00c8fc7e
0x00c8fc85
0x00c8fc98
0x00c8fcb5
0x00c8fcbc
0x00c8fd86
0x00c8fd87
0x00c8fd8c
0x00c8fd90
0x00c8fd9f
0x00c8fda0
0x00c8fda0
0x00c8fda5
0x00c8fdaa
0x00c8fdaa
0x00c8fdad
0x00c8fdb2
0x00c8fdb7
0x00c8fdb7
0x00c8fdba
0x00c8fdbf
0x00c8fdc4
0x00c8fdc4
0x00c8fdcb
0x00c8fdd0
0x00c8fdd0
0x00c8fddc
0x00c8fddc
0x00c8fd92
0x00c8fd97
0x00c8fd97
0x00c8fd98
0x00000000
0x00c8fd9e
0x00c8fcc4
0x00c8fcd0
0x00c8fcd6
0x00c8fcea
0x00c8fcee
0x00c8fcfa
0x00c8fd0e
0x00c8fd12
0x00c8fd1f
0x00c8fd33
0x00c8fd37
0x00c8fd44
0x00c8fd58
0x00c8fd5c
0x00c8fd65
0x00c8fd79
0x00c8fd7d
0x00000000
0x00000000
0x00c8fd7f
0x00000000
0x00c8fd7f
0x00c8fd5e
0x00c8fd3d
0x00c8fd3d
0x00c8fd3d
0x00c8fd18
0x00c8fd18
0x00c8fd18
0x00000000
0x00c8fd12
0x00c8fcf0
0x00000000
0x00c8fcf0
0x00c8fcc6
0x00000000
0x00c8fcc6
0x00c8fc9a
0x00000000
0x00c8fc9a
0x00c8f9d7
0x00c8f9e3
0x00c8f9f4
0x00c8f9f8
0x00c8fa04
0x00c8fa15
0x00c8fa19
0x00c8fa29
0x00c8fa3a
0x00c8fa3e
0x00c8fa4e
0x00c8fa5f
0x00c8fa63
0x00c8fa73
0x00c8fa84
0x00c8fa88
0x00c8fa98
0x00c8faa9
0x00c8faad
0x00c8fabd
0x00c8face
0x00c8fad2
0x00c8fae2
0x00c8faf3
0x00c8faf7
0x00c8fb07
0x00c8fb18
0x00c8fb1c
0x00c8fb2c
0x00c8fb40
0x00c8fb44
0x00c8fb54
0x00c8fb68
0x00c8fb6c
0x00c8fb8d
0x00c8fb91
0x00c8fc33
0x00c8fc35
0x00c8fc3c
0x00c8fc3c
0x00c8fc3e
0x00c8fc40
0x00c8fc4c
0x00c8fc60
0x00c8fc64
0x00000000
0x00000000
0x00c8fc68
0x00c8fc74
0x00000000
0x00c8fc74
0x00c8fc6a
0x00000000
0x00c8fc6a
0x00c8fc42
0x00000000
0x00c8fc42
0x00c8fbad
0x00c8fbb1
0x00c8fbb4
0x00c8fbd3
0x00c8fbf6
0x00c8fc06
0x00c8fc16
0x00c8fc1b
0x00c8fc1e
0x00c8fc23
0x00c8fc23
0x00c8fc24
0x00000000
0x00c8fc29
0x00c8fbf8
0x00c8fbff
0x00c8fbff
0x00000000
0x00c8fbff
0x00c8fbd5
0x00000000
0x00c8fbd5
0x00c8fbb6
0x00000000
0x00c8fb72
0x00c8fb72
0x00000000
0x00c8fb72
0x00c8fb4a
0x00c8fb4a
0x00000000
0x00c8fb4a
0x00c8fb22
0x00c8fb22
0x00000000
0x00c8fb22
0x00c8fafd
0x00c8fafd
0x00000000
0x00c8fafd
0x00c8fad8
0x00c8fad8
0x00000000
0x00c8fad8
0x00c8fab3
0x00c8fab3
0x00000000
0x00c8fab3
0x00c8fa8e
0x00c8fa8e
0x00000000
0x00c8fa8e
0x00c8fa69
0x00c8fa69
0x00000000
0x00c8fa69
0x00c8fa44
0x00c8fa44
0x00000000
0x00c8fa44
0x00c8fa1f
0x00c8fa1f
0x00000000
0x00c8fa1f
0x00c8fa19
0x00c8f9fa
0x00000000
0x00c8f9fa
0x00c8f9d9
0x00000000
0x00c8f9d9
0x00c8f9af
0x00000000
0x00c8f9af
0x00c8f991
0x00000000
0x00c8f991
0x00c8f970
0x00000000
0x00c8f970
0x00c8f94c
0x00c8f94f
0x00000000
0x00c8f94f
0x00c8f92e
0x00000000
0x00c8f92e
0x00c8f90d
0x00000000
0x00c8f90d
0x00c8f8f4
0x00000000
0x00c8f8f4
0x00c8f8d3
0x00000000
0x00c8f8d3
0x00c8f8a6
0x00c8f8ab
0x00c8f8ac
0x00000000

Strings

Failed to parse @Version: %ls, xrefs: 00C8F94F
Failed to get @Contact., xrefs: 00C8FB72
ProductFamily, xrefs: 00C8FD26
Failed to get @Manufacturer., xrefs: 00C8FCF0
Failed to parse related bundles, xrefs: 00C8F90D
Failed to get @DisableRemove., xrefs: 00C8FC6A
Failed to get @DisplayName., xrefs: 00C8FA1F
DisableRemove, xrefs: 00C8FC53
Failed to get @ExecutableName., xrefs: 00C8F991
Version, xrefs: 00C8F91B
DisableModify, xrefs: 00C8FB80
Classification, xrefs: 00C8FD6C
Invalid modify disabled type: %ls, xrefs: 00C8FC1E
Failed to select registration node., xrefs: 00C8F8A6
Arp, xrefs: 00C8F9BD
Department, xrefs: 00C8FD01
Failed to get @UpdateUrl., xrefs: 00C8FAFD
Failed to select ARP node., xrefs: 00C8F9D9
registration.cpp, xrefs: 00C8FC11
button, xrefs: 00C8FB9F
Contact, xrefs: 00C8FB5B
Failed to get @ProviderKey., xrefs: 00C8F970
yes, xrefs: 00C8FBC0
Tag, xrefs: 00C8F8E1
Name, xrefs: 00C8FD4B
Comments, xrefs: 00C8FB33
Failed to get @AboutUrl., xrefs: 00C8FAD8
DisplayVersion, xrefs: 00C8FA2D
Manufacturer, xrefs: 00C8FCDD
Failed to get @DisableModify., xrefs: 00C8FC42
Failed to get @Comments., xrefs: 00C8FB4A
PerMachine, xrefs: 00C8F99C
Failed to get @ParentDisplayName., xrefs: 00C8FB22
Failed to get @Version., xrefs: 00C8F92E
Failed to get @Tag., xrefs: 00C8F8F4
Failed to get @Publisher., xrefs: 00C8FA69
DisplayName, xrefs: 00C8FA08
Failed to select Update node., xrefs: 00C8FCC6
Failed to get @Classification., xrefs: 00C8FD7F
HelpTelephone, xrefs: 00C8FA9C
UpdateUrl, xrefs: 00C8FAE6
Update, xrefs: 00C8FCA8
ExecutableName, xrefs: 00C8F97E
Register, xrefs: 00C8F9E7
Failed to get @Department., xrefs: 00C8FD18
Failed to get @ProductFamily., xrefs: 00C8FD3D
Failed to parse software tag., xrefs: 00C8FC9A
Failed to get @Id., xrefs: 00C8F8D3
Failed to get @PerMachine., xrefs: 00C8F9AF
Failed to get @HelpTelephone., xrefs: 00C8FAB3
Failed to get @Name., xrefs: 00C8FD5E
ProviderKey, xrefs: 00C8F95D
Failed to get @HelpLink., xrefs: 00C8FA8E
Failed to get @Register., xrefs: 00C8F9FA
Failed to set registration paths., xrefs: 00C8FD92
Publisher, xrefs: 00C8FA52
HelpLink, xrefs: 00C8FA77
ParentDisplayName, xrefs: 00C8FB0B
Registration, xrefs: 00C8F888
AboutUrl, xrefs: 00C8FAC1
Failed to get @DisplayVersion., xrefs: 00C8FA44

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID:
String ID: AboutUrl$Arp$Classification$Comments$Contact$Department$DisableModify$DisableRemove$DisplayName$DisplayVersion$ExecutableName$Failed to get @AboutUrl.$Failed to get @Classification.$Failed to get @Comments.$Failed to get @Contact.$Failed to get @Department.$Failed to get @DisableModify.$Failed to get @DisableRemove.$Failed to get @DisplayName.$Failed to get @DisplayVersion.$Failed to get @ExecutableName.$Failed to get @HelpLink.$Failed to get @HelpTelephone.$Failed to get @Id.$Failed to get @Manufacturer.$Failed to get @Name.$Failed to get @ParentDisplayName.$Failed to get @PerMachine.$Failed to get @ProductFamily.$Failed to get @ProviderKey.$Failed to get @Publisher.$Failed to get @Register.$Failed to get @Tag.$Failed to get @UpdateUrl.$Failed to get @Version.$Failed to parse @Version: %ls$Failed to parse related bundles$Failed to parse software tag.$Failed to select ARP node.$Failed to select Update node.$Failed to select registration node.$Failed to set registration paths.$HelpLink$HelpTelephone$Invalid modify disabled type: %ls$Manufacturer$Name$ParentDisplayName$PerMachine$ProductFamily$ProviderKey$Publisher$Register$Registration$Tag$Update$UpdateUrl$Version$button$registration.cpp$yes
API String ID: 0-2956246334
Opcode ID: 5899c4d77effb6a8cc2c0d7c42b4b9eb5fdc56a0c0637fb365b1223a7d978fec
Instruction ID: 62ebb219399efd17b6c9919f21fc401b459b19e73dce8c6d4b96b5c2241e5fa7
Opcode Fuzzy Hash: 5899c4d77effb6a8cc2c0d7c42b4b9eb5fdc56a0c0637fb365b1223a7d978fec
Instruction Fuzzy Hash: 4AE19932E40665BFCB11BAA0DC41FFD7AA4AB00718F19427FFE10B7251D7616E52A788

Uniqueness

Uniqueness Score: -1.00%

Function 00C8B389, Relevance: 93.3, APIs: 24, Strings: 29, Instructions: 565
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 67%

			E00C8B389(union _LARGE_INTEGER* __edx, void* _a4, void* _a8, intOrPtr _a12) {
				signed int _v8;
				union _LARGE_INTEGER _v12;
				void _v72;
				signed short _v300;
				signed int _v314;
				void _v320;
				union _LARGE_INTEGER _v340;
				long _v344;
				void _v360;
				long _v364;
				union _LARGE_INTEGER* _v368;
				intOrPtr _v372;
				void _v376;
				void _v380;
				struct _OVERLAPPED* _v384;
				intOrPtr _v388;
				union _LARGE_INTEGER _v392;
				intOrPtr _v396;
				char _v400;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t98;
				intOrPtr _t106;
				int _t108;
				int _t117;
				int _t120;
				union _LARGE_INTEGER _t123;
				int _t124;
				int _t133;
				signed short _t137;
				intOrPtr* _t142;
				int _t151;
				intOrPtr _t160;
				signed short _t188;
				signed short _t191;
				signed short _t196;
				signed short _t199;
				signed short _t202;
				signed short _t205;
				signed short _t208;
				signed short _t211;
				signed short _t214;
				signed short _t217;
				signed short _t220;
				signed int _t224;
				void* _t226;
				intOrPtr _t237;
				void _t241;
				intOrPtr _t242;
				union _LARGE_INTEGER* _t243;
				void* _t244;
				void* _t247;
				void* _t248;
				void* _t252;
				signed int _t290;

				_t243 = __edx;
				_t98 =  *0xcea008; // 0x4c290ae8
				_v8 = _t98 ^ _t290;
				_t223 = _a4;
				asm("xorps xmm0, xmm0");
				_v364 = 0;
				asm("movlpd [ebp-0x18c], xmm0");
				E00CAF670(_t244,  &_v72, 0, 0x40);
				E00CAF670(_t244,  &_v320, 0, 0xf8);
				_v376 = 0;
				_v380 = 0;
				_v368 = 0;
				_t224 = 0xa;
				memset( &_v360, 0, _t224 << 2);
				_t226 = _a8;
				 *_t223 = _t226;
				if(_t226 != 0xffffffff) {
					_t106 = _a12;
					_t247 = SetFilePointerEx;
					_push(0);
					_t107 =  ==  ? _t226 : _t106;
					 *((intOrPtr*)(_t223 + 4)) =  ==  ? _t226 : _t106;
					_t108 = SetFilePointerEx(_t226, 0, 0, 0); // executed
					if(_t108 != 0) {
						_t111 = ReadFile( *_t223,  &_v72, 0x40,  &_v364, 0); // executed
						if(_t111 != 0) {
							if(_v364 < 0x40) {
								L66:
								_t247 = 0x8007000d;
								_t252 = 0x8007000d;
								E00C837D3(_t111, "section.cpp", 0x4e, 0x8007000d);
								_push("Failed to find valid DOS image header in buffer.");
								L67:
								_push(_t247);
								goto L68;
							}
							_t111 = 0x5a4d;
							if(0x5a4d != _v72) {
								goto L66;
							}
							_push(0);
							asm("cdq");
							_t117 = SetFilePointerEx( *_t223, _v12.LowPart, _t243, 0); // executed
							if(_t117 != 0) {
								_t120 = ReadFile( *_t223,  &_v320, 0x18,  &_v364, 0); // executed
								if(_t120 != 0) {
									if(_v364 < 0x18 || _v320 != 0x4550) {
										_t247 = 0x8007000d;
										_t252 = 0x8007000d;
										E00C837D3(_t120, "section.cpp", 0x64, 0x8007000d);
										_push("Failed to find valid NT image header in buffer.");
										goto L67;
									} else {
										_t24 = _v12.LowPart + 0x58; // 0x58
										_t123 = _v12.LowPart + 0x98;
										_v388 = _t24;
										_push(0);
										_v392.LowPart = _t123;
										_t124 = SetFilePointerEx( *_t223, _t123, 0, 0); // executed
										if(_t124 != 0) {
											if(ReadFile( *_t223,  &_v376, 4,  &_v364, 0) != 0) {
												if(ReadFile( *_t223,  &_v380, 4,  &_v364, 0) != 0) {
													_push(0);
													_t133 = SetFilePointerEx( *_t223, _v12 + (_v300 & 0x0000ffff) + 0x18, 0, 0); // executed
													if(_t133 != 0) {
														_t247 = 0;
														_v384 = 0;
														if(ReadFile( *_t223,  &_v360, 0x28,  &_v364, 0) == 0) {
															L63:
															_t137 = GetLastError();
															_t255 =  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
															_t252 =  >=  ? 0x80004005 :  <=  ? _t137 : _t137 & 0x0000ffff | 0x80070000;
															E00C837D3(0x80004005, "section.cpp", 0x8d, _t252);
															_push(_t247);
															_push("Failed to read image section header, index: %u");
															_push(_t252);
															L64:
															E00CC012F();
															goto L69;
														}
														_t237 = 1;
														while(_v364 >= 0x28) {
															_t142 =  &_v360;
															if( *_t142 != 0x7869772e ||  *((intOrPtr*)(_t142 + 4)) != 0x6e727562) {
																_t143 = _v314 & 0x0000ffff;
																if(_t237 >= (_v314 & 0x0000ffff)) {
																	_t248 = 0x8007000d;
																	_t252 = 0x8007000d;
																	E00C837D3(_t143, "section.cpp", 0xa0, 0x8007000d);
																	_push("Failed to find Burn section.");
																	goto L57;
																}
																_t247 = _t247 + 1;
																_v384 = _t247;
																_v372 = _t237 + 1;
																if(ReadFile( *_t223,  &_v360, 0x28,  &_v364, 0) == 0) {
																	goto L63;
																}
																_t237 = _v372;
																continue;
															} else {
																if(_v344 >= 0x34) {
																	_t247 = E00C838D4(_v344, 1);
																	_v368 = _t247;
																	if(_t247 != 0) {
																		_push(0);
																		_t151 = SetFilePointerEx( *_t223, _v340.LowPart, 0, 0); // executed
																		if(_t151 != 0) {
																			_v372 = _v340 + 0x1c;
																			if(ReadFile( *_t223, _t247, _v344,  &_v364, 0) != 0) {
																				_t156 = _v344;
																				if(_v344 <= _v364) {
																					if( *((intOrPtr*)(_t247 + 4)) == 2) {
																						if(E00CC48CB(_t237,  *((intOrPtr*)(_t223 + 4)),  &_v400) >= 0) {
																							_t243 =  *(_t247 + 0x18);
																							 *(_t223 + 8) = _t243;
																							if( *((intOrPtr*)(_t247 + 0x20)) == 0) {
																								_t241 = _v376;
																								if(_t241 == 0) {
																									_t160 =  *((intOrPtr*)(_t247 + 0x30)) + _t243;
																								} else {
																									_t160 = _v380 + _t241;
																								}
																							} else {
																								_t160 =  *((intOrPtr*)(_t247 + 0x24)) +  *((intOrPtr*)(_t247 + 0x20));
																							}
																							 *((intOrPtr*)(_t223 + 0xc)) = _t160;
																							 *((intOrPtr*)(_t223 + 0x10)) = _v400;
																							 *((intOrPtr*)(_t223 + 0x14)) = _v396;
																							 *((intOrPtr*)(_t223 + 0x18)) = _v388;
																							 *(_t223 + 0x1c) = _v392;
																							 *((intOrPtr*)(_t223 + 0x20)) = _v372;
																							 *((intOrPtr*)(_t223 + 0x24)) =  *((intOrPtr*)(_t247 + 0x1c));
																							 *((intOrPtr*)(_t223 + 0x28)) =  *((intOrPtr*)(_t247 + 0x20));
																							 *((intOrPtr*)(_t223 + 0x2c)) =  *((intOrPtr*)(_t247 + 0x24));
																							 *((intOrPtr*)(_t223 + 0x30)) =  *((intOrPtr*)(_t247 + 0x28));
																							 *(_t223 + 0x34) =  *(_t247 + 0x2c);
																							_t242 = E00C838D4( *(_t247 + 0x2c) << 2, 1);
																							 *((intOrPtr*)(_t223 + 0x38)) = _t242;
																							if(_t242 != 0) {
																								_t93 = _t247 + 0x30; // 0x30
																								E00CAF0F0(_t242, _t93,  *(_t223 + 0x34) << 2);
																								_t94 = _t247 + 8; // 0x8
																								_t252 = E00C8B106(_t94);
																								if(_t252 >= 0) {
																									goto L59;
																								}
																								E00C837D3(_t178, "section.cpp", 0xf5, _t252);
																								_push("PE Header from file didn\'t match PE Header in memory.");
																								L37:
																								_push(_t252);
																								goto L38;
																							} else {
																								_t223 = 0x8007000e;
																								_t252 = 0x8007000e;
																								E00C837D3(_t172, "section.cpp", 0xef, 0x8007000e);
																								_push("Failed to allocate memory for container sizes.");
																								_push(0x8007000e);
																								L38:
																								E00CC012F();
																								L58:
																								L59:
																								if(_t247 != 0) {
																									E00C83999(_t247);
																								}
																								goto L69;
																							}
																						}
																						_push("Failed to get total size of bundle.");
																						goto L37;
																					}
																					_t252 = 0x8007000d;
																					E00C837D3(_t156, "section.cpp", 0xcc, 0x8007000d);
																					E00CC012F(0x8007000d, "Failed to read section info, unsupported version: %08x", _v368->LowPart.HighPart);
																					_t247 = _v368;
																					goto L59;
																				}
																				_t248 = 0x8007000d;
																				_t252 = 0x8007000d;
																				E00C837D3(_t156, "section.cpp", 0xc5, 0x8007000d);
																				_push("Failed to read complete section info.");
																				L57:
																				_push(_t248);
																				E00CC012F();
																				_t247 = _v368;
																				goto L58;
																			}
																			_t188 = GetLastError();
																			_t259 =  <=  ? _t188 : _t188 & 0x0000ffff | 0x80070000;
																			_t252 =  >=  ? 0x80004005 :  <=  ? _t188 : _t188 & 0x0000ffff | 0x80070000;
																			E00C837D3(0x80004005, "section.cpp", 0xc0, _t252);
																			_push("Failed to read section info.");
																			goto L37;
																		}
																		_t191 = GetLastError();
																		_t262 =  <=  ? _t191 : _t191 & 0x0000ffff | 0x80070000;
																		_t252 =  >=  ? 0x80004005 :  <=  ? _t191 : _t191 & 0x0000ffff | 0x80070000;
																		E00C837D3(0x80004005, "section.cpp", 0xb7, _t252);
																		_push("Failed to seek to section info.");
																		goto L37;
																	}
																	_t223 = 0x8007000e;
																	_t252 = 0x8007000e;
																	E00C837D3(_t149, "section.cpp", 0xb1, 0x8007000e);
																	_push("Failed to allocate buffer for section info.");
																	_push(0x8007000e);
																	goto L68;
																}
																_t247 = 0x8007000d;
																_t252 = 0x8007000d;
																E00C837D3(_t142, "section.cpp", 0xac, 0x8007000d);
																_push(_v344);
																_push("Failed to read section info, data to short: %u");
																L62:
																_push(_t247);
																goto L64;
															}
														}
														_t247 = 0x8007000d;
														_t252 = 0x8007000d;
														E00C837D3(_t136, "section.cpp", 0x92, 0x8007000d);
														_push(_v384);
														_push("Failed to read complete image section header, index: %u");
														goto L62;
													}
													_t196 = GetLastError();
													_t265 =  <=  ? _t196 : _t196 & 0x0000ffff | 0x80070000;
													_t252 =  >=  ? 0x80004005 :  <=  ? _t196 : _t196 & 0x0000ffff | 0x80070000;
													E00C837D3(0x80004005, "section.cpp", 0x84, _t252);
													_push("Failed to seek past optional headers.");
													goto L2;
												}
												_t199 = GetLastError();
												_t268 =  <=  ? _t199 : _t199 & 0x0000ffff | 0x80070000;
												_t252 =  >=  ? 0x80004005 :  <=  ? _t199 : _t199 & 0x0000ffff | 0x80070000;
												E00C837D3(0x80004005, "section.cpp", 0x79, _t252);
												_push("Failed to read signature size.");
												goto L2;
											}
											_t202 = GetLastError();
											_t271 =  <=  ? _t202 : _t202 & 0x0000ffff | 0x80070000;
											_t252 =  >=  ? 0x80004005 :  <=  ? _t202 : _t202 & 0x0000ffff | 0x80070000;
											E00C837D3(0x80004005, "section.cpp", 0x74, _t252);
											_push("Failed to read signature offset.");
											goto L2;
										}
										_t205 = GetLastError();
										_t274 =  <=  ? _t205 : _t205 & 0x0000ffff | 0x80070000;
										_t252 =  >=  ? 0x80004005 :  <=  ? _t205 : _t205 & 0x0000ffff | 0x80070000;
										E00C837D3(0x80004005, "section.cpp", 0x6f, _t252);
										_push("Failed to seek to section info.");
										goto L2;
									}
								}
								_t208 = GetLastError();
								_t277 =  <=  ? _t208 : _t208 & 0x0000ffff | 0x80070000;
								_t252 =  >=  ? 0x80004005 :  <=  ? _t208 : _t208 & 0x0000ffff | 0x80070000;
								E00C837D3(0x80004005, "section.cpp", 0x5f, _t252);
								_push("Failed to read NT header.");
								goto L2;
							}
							_t211 = GetLastError();
							_t280 =  <=  ? _t211 : _t211 & 0x0000ffff | 0x80070000;
							_t252 =  >=  ? 0x80004005 :  <=  ? _t211 : _t211 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "section.cpp", 0x59, _t252);
							_push("Failed to seek to NT header.");
							goto L2;
						}
						_t214 = GetLastError();
						_t283 =  <=  ? _t214 : _t214 & 0x0000ffff | 0x80070000;
						_t252 =  >=  ? 0x80004005 :  <=  ? _t214 : _t214 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "section.cpp", 0x49, _t252);
						_push("Failed to read DOS header.");
						goto L2;
					}
					_t217 = GetLastError();
					_t286 =  <=  ? _t217 : _t217 & 0x0000ffff | 0x80070000;
					_t252 =  >=  ? 0x80004005 :  <=  ? _t217 : _t217 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "section.cpp", 0x43, _t252);
					_push("Failed to seek to start of file.");
					goto L2;
				} else {
					_t220 = GetLastError();
					_t289 =  <=  ? _t220 : _t220 & 0x0000ffff | 0x80070000;
					_t252 =  >=  ? 0x80004005 :  <=  ? _t220 : _t220 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "section.cpp", 0x3a, _t252);
					_push("Failed to open handle to engine process path.");
					L2:
					_push(_t252);
					L68:
					E00CC012F();
					L69:
					return E00CADE36(_t223, _v8 ^ _t290, _t243, _t247, _t252);
				}
			}

0x00c8b389
0x00c8b392
0x00c8b399
0x00c8b39d
0x00c8b3a7
0x00c8b3ae
0x00c8b3b4
0x00c8b3bc
0x00c8b3ce
0x00c8b3d6
0x00c8b3de
0x00c8b3ea
0x00c8b3f2
0x00c8b3f3
0x00c8b3f5
0x00c8b3f8
0x00c8b3fd
0x00c8b435
0x00c8b43b
0x00c8b441
0x00c8b445
0x00c8b449
0x00c8b44c
0x00c8b450
0x00c8b49a
0x00c8b49e
0x00c8b4dc
0x00c8bad3
0x00c8bad3
0x00c8bae0
0x00c8bae2
0x00c8bae7
0x00c8baec
0x00c8baec
0x00000000
0x00c8baec
0x00c8b4e2
0x00c8b4eb
0x00000000
0x00000000
0x00c8b4f4
0x00c8b4f8
0x00c8b4fd
0x00c8b501
0x00c8b54c
0x00c8b550
0x00c8b58e
0x00c8bab8
0x00c8bac5
0x00c8bac7
0x00c8bacc
0x00000000
0x00c8b5a4
0x00c8b5a7
0x00c8b5aa
0x00c8b5af
0x00c8b5b7
0x00c8b5bd
0x00c8b5c3
0x00c8b5c7
0x00c8b616
0x00c8b665
0x00c8b6ad
0x00c8b6b3
0x00c8b6b7
0x00c8b6f1
0x00c8b703
0x00c8b710
0x00c8ba79
0x00c8ba79
0x00c8ba8a
0x00c8ba94
0x00c8baa2
0x00c8baa7
0x00c8baa8
0x00c8baad
0x00c8baae
0x00c8baae
0x00000000
0x00c8bab3
0x00c8b718
0x00c8b719
0x00c8b726
0x00c8b732
0x00c8b73d
0x00c8b746
0x00c8ba17
0x00c8ba27
0x00c8ba29
0x00c8ba2e
0x00000000
0x00c8ba2e
0x00c8b754
0x00c8b75e
0x00c8b768
0x00c8b772
0x00000000
0x00000000
0x00c8b778
0x00000000
0x00c8b780
0x00c8b787
0x00c8b7bd
0x00c8b7bf
0x00c8b7c7
0x00c8b7ed
0x00c8b7f8
0x00c8b800
0x00c8b84b
0x00c8b865
0x00c8b89c
0x00c8b8a8
0x00c8b8cf
0x00c8b91d
0x00c8b929
0x00c8b92c
0x00c8b933
0x00c8b93d
0x00c8b945
0x00c8b954
0x00c8b947
0x00c8b94d
0x00c8b94d
0x00c8b935
0x00c8b938
0x00c8b938
0x00c8b956
0x00c8b95f
0x00c8b968
0x00c8b971
0x00c8b97a
0x00c8b983
0x00c8b989
0x00c8b98f
0x00c8b995
0x00c8b99b
0x00c8b9a1
0x00c8b9af
0x00c8b9b1
0x00c8b9b6
0x00c8b9e1
0x00c8b9e6
0x00c8b9ee
0x00c8b9f7
0x00c8b9fb
0x00000000
0x00000000
0x00c8ba08
0x00c8ba0d
0x00c8b835
0x00c8b835
0x00000000
0x00c8b9b8
0x00c8b9b8
0x00c8b9c8
0x00c8b9ca
0x00c8b9cf
0x00c8b9d4
0x00c8b836
0x00c8b836
0x00c8ba3f
0x00c8ba41
0x00c8ba43
0x00c8ba4a
0x00c8ba4a
0x00000000
0x00c8ba43
0x00c8b9b6
0x00c8b91f
0x00000000
0x00c8b91f
0x00c8b8e1
0x00c8b8e3
0x00c8b8f7
0x00c8b8fc
0x00000000
0x00c8b902
0x00c8b8aa
0x00c8b8ba
0x00c8b8bc
0x00c8b8c1
0x00c8ba33
0x00c8ba33
0x00c8ba34
0x00c8ba39
0x00000000
0x00c8ba39
0x00c8b867
0x00c8b878
0x00c8b882
0x00c8b890
0x00c8b895
0x00000000
0x00c8b895
0x00c8b802
0x00c8b813
0x00c8b81d
0x00c8b82b
0x00c8b830
0x00000000
0x00c8b830
0x00c8b7c9
0x00c8b7d9
0x00c8b7db
0x00c8b7e0
0x00c8b7e5
0x00000000
0x00c8b7e5
0x00c8b789
0x00c8b799
0x00c8b79b
0x00c8b7a0
0x00c8b7a6
0x00c8ba76
0x00c8ba76
0x00000000
0x00c8ba76
0x00c8b732
0x00c8ba54
0x00c8ba64
0x00c8ba66
0x00c8ba6b
0x00c8ba71
0x00000000
0x00c8ba71
0x00c8b6b9
0x00c8b6ca
0x00c8b6d4
0x00c8b6e2
0x00c8b6e7
0x00000000
0x00c8b6e7
0x00c8b667
0x00c8b678
0x00c8b682
0x00c8b68d
0x00c8b692
0x00000000
0x00c8b692
0x00c8b618
0x00c8b629
0x00c8b633
0x00c8b63e
0x00c8b643
0x00000000
0x00c8b643
0x00c8b5c9
0x00c8b5da
0x00c8b5e4
0x00c8b5ef
0x00c8b5f4
0x00000000
0x00c8b5f4
0x00c8b58e
0x00c8b552
0x00c8b563
0x00c8b56d
0x00c8b578
0x00c8b57d
0x00000000
0x00c8b57d
0x00c8b503
0x00c8b514
0x00c8b51e
0x00c8b529
0x00c8b52e
0x00000000
0x00c8b52e
0x00c8b4a0
0x00c8b4b1
0x00c8b4bb
0x00c8b4c6
0x00c8b4cb
0x00000000
0x00c8b4cb
0x00c8b452
0x00c8b463
0x00c8b46d
0x00c8b478
0x00c8b47d
0x00000000
0x00c8b3ff
0x00c8b3ff
0x00c8b410
0x00c8b41a
0x00c8b425
0x00c8b42a
0x00c8b42f
0x00c8b42f
0x00c8baed
0x00c8baed
0x00c8baf4
0x00c8bb06
0x00c8bb06

APIs

GetLastError.KERNEL32(?,?,?,00000000,77E49EB0,00000000), ref: 00C8B3FF
SetFilePointerEx.KERNELBASE(000000FF,00000000,00000000,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B44C
GetLastError.KERNEL32(?,?,?,00000000,77E49EB0,00000000), ref: 00C8B452
ReadFile.KERNELBASE(00000000,00C8435C,00000040,?,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B49A
GetLastError.KERNEL32(?,?,?,00000000,77E49EB0,00000000), ref: 00C8B4A0
SetFilePointerEx.KERNELBASE(00000000,00000000,?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B4FD
GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B503
ReadFile.KERNELBASE(00000000,?,00000018,00000040,00000000,?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B54C
GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B552
SetFilePointerEx.KERNELBASE(00000000,-00000098,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B5C3
GetLastError.KERNEL32(?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B5C9

Strings

Failed to read complete section info., xrefs: 00C8B8C1
Failed to allocate buffer for section info., xrefs: 00C8B7E0
Failed to seek to section info., xrefs: 00C8B5F4, 00C8B830
Failed to read DOS header., xrefs: 00C8B4CB
Failed to find valid NT image header in buffer., xrefs: 00C8BACC
Failed to read NT header., xrefs: 00C8B57D
Failed to read signature size., xrefs: 00C8B692
Failed to find Burn section., xrefs: 00C8BA2E
Failed to open handle to engine process path., xrefs: 00C8B42A
(, xrefs: 00C8B719
Failed to read image section header, index: %u, xrefs: 00C8BAA8
Failed to allocate memory for container sizes., xrefs: 00C8B9CF
PE Header from file didn't match PE Header in memory., xrefs: 00C8BA0D
Failed to seek past optional headers., xrefs: 00C8B6E7
Failed to seek to start of file., xrefs: 00C8B47D
Failed to get total size of bundle., xrefs: 00C8B91F
.wix, xrefs: 00C8B72C
section.cpp, xrefs: 00C8B420, 00C8B473, 00C8B4C1, 00C8B524, 00C8B573, 00C8B5EA, 00C8B639, 00C8B688, 00C8B6DD, 00C8B794, 00C8B7D4, 00C8B826, 00C8B88B, 00C8B8B5, 00C8B8DC, 00C8B9C3, 00C8BA03, 00C8BA22, 00C8BA5F, 00C8BA9D, 00C8BAC0, 00C8BADB
Failed to read section info, data to short: %u, xrefs: 00C8B7A6
PE, xrefs: 00C8B594
Failed to find valid DOS image header in buffer., xrefs: 00C8BAE7
Failed to read signature offset., xrefs: 00C8B643
4, xrefs: 00C8B780
burn, xrefs: 00C8B734
Failed to read section info., xrefs: 00C8B895
Failed to read complete image section header, index: %u, xrefs: 00C8BA71
Failed to read section info, unsupported version: %08x, xrefs: 00C8B8F1
)L, xrefs: 00C8B392
Failed to seek to NT header., xrefs: 00C8B52E

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$File$Pointer$Read
String ID: ($.wix$4$Failed to allocate buffer for section info.$Failed to allocate memory for container sizes.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get total size of bundle.$Failed to open handle to engine process path.$Failed to read DOS header.$Failed to read NT header.$Failed to read complete image section header, index: %u$Failed to read complete section info.$Failed to read image section header, index: %u$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$Failed to read section info.$Failed to read signature offset.$Failed to read signature size.$Failed to seek past optional headers.$Failed to seek to NT header.$Failed to seek to section info.$Failed to seek to start of file.$PE$PE Header from file didn't match PE Header in memory.$burn$section.cpp$)L
API String ID: 2600052162-3019870261
Opcode ID: c64944a7c0640b8f7a944b2b1bd0f9996cbe43926d027fb0d7098fdf1895114a
Instruction ID: 77db2e9efd69ca959e834758a2abfe27bc75688c9ab17a84e49aa12744c255ec
Opcode Fuzzy Hash: c64944a7c0640b8f7a944b2b1bd0f9996cbe43926d027fb0d7098fdf1895114a
Instruction Fuzzy Hash: 1912F771A40365ABEB20AB65CC46FAB76E8EF45B05F004169FD09FB180D770CE41DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00CA0A77, Relevance: 54.5, APIs: 20, Strings: 11, Instructions: 288
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E00CA0A77(void* __ecx, union _LARGE_INTEGER* __edx, intOrPtr _a4, union _LARGE_INTEGER* _a8) {
				union _LARGE_INTEGER* _v8;
				union _LARGE_INTEGER _v12;
				int _t30;
				void* _t34;
				intOrPtr _t42;
				void* _t50;
				signed short _t52;
				signed short _t56;
				signed short _t59;
				signed short _t62;
				void* _t66;
				intOrPtr _t68;
				void* _t72;
				signed short _t76;
				void* _t77;
				signed short _t79;
				void* _t80;
				signed short _t82;
				void* _t83;
				signed short _t86;
				signed short _t87;
				signed short _t88;
				signed int _t89;
				long _t90;
				signed int _t93;
				void* _t95;
				union _LARGE_INTEGER* _t98;
				intOrPtr _t100;
				signed int _t103;

				_t98 = __edx;
				_push(_t89);
				_t100 = _a4;
				_t30 = SetEvent( *(_t100 + 0x28));
				_t90 = _t89 | 0xffffffff;
				if(_t30 != 0) {
					if(WaitForSingleObject( *(_t100 + 0x24), _t90) != _t90) {
						if(ResetEvent( *(_t100 + 0x24)) != 0) {
							_t34 =  *((intOrPtr*)(_t100 + 0x2c)) - 1;
							if(_t34 == 0) {
								_t103 = E00C821BC(_t98,  *((intOrPtr*)(_t100 + 0x34)), _a8->LowPart.HighPart, 0, 0xfde9);
								if(_t103 >= 0) {
									if(SetEvent( *(_t100 + 0x28)) != 0) {
										if(WaitForSingleObject( *(_t100 + 0x24), _t90) != _t90) {
											if(ResetEvent( *(_t100 + 0x24)) != 0) {
												_t42 =  *((intOrPtr*)(_t100 + 0x2c));
												if(_t42 == 0) {
													_t95 = CreateFileW( *(_t100 + 0x38), 0x40000000, 1, 0, 2, 0x80, 0);
													 *(_t100 + 0x3c) = _t95;
													if(_t95 != _t90) {
														_push(0);
														asm("cdq");
														if(SetFilePointerEx(_t95,  *_a8, _t98, 0) != 0) {
															if(SetEndOfFile( *(_t100 + 0x3c)) != 0) {
																_push(0);
																asm("xorps xmm0, xmm0");
																asm("movlpd [ebp-0x8], xmm0");
																if(SetFilePointerEx( *(_t100 + 0x3c), _v12, _v8, 0) == 0) {
																	_t52 = GetLastError();
																	_t107 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
																	_t103 =  >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
																	E00C837D3(0x80004005, "cabextract.cpp", 0x24f, _t103);
																	_push("Failed to set file pointer to beginning of file.");
																	goto L40;
																}
															} else {
																_t56 = GetLastError();
																_t110 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
																_t103 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
																E00C837D3(0x80004005, "cabextract.cpp", 0x249, _t103);
																_push("Failed to set end of file.");
																goto L40;
															}
														} else {
															_t59 = GetLastError();
															_t113 =  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
															_t103 =  >=  ? 0x80004005 :  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
															E00C837D3(0x80004005, "cabextract.cpp", 0x244, _t103);
															_push("Failed to set file pointer to end of file.");
															goto L40;
														}
													} else {
														_t62 = GetLastError();
														_t116 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
														_t103 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
														E00C837D3(0x80004005, "cabextract.cpp", 0x23d, _t103);
														_push( *(_t100 + 0x38));
														_push("Failed to create file: %ls");
														goto L16;
													}
													goto L42;
												} else {
													_t66 = _t42 - 1;
													if(_t66 == 0) {
														_t68 = E00C838D4( *_a8, 1); // executed
														 *((intOrPtr*)(_t100 + 0x40)) = _t68;
														if(_t68 != 0) {
															 *(_t100 + 0x48) =  *(_t100 + 0x48) & 0x00000000;
															 *(_t100 + 0x44) =  *_a8;
														} else {
															_t103 = 0x8007000e;
															E00C837D3(_t68, "cabextract.cpp", 0x257, 0x8007000e);
															_push("Failed to allocate buffer for stream.");
															goto L40;
														}
														goto L42;
													} else {
														_t72 = _t66 - 1;
														if(_t72 == 0) {
															_t50 = 0;
														} else {
															_t73 = _t72 == 1;
															if(_t72 == 1) {
																goto L13;
															} else {
																_t93 = 0x8007139f;
																_push(0x8007139f);
																_push(0x268);
																goto L12;
															}
															goto L42;
														}
													}
												}
											} else {
												_t76 = GetLastError();
												_t119 =  <=  ? _t76 : _t76 & 0x0000ffff | 0x80070000;
												_t77 = 0x80004005;
												_t103 =  >=  ? 0x80004005 :  <=  ? _t76 : _t76 & 0x0000ffff | 0x80070000;
												_push(_t103);
												_push(0x232);
												goto L8;
											}
										} else {
											_t79 = GetLastError();
											_t122 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
											_t80 = 0x80004005;
											_t103 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
											_push(_t103);
											_push(0x22d);
											goto L5;
										}
									} else {
										_t82 = GetLastError();
										_t125 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_t83 = 0x80004005;
										_t103 =  >=  ? 0x80004005 :  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
										_push(_t103);
										_push(0x227);
										goto L2;
									}
								} else {
									_push(_a8->LowPart.HighPart);
									_push("Failed to copy stream name: %ls");
									L16:
									_push(_t103);
									E00CC012F();
									goto L42;
								}
							} else {
								_t73 = _t34 == 4;
								if(_t34 == 4) {
									L13:
									_t103 = 0x80004004;
								} else {
									_t93 = 0x8007139f;
									_push(0x8007139f);
									_push(0x21d);
									L12:
									_t103 = _t93;
									E00C837D3(_t73);
									E00CC012F(_t93, "Invalid operation for this state.", "cabextract.cpp");
									_t90 = _t93 | 0xffffffff;
									goto L41;
								}
								goto L42;
							}
						} else {
							_t86 = GetLastError();
							_t128 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
							_t77 = 0x80004005;
							_t103 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
							_push(_t103);
							_push(0x20f);
							L8:
							_push("cabextract.cpp");
							E00C837D3(_t77);
							_push("Failed to reset begin operation event.");
							goto L40;
						}
					} else {
						_t87 = GetLastError();
						_t131 =  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
						_t80 = 0x80004005;
						_t103 =  >=  ? 0x80004005 :  <=  ? _t87 : _t87 & 0x0000ffff | 0x80070000;
						_push(_t103);
						_push(0x20a);
						L5:
						_push("cabextract.cpp");
						E00C837D3(_t80);
						_push("Failed to wait for begin operation event.");
						goto L40;
					}
				} else {
					_t88 = GetLastError();
					_t134 =  <=  ? _t88 : _t88 & 0x0000ffff | 0x80070000;
					_t83 = 0x80004005;
					_t103 =  >=  ? 0x80004005 :  <=  ? _t88 : _t88 & 0x0000ffff | 0x80070000;
					_push(_t103);
					_push(0x204);
					L2:
					_push("cabextract.cpp");
					E00C837D3(_t83);
					_push("Failed to set operation complete event.");
					L40:
					_push(_t103);
					E00CC012F();
					L41:
					L42:
					_t50 = 1;
				}
				 *(_t100 + 0x30) = _t103;
				_t91 =  >=  ? _t50 : _t90;
				return  >=  ? _t50 : _t90;
			}

0x00ca0a77
0x00ca0a7c
0x00ca0a7f
0x00ca0a85
0x00ca0a8b
0x00ca0a90
0x00ca0ad6
0x00ca0b1b
0x00ca0b58
0x00ca0b5b
0x00ca0bab
0x00ca0baf
0x00ca0bd5
0x00ca0c0c
0x00ca0c42
0x00ca0c71
0x00ca0c74
0x00ca0cfe
0x00ca0d00
0x00ca0d05
0x00ca0d45
0x00ca0d4b
0x00ca0d57
0x00ca0d9c
0x00ca0dd3
0x00ca0dd7
0x00ca0dda
0x00ca0df0
0x00ca0df2
0x00ca0e03
0x00ca0e0d
0x00ca0e1b
0x00ca0e20
0x00000000
0x00ca0e20
0x00ca0d9e
0x00ca0d9e
0x00ca0daf
0x00ca0db9
0x00ca0dc7
0x00ca0dcc
0x00000000
0x00ca0dcc
0x00ca0d59
0x00ca0d59
0x00ca0d6a
0x00ca0d74
0x00ca0d82
0x00ca0d87
0x00000000
0x00ca0d87
0x00ca0d07
0x00ca0d07
0x00ca0d18
0x00ca0d22
0x00ca0d30
0x00ca0d35
0x00ca0d38
0x00000000
0x00ca0d38
0x00000000
0x00ca0c76
0x00ca0c76
0x00ca0c79
0x00ca0ca7
0x00ca0cac
0x00ca0cb1
0x00ca0cd7
0x00ca0cdb
0x00ca0cb3
0x00ca0cb3
0x00ca0cc3
0x00ca0cc8
0x00000000
0x00ca0cc8
0x00000000
0x00ca0c7b
0x00ca0c7b
0x00ca0c7e
0x00ca0c99
0x00ca0c80
0x00ca0c80
0x00ca0c83
0x00000000
0x00ca0c89
0x00ca0c89
0x00ca0c8e
0x00ca0c8f
0x00000000
0x00ca0c8f
0x00000000
0x00ca0c83
0x00ca0c7e
0x00ca0c79
0x00ca0c44
0x00ca0c44
0x00ca0c55
0x00ca0c58
0x00ca0c5f
0x00ca0c62
0x00ca0c63
0x00000000
0x00ca0c63
0x00ca0c0e
0x00ca0c0e
0x00ca0c1f
0x00ca0c22
0x00ca0c29
0x00ca0c2c
0x00ca0c2d
0x00000000
0x00ca0c2d
0x00ca0bd7
0x00ca0bd7
0x00ca0be8
0x00ca0beb
0x00ca0bf2
0x00ca0bf5
0x00ca0bf6
0x00000000
0x00ca0bf6
0x00ca0bb1
0x00ca0bb4
0x00ca0bb7
0x00ca0bbc
0x00ca0bbc
0x00ca0bbd
0x00000000
0x00ca0bc2
0x00ca0b5d
0x00ca0b5d
0x00ca0b60
0x00ca0b8c
0x00ca0b8c
0x00ca0b62
0x00ca0b62
0x00ca0b67
0x00ca0b68
0x00ca0b6d
0x00ca0b72
0x00ca0b74
0x00ca0b7f
0x00ca0b84
0x00000000
0x00ca0b84
0x00000000
0x00ca0b60
0x00ca0b1d
0x00ca0b1d
0x00ca0b2e
0x00ca0b31
0x00ca0b38
0x00ca0b3b
0x00ca0b3c
0x00ca0b41
0x00ca0b41
0x00ca0b46
0x00ca0b4b
0x00000000
0x00ca0b4b
0x00ca0ad8
0x00ca0ad8
0x00ca0ae9
0x00ca0aec
0x00ca0af3
0x00ca0af6
0x00ca0af7
0x00ca0afc
0x00ca0afc
0x00ca0b01
0x00ca0b06
0x00000000
0x00ca0b06
0x00ca0a92
0x00ca0a92
0x00ca0aa3
0x00ca0aa6
0x00ca0aad
0x00ca0ab0
0x00ca0ab1
0x00ca0ab6
0x00ca0ab6
0x00ca0abb
0x00ca0ac0
0x00ca0e25
0x00ca0e25
0x00ca0e26
0x00ca0e2b
0x00ca0e2d
0x00ca0e2f
0x00ca0e2f
0x00ca0e32
0x00ca0e36
0x00ca0e40

APIs

SetEvent.KERNEL32(?,?,?,?,00000000,00000000,?,00CA0621,?,?), ref: 00CA0A85
GetLastError.KERNEL32(?,?,?,00000000,00000000,?,00CA0621,?,?), ref: 00CA0A92
WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000,00000000,?,00CA0621,?,?), ref: 00CA0ACE
GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,00CA0621,?,?), ref: 00CA0AD8

Strings

Failed to set end of file., xrefs: 00CA0DCC
Failed to create file: %ls, xrefs: 00CA0D38
Failed to set operation complete event., xrefs: 00CA0AC0
Failed to reset begin operation event., xrefs: 00CA0B4B
cabextract.cpp, xrefs: 00CA0AB6, 00CA0AFC, 00CA0B41, 00CA0B6D, 00CA0CBE, 00CA0D2B, 00CA0D7D, 00CA0DC2, 00CA0E16
Invalid operation for this state., xrefs: 00CA0B79
Failed to set file pointer to end of file., xrefs: 00CA0D87
Failed to copy stream name: %ls, xrefs: 00CA0BB7
Failed to wait for begin operation event., xrefs: 00CA0B06
Failed to allocate buffer for stream., xrefs: 00CA0CC8
Failed to set file pointer to beginning of file., xrefs: 00CA0E20

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$EventObjectSingleWait
String ID: Failed to allocate buffer for stream.$Failed to copy stream name: %ls$Failed to create file: %ls$Failed to reset begin operation event.$Failed to set end of file.$Failed to set file pointer to beginning of file.$Failed to set file pointer to end of file.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp
API String ID: 3600396749-2104912459
Opcode ID: 00aa066447c810d6b05017bb4f40066d1b213aa59bd18f33ad72afd4de89e933
Instruction ID: 7981e6f8d45276f50b33a8dfdde48221d470121a79af50a93e1c6ab735a7110a
Opcode Fuzzy Hash: 00aa066447c810d6b05017bb4f40066d1b213aa59bd18f33ad72afd4de89e933
Instruction Fuzzy Hash: 87912872B40722BBF7206AB98E4AF6B35D4FF05799F210225FE05EA6A0D761CC0096D5

Uniqueness

Uniqueness Score: -1.00%

Function 00C8508D, Relevance: 45.8, APIs: 5, Strings: 21, Instructions: 322
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 69%

			E00C8508D(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed short* _a20) {
				signed int _v8;
				signed short _v16;
				struct _OSVERSIONINFOW _v292;
				signed int _v296;
				intOrPtr _v304;
				signed short _v308;
				intOrPtr _v312;
				WCHAR* _v316;
				WCHAR* _v320;
				WCHAR* _v324;
				WCHAR* _v328;
				signed short* _v332;
				char _v340;
				char _v344;
				signed short _v420;
				intOrPtr _v576;
				intOrPtr _v1316;
				char _v1332;
				signed short _v1340;
				char _v1404;
				intOrPtr _v1532;
				intOrPtr _v1544;
				signed short _v1564;
				char _v1588;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t70;
				void* _t83;
				signed short _t85;
				signed short _t87;
				signed short _t88;
				signed short _t89;
				signed short _t90;
				signed short _t91;
				signed short _t93;
				signed short _t99;
				signed short _t101;
				signed short _t103;
				intOrPtr _t124;
				signed short _t131;
				signed short _t134;
				signed short _t137;
				signed short _t144;
				signed short _t148;
				void* _t149;
				void* _t156;
				signed short _t159;
				signed short _t162;
				signed short _t167;
				signed short _t170;
				signed int _t171;
				void* _t172;
				void* _t173;

				_t156 = __edx;
				_t149 = __ecx;
				_t70 =  *0xcea008; // 0x4c290ae8
				_v8 = _t70 ^ _t171;
				_t148 = 0;
				_t157 = _a8;
				_v304 = _a4;
				_v332 = _a20;
				_v312 = _a12;
				_v328 = 0;
				_v324 = 0;
				_v320 = 0;
				_v316 = 0;
				E00CAF670(_a8,  &_v292, 0, 0x11c);
				_v296 = 0;
				_v308 = 0;
				E00CAF670(_a8,  &_v1588, 0, 0x4e8);
				_t173 = _t172 + 0x18;
				E00CC03F0(GetModuleHandleW(0));
				E00CC05A2(3, 0);
				_t83 = E00C81209(_t149, _a12,  &_v344,  &_v340); // executed
				if(_t83 >= 0) {
					_t85 = E00C841D2(_t149, _t156, __eflags,  &_v1588, _t157); // executed
					_t162 = _t85;
					__eflags = _t162;
					if(_t162 >= 0) {
						_v1544 = _a16;
						_t87 = E00C85525();
						__imp__CoInitializeEx(0, 0); // executed
						_t162 = _t87;
						__eflags = _t162;
						if(_t162 >= 0) {
							_t159 = 1;
							_t88 = E00CBFBAD();
							__eflags = _t88;
							if(_t88 >= 0) {
								_v328 = 1;
								_t89 = E00CC0CD1();
								_t164 = _t89;
								__eflags = _t89;
								if(__eflags >= 0) {
									_v324 = 1;
									_t90 = E00CC29B3(_t149, _t156, _t164, __eflags); // executed
									__eflags = _t90;
									if(_t90 >= 0) {
										_v320 = 1;
										_t91 = E00CC343B(_t90);
										__eflags = _t91;
										if(_t91 >= 0) {
											_v316 = 1;
											_v292.dwOSVersionInfoSize = 0x11c;
											_t93 = GetVersionExW( &_v292);
											__eflags = _t93;
											if(_t93 != 0) {
												E00C833D7( &_v296, 0);
												_push(_v296);
												_push(_v16 & 0x0000ffff);
												_push(_v292.dwBuildNumber);
												_push(_v292.dwMinorVersion);
												_push(_v292.dwMajorVersion);
												E00C8550F(2, 0x20000001, "3.10.4.4718");
												_t173 = _t173 + 0x20;
												__eflags = _v296;
												if(__eflags != 0) {
													E00CC54EF(_v296);
													_t36 =  &_v296;
													 *_t36 = _v296 & 0;
													__eflags =  *_t36;
												}
												_t99 = E00C97337(_t156, __eflags,  &_v1588); // executed
												_t167 = _t99;
												__eflags = _t167;
												if(_t167 >= 0) {
													_t101 = _v420;
													__eflags = _t101;
													if(_t101 == 0) {
														_t103 = E00C84C33(_t156, _v312,  &_v1588); // executed
														_t167 = _t103;
														__eflags = _t167;
														if(_t167 >= 0) {
															L38:
															_t150 = _v332;
															_t148 = _v1564;
															 *_v332 = _v1340;
															goto L39;
														}
														_push("Failed to run untrusted mode.");
														goto L9;
													}
													_t131 = _t101 - 1;
													__eflags = _t131;
													if(_t131 == 0) {
														_v308 = _t159;
														_t167 = E00C849DF(_t149, _t156, _v304,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run per-user mode.");
														goto L9;
													}
													_t134 = _t131 - 1;
													__eflags = _t134;
													if(_t134 == 0) {
														_t167 = E00C847E9(_t149, _t156, _v304, _v312,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run per-machine mode.");
														goto L9;
													}
													_t137 = _t134 - 1;
													__eflags = _t137;
													if(_t137 == 0) {
														_v308 = _t159;
														_t167 = E00C84982(_t149, _t156, _v304,  &_v1588);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run embedded mode.");
														goto L9;
													}
													__eflags = _t137 == 1;
													if(_t137 == 1) {
														_t167 = E00C84B80(_t149,  &_v1332, _a16);
														__eflags = _t167;
														if(_t167 >= 0) {
															goto L38;
														}
														_push("Failed to run RunOnce mode.");
														goto L9;
													}
													_t167 = 0x8000ffff;
													_push("Invalid run mode.");
													goto L9;
												} else {
													_push("Failed to initialize core.");
													L9:
													E00CC012F();
													_t150 = _t167;
													goto L39;
												}
											}
											_t144 = GetLastError();
											__eflags = _t144;
											_t170 =  <=  ? _t144 : _t144 & 0x0000ffff | 0x80070000;
											__eflags = _t170;
											_t167 =  >=  ? 0x80004005 : _t170;
											E00C837D3(0x80004005, "engine.cpp", 0x95, _t167);
											_push("Failed to get OS info.");
											goto L9;
										}
										_push("Failed to initialize XML util.");
										goto L9;
									}
									_push("Failed to initialize Wiutil.");
									goto L9;
								}
								_push("Failed to initialize Regutil.");
								goto L9;
							}
							_push("Failed to initialize Cryputil.");
							goto L9;
						}
						_push("Failed to initialize COM.");
						goto L2;
					}
					_push("Failed to initialize engine state.");
					goto L2;
				} else {
					_push("Failed to parse command line.");
					L2:
					E00CC012F();
					_t150 = _t162;
					_t159 = _t148;
					L39:
					if(_v296 != 0) {
						E00CC54EF(_v296);
					}
					if(_t167 < 0 && _v576 == 0) {
						E00CC041B(_t150, _t156, _t159, 0, L"Setup", L"_Failed", L"txt", 0, 0, 0);
					}
					E00C8D723( &_v1404);
					E00C9A6D0(_t150, _t156, _v1316); // executed
					E00C9A91E();
					if(_t148 != 0) {
						_t124 = _v1532;
						if(_t124 != 0 && _t124 != 6) {
							E00C8550F(2, 0xa0000008, E00C9416A(_t124));
							_t173 = _t173 + 0xc;
							_t167 = 0x80070bc2;
							_t148 = 0;
						}
					}
					E00C84E9C(_t148, _t150, _t159,  &_v1588);
					if(_v316 != 0) {
						E00CC3911();
					}
					if(_v320 != 0) {
						E00CC2DD0();
					}
					if(_v324 != 0) {
						E00CC1317();
					}
					if(_v328 != 0) {
						E00CBFCBC();
					}
					if(_t159 != 0) {
						__imp__CoUninitialize(); // executed
					}
					if(_v308 != 0) {
						if(_t167 >= 0) {
							_t159 =  *_v332;
						} else {
							_t159 = _t167;
						}
						_push(E00C93C30(_t148));
						E00C8550F(2, 0x20000007, _t159);
						if(_t148 != 0) {
							_push(0xa0000005);
							E00C8550F();
							_t150 = 2;
						}
					}
					E00CC000B(_t150, _t159, 0);
					_t193 = _t148;
					if(_t148 != 0) {
						E00C844E9(_t156);
					}
					E00CC06F5(_t150, _t159, _t193, 0);
					return E00CADE36(_t148, _v8 ^ _t171, _t156, _t159, _t167);
				}
			}

0x00c8508d
0x00c8508d
0x00c85096
0x00c8509d
0x00c850a8
0x00c850ab
0x00c850ae
0x00c850bc
0x00c850ca
0x00c850d0
0x00c850d6
0x00c850dc
0x00c850e2
0x00c850e8
0x00c850f8
0x00c85100
0x00c85106
0x00c8510b
0x00c85116
0x00c8511e
0x00c85132
0x00c8513b
0x00c85159
0x00c8515e
0x00c85160
0x00c85162
0x00c8516e
0x00c85174
0x00c8517d
0x00c85183
0x00c85185
0x00c85187
0x00c85192
0x00c85193
0x00c8519a
0x00c8519c
0x00c851b0
0x00c851b6
0x00c851bb
0x00c851bd
0x00c851bf
0x00c851c8
0x00c851ce
0x00c851d5
0x00c851d7
0x00c851e0
0x00c851e6
0x00c851ed
0x00c851ef
0x00c851fe
0x00c85205
0x00c8520f
0x00c85215
0x00c85217
0x00c8525a
0x00c8525f
0x00c85269
0x00c8526a
0x00c85270
0x00c85276
0x00c85288
0x00c8528d
0x00c85290
0x00c85296
0x00c8529e
0x00c852a3
0x00c852a3
0x00c852a3
0x00c852a3
0x00c852b0
0x00c852b5
0x00c852b7
0x00c852b9
0x00c852cb
0x00c852cb
0x00c852ce
0x00c853a3
0x00c853a8
0x00c853aa
0x00c853ac
0x00c853b8
0x00c853b8
0x00c853c4
0x00c853ca
0x00000000
0x00c853ca
0x00c853ae
0x00000000
0x00c853ae
0x00c852d4
0x00c852d4
0x00c852d7
0x00c85374
0x00c85386
0x00c85388
0x00c8538a
0x00000000
0x00000000
0x00c8538c
0x00000000
0x00c8538c
0x00c852dd
0x00c852dd
0x00c852e0
0x00c8535e
0x00c85360
0x00c85362
0x00000000
0x00000000
0x00c85364
0x00000000
0x00c85364
0x00c852e2
0x00c852e2
0x00c852e5
0x00c85324
0x00c85336
0x00c85338
0x00c8533a
0x00000000
0x00000000
0x00c8533c
0x00000000
0x00c8533c
0x00c852e7
0x00c852ea
0x00c8530a
0x00c8530c
0x00c8530e
0x00000000
0x00000000
0x00c85314
0x00000000
0x00c85314
0x00c852ec
0x00c852f1
0x00000000
0x00c852bb
0x00c852bb
0x00c851a3
0x00c851a4
0x00c851aa
0x00000000
0x00c851aa
0x00c852b9
0x00c85219
0x00c85228
0x00c8522a
0x00c85232
0x00c85234
0x00c85242
0x00c85247
0x00000000
0x00c85247
0x00c851f1
0x00000000
0x00c851f1
0x00c851d9
0x00000000
0x00c851d9
0x00c851c1
0x00000000
0x00c851c1
0x00c8519e
0x00000000
0x00c8519e
0x00c85189
0x00000000
0x00c85189
0x00c85164
0x00000000
0x00c8513d
0x00c8513d
0x00c85142
0x00c85143
0x00c85149
0x00c8514a
0x00c853cc
0x00c853d3
0x00c853db
0x00c853db
0x00c853e2
0x00c85402
0x00c85402
0x00c8540e
0x00c85419
0x00c8541e
0x00c85425
0x00c85427
0x00c8542f
0x00c85444
0x00c85449
0x00c8544c
0x00c85451
0x00c85451
0x00c8542f
0x00c8545a
0x00c85466
0x00c85468
0x00c85468
0x00c85474
0x00c85476
0x00c85476
0x00c85482
0x00c85484
0x00c85484
0x00c85490
0x00c85492
0x00c85492
0x00c85499
0x00c8549b
0x00c8549b
0x00c854a8
0x00c854ac
0x00c854b8
0x00c854ae
0x00c854ae
0x00c854ae
0x00c854c0
0x00c854c9
0x00c854d3
0x00c854d5
0x00c854dc
0x00c854e2
0x00c854e2
0x00c854d3
0x00c854e5
0x00c854ea
0x00c854ec
0x00c854ee
0x00c854ee
0x00c854f5
0x00c8550c
0x00c8550c

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C8510F

Part of subcall function 00CC03F0: InitializeCriticalSection.KERNEL32(00CEB60C,?,00C8511B,00000000,?,?,?,?,?,?), ref: 00CC0407

Part of subcall function 00C81209: CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00C85137,00000000,?), ref: 00C81247
Part of subcall function 00C81209: GetLastError.KERNEL32(?,?,?,00C85137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00C81251

CoInitializeEx.OLE32(00000000,00000000,?,?,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00C8517D

Part of subcall function 00CC0CD1: GetProcAddress.KERNEL32(RegDeleteKeyExW,AdvApi32.dll), ref: 00CC0CF2

GetVersionExW.KERNEL32(?,?,?,?,?,?,?), ref: 00C8520F
GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00C85219
CoUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00C8549B

Strings

txt, xrefs: 00C853F2
Failed to initialize engine state., xrefs: 00C85164
_Failed, xrefs: 00C853F7
3.10.4.4718, xrefs: 00C8527C
Failed to run untrusted mode., xrefs: 00C853AE
Setup, xrefs: 00C853FC
Failed to parse command line., xrefs: 00C8513D
Failed to initialize Cryputil., xrefs: 00C8519E
Failed to initialize Regutil., xrefs: 00C851C1
Failed to initialize COM., xrefs: 00C85189
Invalid run mode., xrefs: 00C852F1
engine.cpp, xrefs: 00C8523D
Failed to initialize Wiutil., xrefs: 00C851D9
Failed to run RunOnce mode., xrefs: 00C85314
Failed to get OS info., xrefs: 00C85247
Failed to initialize core., xrefs: 00C852BB
Failed to initialize XML util., xrefs: 00C851F1
)L, xrefs: 00C85096
Failed to run per-user mode., xrefs: 00C8538C
Failed to run per-machine mode., xrefs: 00C85364
Failed to run embedded mode., xrefs: 00C8533C

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorInitializeLast$AddressArgvCommandCriticalHandleLineModuleProcSectionUninitializeVersion
String ID: 3.10.4.4718$Failed to get OS info.$Failed to initialize COM.$Failed to initialize Cryputil.$Failed to initialize Regutil.$Failed to initialize Wiutil.$Failed to initialize XML util.$Failed to initialize core.$Failed to initialize engine state.$Failed to parse command line.$Failed to run RunOnce mode.$Failed to run embedded mode.$Failed to run per-machine mode.$Failed to run per-user mode.$Failed to run untrusted mode.$Invalid run mode.$Setup$_Failed$engine.cpp$txt$)L
API String ID: 3262001429-548245563
Opcode ID: 33aad3edbb6ee1238d3e67d0a07ec489a3c385f2076ba27f6444f53f3071daba
Instruction ID: 0cc9b42fc9838917bedff09869a13c48749470c06818b4ea87979c1c93f00470
Opcode Fuzzy Hash: 33aad3edbb6ee1238d3e67d0a07ec489a3c385f2076ba27f6444f53f3071daba
Instruction Fuzzy Hash: 69B1C972D406299BDB32BBA4CC46FED76B8AF44705F0400A9F905B6251D7B09F809F95

Uniqueness

Uniqueness Score: -1.00%

Function 00C84C33, Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E00C84C33(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				struct _SECURITY_ATTRIBUTES* _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				struct _SECURITY_ATTRIBUTES* _v28;
				struct _SECURITY_ATTRIBUTES* _v32;
				struct _PROCESS_INFORMATION _v48;
				struct _STARTUPINFOW _v116;
				void* __edi;
				void* _t66;
				void* _t70;
				WCHAR* _t71;
				void* _t73;
				void* _t76;
				void* _t79;
				int _t87;
				void* _t90;
				signed short _t101;
				void* _t107;
				intOrPtr _t108;
				void* _t109;
				void* _t114;
				void* _t115;
				WCHAR* _t117;
				void* _t120;
				void* _t125;
				void* _t130;
				void* _t131;
				void* _t132;
				void* _t133;

				_t114 = __edx;
				_v16 = 0;
				_v32 = 0;
				_v12 = 0;
				_v28 = 0;
				E00CAF670(_t115,  &_v116, 0, 0x44);
				_v24 = 0;
				_v20 = 0;
				asm("stosd");
				_t131 = _t130 + 0xc;
				_t107 = 0;
				_v8 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t120 = E00C833D7( &_v16, 0);
				if(_t120 >= 0) {
					_t66 = E00C996F2();
					_t108 = _a8;
					if(_t66 == 0) {
						_t70 = E00C996F8(_t109, _t114, _t108 + 0xbc, _t108 + 0x48,  &_v32); // executed
						if(_t70 >= 0) {
							_t117 = _v32;
							_t71 = _v16;
							goto L8;
						} else {
							_push("Failed to cache to clean room.");
							goto L6;
						}
					} else {
						_t71 = _v16;
						_t117 = _t71;
						L8:
						_push(_t71);
						_t73 = E00C81F20( &_v12, L"-%ls=\"%ls\"", L"burn.clean.room");
						_t132 = _t131 + 0x10;
						if(_t73 >= 0) {
							_t76 = E00C96859(_t109,  *((intOrPtr*)(_t108 + 0x48)),  &_v24,  &_v12); // executed
							if(_t76 >= 0) {
								_t79 = E00C96915(_t117,  &_v20,  &_v12, 0); // executed
								if(_t79 >= 0) {
									_push(_a4);
									_t125 = E00C81F62( &_v12, L"%ls %ls", _v12);
									_t133 = _t132 + 0x10;
									if(_t125 >= 0) {
										_push(_v12);
										_t125 = E00C81F62( &_v28, L"\"%ls\" %ls", _t117);
										_t132 = _t133 + 0x10;
										if(_t125 >= 0) {
											_v116.wShowWindow =  *((intOrPtr*)(_t108 + 0x2c));
											_v116.cb = 0x44;
											_t87 = CreateProcessW(_t117, _v28, 0, 0, 1, 0, 0, 0,  &_v116,  &_v48); // executed
											if(_t87 != 0) {
												_v8 = _v48.hProcess;
												_t107 = _v8;
												_v48.hProcess = 0;
												_t90 = E00CC0917(_t109, _t107, 0xffffffff, _t108 + 0xf8); // executed
												_t125 = _t90;
												if(_t125 < 0) {
													E00CC012F(_t125, "Failed to wait for clean room process: %ls", _t117);
													goto L24;
												}
											} else {
												_t101 = GetLastError();
												_t129 =  <=  ? _t101 : _t101 & 0x0000ffff | 0x80070000;
												_t125 =  >=  ? 0x80004005 :  <=  ? _t101 : _t101 & 0x0000ffff | 0x80070000;
												E00C837D3(0x80004005, "engine.cpp", 0x1ce, _t125);
												_push(_v28);
												_push("Failed to launch clean room process: %ls");
												goto L13;
											}
										} else {
											_push("Failed to allocate full command-line.");
											goto L6;
										}
									} else {
										_push("Failed to append original command line.");
										goto L6;
									}
								} else {
									_push(L"burn.filehandle.self");
									goto L12;
								}
							} else {
								_push(L"burn.filehandle.attached");
								L12:
								_push("Failed to append %ls");
								L13:
								_push(_t125);
								E00CC012F();
								_t107 = _v8;
								L24:
							}
						} else {
							_push("Failed to allocate parameters for unelevated process.");
							L6:
							_push(_t125);
							E00CC012F();
							_t107 = _v8;
						}
					}
				} else {
					_push("Failed to get path for current process.");
					_push(_t120);
					E00CC012F();
				}
				if(_v48.hThread != 0) {
					CloseHandle(_v48.hThread);
					_v48.hThread = _v48.hThread & 0x00000000;
				}
				if(_v20 != 0xffffffff) {
					CloseHandle(_v20);
					_v20 = _v20 | 0xffffffff;
				}
				if(_v24 != 0xffffffff) {
					CloseHandle(_v24);
					_v24 = _v24 | 0xffffffff;
				}
				if(_t107 != 0) {
					CloseHandle(_t107);
				}
				E00C82793(_v28);
				E00C82793(_v12);
				if(_v32 != 0) {
					E00CC54EF(_v32);
				}
				if(_v16 != 0) {
					E00CC54EF(_v16);
				}
				return _t125;
			}

0x00c84c33
0x00c84c45
0x00c84c48
0x00c84c4b
0x00c84c4e
0x00c84c51
0x00c84c58
0x00c84c5e
0x00c84c61
0x00c84c62
0x00c84c65
0x00c84c67
0x00c84c6a
0x00c84c6c
0x00c84c6d
0x00c84c77
0x00c84c7b
0x00c84c8f
0x00c84c94
0x00c84c99
0x00c84cb1
0x00c84cba
0x00c84cd1
0x00c84cd4
0x00000000
0x00c84cbc
0x00c84cbc
0x00000000
0x00c84cbc
0x00c84c9b
0x00c84c9b
0x00c84c9e
0x00c84cd7
0x00c84cd7
0x00c84ce6
0x00c84ced
0x00c84cf2
0x00c84d06
0x00c84d0f
0x00c84d34
0x00c84d3d
0x00c84d46
0x00c84d5a
0x00c84d5c
0x00c84d61
0x00c84d6d
0x00c84d7f
0x00c84d81
0x00c84d86
0x00c84d98
0x00c84da3
0x00c84db6
0x00c84dbe
0x00c84dfe
0x00c84e07
0x00c84e0e
0x00c84e11
0x00c84e16
0x00c84e1a
0x00c84e23
0x00000000
0x00c84e23
0x00c84dc0
0x00c84dc0
0x00c84dd1
0x00c84ddb
0x00c84de9
0x00c84dee
0x00c84df1
0x00000000
0x00c84df1
0x00c84d88
0x00c84d88
0x00000000
0x00c84d88
0x00c84d63
0x00c84d63
0x00000000
0x00c84d63
0x00c84d3f
0x00c84d3f
0x00000000
0x00c84d3f
0x00c84d11
0x00c84d11
0x00c84d16
0x00c84d16
0x00c84d1b
0x00c84d1b
0x00c84d1c
0x00c84d21
0x00c84e28
0x00c84e28
0x00c84cf4
0x00c84cf4
0x00c84cc1
0x00c84cc1
0x00c84cc2
0x00c84cc7
0x00c84ccb
0x00c84cf2
0x00c84c7d
0x00c84c7d
0x00c84c82
0x00c84c83
0x00c84c89
0x00c84e35
0x00c84e3a
0x00c84e3c
0x00c84e3c
0x00c84e44
0x00c84e49
0x00c84e4b
0x00c84e4b
0x00c84e53
0x00c84e58
0x00c84e5a
0x00c84e5a
0x00c84e60
0x00c84e63
0x00c84e63
0x00c84e68
0x00c84e70
0x00c84e79
0x00c84e7e
0x00c84e7e
0x00c84e87
0x00c84e8c
0x00c84e8c
0x00c84e99

APIs

Part of subcall function 00C833D7: GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00C810DD,?,00000000), ref: 00C833F8

CloseHandle.KERNEL32(00000000,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00C84E3A
CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00C84E49
CloseHandle.KERNEL32(000000FF,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00C84E58
CloseHandle.KERNEL32(?,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?,?,00000000), ref: 00C84E63

Strings

Failed to allocate full command-line., xrefs: 00C84D88
Failed to allocate parameters for unelevated process., xrefs: 00C84CF4
burn.filehandle.attached, xrefs: 00C84D11
Failed to launch clean room process: %ls, xrefs: 00C84DF1
Failed to get path for current process., xrefs: 00C84C7D
burn.clean.room, xrefs: 00C84CD8
engine.cpp, xrefs: 00C84DE4
Failed to wait for clean room process: %ls, xrefs: 00C84E1D
"%ls" %ls, xrefs: 00C84D74
burn.filehandle.self, xrefs: 00C84D3F
%ls %ls, xrefs: 00C84D4F
-%ls="%ls", xrefs: 00C84CE0
Failed to append original command line., xrefs: 00C84D63
D, xrefs: 00C84DA3
Failed to append %ls, xrefs: 00C84D16
Failed to cache to clean room., xrefs: 00C84CBC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseHandle$FileModuleName
String ID: "%ls" %ls$%ls %ls$-%ls="%ls"$D$Failed to allocate full command-line.$Failed to allocate parameters for unelevated process.$Failed to append %ls$Failed to append original command line.$Failed to cache to clean room.$Failed to get path for current process.$Failed to launch clean room process: %ls$Failed to wait for clean room process: %ls$burn.clean.room$burn.filehandle.attached$burn.filehandle.self$engine.cpp
API String ID: 3884789274-2391192076
Opcode ID: adbdba85413d628c9b644ac00a5510e87ce8cfea8cf17b7a6a80011d110d8d9a
Instruction ID: f88d5b5d6eef8984e365988dcfda3c44025a4be70079c262483be3f28402b599
Opcode Fuzzy Hash: adbdba85413d628c9b644ac00a5510e87ce8cfea8cf17b7a6a80011d110d8d9a
Instruction Fuzzy Hash: F871A431D0022AABDF15ABE5CC46EEFBBBCAF04714F11012AF914B7291D7749E419BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C984C4, Relevance: 37.0, APIs: 9, Strings: 12, Instructions: 205
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 73%

			E00C984C4(void* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12, intOrPtr _a16) {
				signed int _v8;
				char _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t25;
				void* _t29;
				void* _t31;
				void* _t33;
				int _t37;
				void* _t39;
				int _t41;
				void* _t43;
				void* _t46;
				int _t48;
				void* _t50;
				signed short _t51;
				signed short _t54;
				signed short _t57;
				signed short _t62;
				intOrPtr _t66;
				WCHAR* _t67;
				void* _t73;
				void* _t75;
				signed int _t91;

				_t73 = __edx;
				_t25 =  *0xcea008; // 0x4c290ae8
				_v8 = _t25 ^ _t91;
				_t67 = _a12;
				_t66 = _a16;
				_t76 = _a4;
				_v28 = _a8;
				_v32 = _a4;
				asm("stosd");
				asm("stosd");
				_v24 = _t67;
				asm("stosd"); // executed
				_t29 = CreateFileW(_t67, 0x40000000, 5, 0, 2, 0x8000080, 0); // executed
				_t75 = _t29;
				if(_t75 != 0xffffffff) {
					_t31 = E00CC47D3(_t67, _t76, 0, 0, 0, 0); // executed
					_t77 = _t31;
					if(_t31 >= 0) {
						_t33 = E00CC3DB5(_t73, _v32, _t75,  *((intOrPtr*)(_t66 + 0xc)), 0, 0); // executed
						_t77 = _t33;
						if(_t77 >= 0) {
							if( *((intOrPtr*)(_t66 + 0x28)) != 0) {
								_push(0);
								_t37 = SetFilePointerEx(_t75,  *(_t66 + 0x18), 0, 0); // executed
								if(_t37 != 0) {
									_t39 = E00CC4CEE(0, _t75, _t66 + 0x24, 4); // executed
									if(_t39 >= 0) {
										_push(0);
										_t41 = SetFilePointerEx(_t75,  *(_t66 + 0x1c), 0, 0); // executed
										if(_t41 != 0) {
											_t43 = E00CC4CEE(0, _t75, _t66 + 0x28, 4); // executed
											_t77 = _t43;
											if(_t77 < 0) {
												goto L10;
											} else {
												_t46 = E00CC4CEE(0, _t75, _t66 + 0x2c, 4); // executed
												_t77 = _t46;
												if(_t77 < 0) {
													goto L10;
												} else {
													_push(0);
													_t48 = SetFilePointerEx(_t75,  *(_t66 + 0x20), 0, 0); // executed
													if(_t48 != 0) {
														_t50 = E00CC4CEE(0, _t75,  &_v20, 0xc); // executed
														_t77 = _t50;
														if(_t77 < 0) {
															_push("Failed to zero out original data offset.");
															goto L19;
														}
													} else {
														_t51 = GetLastError();
														_t81 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														_t77 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
														E00C837D3(0x80004005, "cache.cpp", 0x6d6, _t77);
														_push("Failed to seek to original data in exe burn section header.");
														goto L19;
													}
												}
											}
										} else {
											_t54 = GetLastError();
											_t84 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											_t77 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
											E00C837D3(0x80004005, "cache.cpp", 0x6c9, _t77);
											_push("Failed to seek to signature table in exe header.");
											goto L19;
										}
									} else {
										L10:
										_push("Failed to update signature offset.");
										goto L19;
									}
								} else {
									_t57 = GetLastError();
									_t87 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									_t77 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
									E00C837D3(0x80004005, "cache.cpp", 0x6bf, _t77);
									_push("Failed to seek to checksum in exe header.");
									L19:
									_push(_t77);
									E00CC012F();
								}
							}
						} else {
							_push(_v24);
							E00CC012F(_t77, "Failed to copy engine from: %ls to: %ls", _v28);
						}
					} else {
						E00CC012F(_t77, "Failed to seek to beginning of engine file: %ls", _v28);
					}
					FindCloseChangeNotification(_t75); // executed
				} else {
					_t62 = GetLastError();
					_t90 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					_t77 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "cache.cpp", 0x6af,  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000);
					E00CC012F( >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000, "Failed to create engine file at path: %ls", _v24);
				}
				return E00CADE36(_t66, _v8 ^ _t91, _t73, _t75, _t77);
			}

0x00c984c4
0x00c984ca
0x00c984d1
0x00c984d7
0x00c984db
0x00c984df
0x00c984e5
0x00c984f2
0x00c984f7
0x00c98501
0x00c98503
0x00c98506
0x00c98507
0x00c9850d
0x00c98512
0x00c9855f
0x00c98564
0x00c98568
0x00c9858b
0x00c98590
0x00c98594
0x00c985b4
0x00c985ba
0x00c985c1
0x00c985c9
0x00c9860a
0x00c98613
0x00c98621
0x00c98628
0x00c98630
0x00c98671
0x00c98676
0x00c9867a
0x00000000
0x00c9867c
0x00c98683
0x00c98688
0x00c9868c
0x00000000
0x00c9868e
0x00c98690
0x00c98697
0x00c9869f
0x00c986dd
0x00c986e2
0x00c986e6
0x00c986e8
0x00000000
0x00c986e8
0x00c986a1
0x00c986a1
0x00c986b2
0x00c986bc
0x00c986ca
0x00c986cf
0x00000000
0x00c986cf
0x00c9869f
0x00c9868c
0x00c98632
0x00c98632
0x00c98643
0x00c9864d
0x00c9865b
0x00c98660
0x00000000
0x00c98660
0x00c98615
0x00c98615
0x00c98615
0x00000000
0x00c98615
0x00c985cb
0x00c985cb
0x00c985dc
0x00c985e6
0x00c985f4
0x00c985f9
0x00c986ed
0x00c986ed
0x00c986ee
0x00c986f4
0x00c985c9
0x00c98596
0x00c98596
0x00c985a2
0x00c985a7
0x00c9856a
0x00c98573
0x00c98578
0x00c986f6
0x00c98514
0x00c98514
0x00c98525
0x00c9852f
0x00c9853d
0x00c9854b
0x00c98550
0x00c9870e

APIs

CreateFileW.KERNELBASE(00000000,40000000,00000005,00000000,00000002,08000080,00000000,?,00000000,00000000,00C84CB6,?,?,00000000,00C84CB6,00000000), ref: 00C98507
GetLastError.KERNEL32 ref: 00C98514
FindCloseChangeNotification.KERNELBASE(00000000,?,00000000,00CCB4F0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C986F6

Strings

Failed to seek to checksum in exe header., xrefs: 00C985F9
cabinet.dll, xrefs: 00C9866F
Failed to create engine file at path: %ls, xrefs: 00C98545
Failed to zero out original data offset., xrefs: 00C986E8
cache.cpp, xrefs: 00C98538, 00C985EF, 00C98656, 00C986C5
msi.dll, xrefs: 00C98608
Failed to copy engine from: %ls to: %ls, xrefs: 00C9859C
Failed to seek to original data in exe burn section header., xrefs: 00C986CF
)L, xrefs: 00C984CA
Failed to update signature offset., xrefs: 00C98615
Failed to seek to signature table in exe header., xrefs: 00C98660
Failed to seek to beginning of engine file: %ls, xrefs: 00C9856D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ChangeCloseCreateErrorFileFindLastNotification
String ID: Failed to copy engine from: %ls to: %ls$Failed to create engine file at path: %ls$Failed to seek to beginning of engine file: %ls$Failed to seek to checksum in exe header.$Failed to seek to original data in exe burn section header.$Failed to seek to signature table in exe header.$Failed to update signature offset.$Failed to zero out original data offset.$cabinet.dll$cache.cpp$msi.dll$)L
API String ID: 4091947256-1839497031
Opcode ID: 5d86f9a1844d1ecaeb9cd3cd64ba21f95a1d50dbde00ee85716820b53316da4b
Instruction ID: b8203595ea8c7821b19a752f519a3f54edd694c072fd8bdcceffc0a5b6e3cde2
Opcode Fuzzy Hash: 5d86f9a1844d1ecaeb9cd3cd64ba21f95a1d50dbde00ee85716820b53316da4b
Instruction Fuzzy Hash: 1251DC72A406217FFB116B69CC4AF7F7698EB05710F110129FE01FB291EB60CD1496E5

Uniqueness

Uniqueness Score: -1.00%

Function 00C97337, Relevance: 35.3, APIs: 1, Strings: 19, Instructions: 277
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00C97337(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v124;
				void* __ebx;
				void* __edi;
				void* _t70;
				intOrPtr _t73;
				intOrPtr _t76;
				intOrPtr _t81;
				intOrPtr _t96;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr* _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				void* _t140;
				void* _t141;
				intOrPtr _t142;
				intOrPtr _t149;
				intOrPtr _t152;

				_t140 = __edx;
				_v12 = 0;
				_v28 = 0;
				_v20 = 0;
				_v32 = 0;
				E00CAF670(_t141,  &_v124, 0, 0x58);
				_t142 = _a4;
				_v36 = 0;
				_v8 = 0;
				_v16 = 0;
				_v24 = 0;
				_t11 = _t142 + 0x88; // 0xc8533d
				_t135 = _t11;
				_t70 = E00C87503(_t11); // executed
				if(_t70 >= 0) {
					_t13 = _t142 + 0x48; // 0xc852fd
					_t73 = E00C8C2A1(_t13,  &_v124); // executed
					__eflags = _t73;
					if(_t73 >= 0) {
						_t76 = E00C8C108( &_v124,  &_v28);
						__eflags = _t76;
						if(_t76 >= 0) {
							__eflags = E00C8C362( &_v124,  &_v20,  &_v32);
							if(__eflags >= 0) {
								_t81 = E00CABDC9(__eflags, _v20, _v32, _t142); // executed
								__eflags = _t81;
								if(_t81 >= 0) {
									_t22 = _t142 + 0x1c0; // 0xc85475
									_t23 = _t142 + 0x4d8; // 0xc8578d
									_t24 = _t142 + 0x140; // 0xc853f5
									_t25 = _t142 + 0x400; // 0xc856b5
									_t26 = _t142 + 0x3fc; // 0xc856b1
									_t27 = _t142 + 0x4d4; // 0xc85789
									_t30 = _t142 + 0x3ec; // 0xc856a1
									_t31 = _t142 + 0x494; // 0xc85749
									_t32 = _t142 + 0x490; // 0xc85745
									_t136 = _t32;
									_t33 = _t142 + 0x4b8; // 0xc8576d
									_t34 = _t142 + 0x4a0; // 0xc85755
									_t35 = _t142 + 0x1c; // 0xc852d1
									_t36 = _t142 + 0x4e0; // 0x485
									_t37 = _t142 + 0x4dc; // 0x48d016a
									_t96 = E00C95A35( *_t37,  *_t36, _t35, _t34, _t33, _t135, _t32, _t31, _t30,  &_v8,  &_v24, _t27, _t26, _t25, _t24, _t23, _t22,  &_v12);
									__eflags = _t96;
									if(_t96 >= 0) {
										__eflags = _v12;
										_t98 =  !=  ? _v12 : 0xccb524;
										E00C8550F(2, 0x20000009,  !=  ? _v12 : 0xccb524);
										E00CC076C(GetCurrentProcess(),  &_v36); // executed
										asm("cdq");
										_t149 = E00C88152(_t135, L"WixBundleElevated", _v36, _t140, 1);
										__eflags = _t149;
										if(_t149 >= 0) {
											_t105 = _v8;
											__eflags = _t105;
											if(_t105 == 0) {
												L21:
												_t106 = _v24;
												__eflags = _t106;
												if(_t106 == 0) {
													L24:
													_t47 = _t142 + 0x490; // 0xc85745
													_t107 = _t47;
													__eflags =  *_t107;
													if( *_t107 == 0) {
														L27:
														_t49 = _t142 + 0x100; // 0xc853b5
														_t109 = E00C9A307(_t135, _t49, _t135, _v8); // executed
														__eflags = _t109;
														if(_t109 >= 0) {
															_t50 = _t142 + 0x490; // 0xc85745
															_t107 = _t50;
															goto L30;
														} else {
															_push("Failed to initialize internal cache functionality.");
															goto L38;
														}
													} else {
														__eflags =  *_t107 - 1;
														if( *_t107 == 1) {
															goto L27;
														} else {
															__eflags =  *_t107 - 3;
															if( *_t107 != 3) {
																L30:
																__eflags =  *_t107 - 1;
																if(__eflags == 0) {
																	L32:
																	_t51 = _t142 + 0xcc; // 0xc85381
																	_t135 = _t51;
																	_t52 = _t142 + 0x110; // 0xfff9e89d
																	_t110 = E00C8D497(_t136, _t140, _t142, __eflags,  *_t52, _t51);
																	__eflags = _t110;
																	if(_t110 >= 0) {
																		_t54 = _t142 + 0xbc; // 0xc85371
																		_t152 = E00C8CABE(_t54, 0,  &_v124,  *_t135);
																		__eflags = _t152;
																		if(_t152 >= 0) {
																			_t55 = _t142 + 0xbc; // 0xc85371
																			_t56 = _t142 + 0x2b0; // 0xc85565
																			_t152 = E00C8C7DF(_t140, _t56, _t55);
																			__eflags = _t152;
																			if(_t152 < 0) {
																				_push("Failed to load catalog files.");
																				goto L38;
																			}
																		} else {
																			_push("Failed to extract bootstrapper application payloads.");
																			goto L38;
																		}
																	} else {
																		_push("Failed to get unique temporary folder for bootstrapper application.");
																		goto L38;
																	}
																} else {
																	__eflags =  *_t107 - 3;
																	if(__eflags == 0) {
																		goto L32;
																	}
																}
															} else {
																goto L27;
															}
														}
													}
												} else {
													_t152 = E00C880F6(_t135, L"WixBundleOriginalSource", _t106, 0);
													__eflags = _t152;
													if(_t152 >= 0) {
														goto L24;
													} else {
														_push("Failed to set original source variable.");
														goto L38;
													}
												}
											} else {
												_t152 = E00C880F6(_t135, L"WixBundleSourceProcessPath", _t105, 1);
												__eflags = _t152;
												if(_t152 >= 0) {
													_t152 = E00C83446(_t136, _v8,  &_v16);
													__eflags = _t152;
													if(_t152 >= 0) {
														_t152 = E00C880F6(_t135, L"WixBundleSourceProcessFolder", _v16, 1);
														__eflags = _t152;
														if(_t152 >= 0) {
															goto L21;
														} else {
															_push("Failed to set source process folder variable.");
															goto L38;
														}
													} else {
														_push("Failed to get source process folder from path.");
														goto L38;
													}
												} else {
													_push("Failed to set source process path variable.");
													goto L38;
												}
											}
										} else {
											E00CC012F(_t149, "Failed to overwrite the %ls built-in variable.", L"WixBundleElevated");
										}
									} else {
										_push("Failed to parse command line.");
										goto L38;
									}
								} else {
									_push("Failed to load manifest.");
									goto L38;
								}
							} else {
								_push("Failed to get manifest stream from container.");
								goto L38;
							}
						} else {
							_push("Failed to open manifest stream.");
							goto L38;
						}
					} else {
						_push("Failed to open attached UX container.");
						goto L38;
					}
				} else {
					_push("Failed to initialize variables.");
					L38:
					_push(_t152);
					E00CC012F();
				}
				_t116 = _v24;
				if(_v24 != 0) {
					E00CC54EF(_t116);
				}
				if(_v16 != 0) {
					E00CC54EF(_v16);
				}
				_t117 = _v8;
				if(_v8 != 0) {
					E00CC54EF(_t117);
				}
				E00C8C055(_t135,  &_v124);
				if(_v28 != 0) {
					E00CC54EF(_v28);
				}
				if(_v12 != 0) {
					E00CC54EF(_v12);
				}
				if(_v20 != 0) {
					E00C83999(_v20); // executed
				}
				return _t152;
			}

0x00c97337
0x00c97349
0x00c9734c
0x00c9734f
0x00c97352
0x00c97355
0x00c9735a
0x00c97360
0x00c97363
0x00c97366
0x00c97369
0x00c9736c
0x00c9736c
0x00c97373
0x00c9737c
0x00c9738c
0x00c97390
0x00c97397
0x00c97399
0x00c973ad
0x00c973b4
0x00c973b6
0x00c973d5
0x00c973d7
0x00c973ea
0x00c973f1
0x00c973f3
0x00c97403
0x00c9740a
0x00c97411
0x00c97418
0x00c9741f
0x00c97426
0x00c97435
0x00c9743c
0x00c97443
0x00c97443
0x00c9744b
0x00c97452
0x00c97459
0x00c9745d
0x00c97463
0x00c97469
0x00c97470
0x00c97472
0x00c9747e
0x00c97487
0x00c97493
0x00c974a6
0x00c974b0
0x00c974be
0x00c974c0
0x00c974c2
0x00c974dc
0x00c974df
0x00c974e1
0x00c9753d
0x00c9753d
0x00c97540
0x00c97542
0x00c97562
0x00c97562
0x00c97562
0x00c97568
0x00c9756b
0x00c97577
0x00c9757a
0x00c97582
0x00c97589
0x00c9758b
0x00c97594
0x00c97594
0x00000000
0x00c9758d
0x00c9758d
0x00000000
0x00c9758d
0x00c9756d
0x00c9756d
0x00c97570
0x00000000
0x00c97572
0x00c97572
0x00c97575
0x00c9759a
0x00c9759a
0x00c9759d
0x00c975a4
0x00c975a4
0x00c975a4
0x00c975ab
0x00c975b1
0x00c975b8
0x00c975ba
0x00c975c9
0x00c975d7
0x00c975d9
0x00c975db
0x00c975e4
0x00c975eb
0x00c975f7
0x00c975f9
0x00c975fb
0x00c975fd
0x00000000
0x00c975fd
0x00c975dd
0x00c975dd
0x00000000
0x00c975dd
0x00c975bc
0x00c975bc
0x00000000
0x00c975bc
0x00c9759f
0x00c9759f
0x00c975a2
0x00000000
0x00000000
0x00c975a2
0x00000000
0x00000000
0x00000000
0x00c97575
0x00c97570
0x00c97544
0x00c97552
0x00c97554
0x00c97556
0x00000000
0x00c97558
0x00c97558
0x00000000
0x00c97558
0x00c97556
0x00c974e3
0x00c974f1
0x00c974f3
0x00c974f5
0x00c9750d
0x00c9750f
0x00c97511
0x00c9752d
0x00c9752f
0x00c97531
0x00000000
0x00c97533
0x00c97533
0x00000000
0x00c97533
0x00c97513
0x00c97513
0x00000000
0x00c97513
0x00c974f7
0x00c974f7
0x00000000
0x00c974f7
0x00c974f5
0x00c974c4
0x00c974cf
0x00c974d4
0x00c97474
0x00c97474
0x00000000
0x00c97474
0x00c973f5
0x00c973f5
0x00000000
0x00c973f5
0x00c973d9
0x00c973d9
0x00000000
0x00c973d9
0x00c973b8
0x00c973b8
0x00000000
0x00c973b8
0x00c9739b
0x00c9739b
0x00000000
0x00c9739b
0x00c9737e
0x00c9737e
0x00c97602
0x00c97602
0x00c97603
0x00c97609
0x00c9760a
0x00c9760f
0x00c97612
0x00c97612
0x00c9761b
0x00c97620
0x00c97620
0x00c97625
0x00c9762a
0x00c9762d
0x00c9762d
0x00c97636
0x00c9763f
0x00c97644
0x00c97644
0x00c9764d
0x00c97652
0x00c97652
0x00c9765b
0x00c97660
0x00c97660
0x00c9766d

Strings

Failed to open attached UX container., xrefs: 00C9739B
Failed to set source process path variable., xrefs: 00C974F7
Failed to get source process folder from path., xrefs: 00C97513
Failed to get unique temporary folder for bootstrapper application., xrefs: 00C975BC
Failed to extract bootstrapper application payloads., xrefs: 00C975DD
Failed to initialize internal cache functionality., xrefs: 00C9758D
WixBundleSourceProcessPath, xrefs: 00C974E6
Failed to parse command line., xrefs: 00C97474
WixBundleSourceProcessFolder, xrefs: 00C97522
Failed to initialize variables., xrefs: 00C9737E
Failed to overwrite the %ls built-in variable., xrefs: 00C974C9
WixBundleOriginalSource, xrefs: 00C97547
Failed to set original source variable., xrefs: 00C97558
Failed to open manifest stream., xrefs: 00C973B8
WixBundleElevated, xrefs: 00C974B3, 00C974C4
Failed to get manifest stream from container., xrefs: 00C973D9
Failed to load manifest., xrefs: 00C973F5
Failed to load catalog files., xrefs: 00C975FD
Failed to set source process folder variable., xrefs: 00C97533

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalInitializeSection
String ID: Failed to extract bootstrapper application payloads.$Failed to get manifest stream from container.$Failed to get source process folder from path.$Failed to get unique temporary folder for bootstrapper application.$Failed to initialize internal cache functionality.$Failed to initialize variables.$Failed to load catalog files.$Failed to load manifest.$Failed to open attached UX container.$Failed to open manifest stream.$Failed to overwrite the %ls built-in variable.$Failed to parse command line.$Failed to set original source variable.$Failed to set source process folder variable.$Failed to set source process path variable.$WixBundleElevated$WixBundleOriginalSource$WixBundleSourceProcessFolder$WixBundleSourceProcessPath
API String ID: 32694325-252221001
Opcode ID: 9b1904fb93b41fb836135b4c4ea848b9cb52a228b55710ca335d00834a4fc4e3
Instruction ID: 80e4f03aa489148e8603394db5241e8b12e6471886e99bcdb3de438c27baa7e7
Opcode Fuzzy Hash: 9b1904fb93b41fb836135b4c4ea848b9cb52a228b55710ca335d00834a4fc4e3
Instruction Fuzzy Hash: 739182B2A55A19BBCF169AA5CC89FEEB76CBF04700F010326F615E7141D730EA449BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C87503, Relevance: 34.9, APIs: 1, Strings: 22, Instructions: 378
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00C87503(struct _CRITICAL_SECTION* _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				char* _v88;
				intOrPtr _v92;
				char _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				intOrPtr _v112;
				char _v116;
				char _v120;
				intOrPtr _v124;
				char* _v128;
				intOrPtr _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char* _v148;
				intOrPtr _v152;
				char _v156;
				char _v160;
				intOrPtr _v164;
				char* _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				char _v180;
				intOrPtr _v184;
				char* _v188;
				intOrPtr _v192;
				char _v196;
				char _v200;
				intOrPtr _v204;
				char* _v208;
				intOrPtr _v212;
				char _v216;
				char _v220;
				intOrPtr _v224;
				char* _v228;
				intOrPtr _v232;
				char _v236;
				char _v240;
				intOrPtr _v244;
				char* _v248;
				char _v252;
				char _v256;
				char _v260;
				intOrPtr _v264;
				char* _v268;
				char _v272;
				char _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				char* _v288;
				char _v292;
				char _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				char* _v308;
				char _v312;
				char _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				char* _v328;
				char _v332;
				char _v336;
				char _v340;
				intOrPtr _v344;
				char* _v348;
				char _v352;
				char _v356;
				char _v360;
				intOrPtr _v364;
				char* _v368;
				char _v372;
				char _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				char* _v388;
				char _v392;
				char _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				char* _v408;
				char _v412;
				char _v416;
				char _v420;
				intOrPtr _v424;
				char* _v428;
				char _v432;
				char _v436;
				char _v440;
				intOrPtr _v444;
				char* _v448;
				char _v452;
				char _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				char* _v468;
				char _v472;
				char _v476;
				char _v480;
				intOrPtr _v484;
				char* _v488;
				char _v492;
				char _v496;
				intOrPtr _v500;
				intOrPtr _v504;
				char* _v508;
				char _v512;
				char _v516;
				intOrPtr _v520;
				intOrPtr _v524;
				char* _v528;
				char _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				char* _v548;
				char _v552;
				char _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				char* _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				char* _v588;
				char _v592;
				char _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				char* _v608;
				char _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				char* _v628;
				char _v632;
				char _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				char* _v648;
				char _v652;
				char _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				char* _v668;
				char _v672;
				char _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				char* _v688;
				char _v692;
				char _v696;
				char _v700;
				intOrPtr _v704;
				char* _v708;
				char _v712;
				char _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				char* _v728;
				char _v732;
				char _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				char* _v748;
				char _v752;
				char _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				char* _v768;
				char _v772;
				char _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				char* _v788;
				char _v792;
				char _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				char* _v808;
				char _v812;
				char _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				char* _v828;
				char _v832;
				char _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				char* _v848;
				char _v852;
				char _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				char* _v868;
				char _v872;
				char _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				char* _v888;
				char _v892;
				char _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				char* _v908;
				char _v912;
				char _v916;
				char _v920;
				intOrPtr _v924;
				char* _v928;
				char _v932;
				char _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				char* _v948;
				char _v952;
				char _v956;
				char _v960;
				intOrPtr _v964;
				char* _v968;
				char _v972;
				char _v976;
				char _v980;
				intOrPtr _v984;
				char* _v988;
				char _v992;
				char _v996;
				intOrPtr _v1000;
				intOrPtr _v1004;
				char* _v1008;
				char _v1012;
				char _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				char* _v1028;
				char _v1032;
				char _v1036;
				char _v1040;
				intOrPtr _v1044;
				char* _v1048;
				char _v1052;
				char _v1056;
				char _v1060;
				intOrPtr _v1064;
				char* _v1068;
				char _v1072;
				char _v1076;
				char _v1080;
				intOrPtr _v1084;
				char* _v1088;
				char _v1092;
				char _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				char* _v1108;
				char _v1112;
				char _v1116;
				intOrPtr _v1120;
				intOrPtr _v1124;
				char* _v1128;
				char _v1132;
				char _v1136;
				intOrPtr _v1140;
				intOrPtr _v1144;
				char* _v1148;
				char _v1152;
				char _v1156;
				intOrPtr _v1160;
				intOrPtr _v1164;
				char* _v1168;
				char _v1172;
				char _v1176;
				intOrPtr _v1180;
				intOrPtr _v1184;
				char* _v1188;
				char _v1192;
				char _v1196;
				intOrPtr _v1200;
				intOrPtr _v1204;
				char* _v1208;
				char _v1212;
				char _v1216;
				intOrPtr _v1220;
				intOrPtr _v1224;
				char* _v1228;
				struct _CRITICAL_SECTION* _v1232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t317;
				struct _CRITICAL_SECTION* _t319;
				intOrPtr _t320;
				intOrPtr _t321;
				intOrPtr _t322;
				void* _t328;
				intOrPtr _t333;
				intOrPtr _t335;
				intOrPtr _t336;
				intOrPtr _t338;
				intOrPtr _t342;
				intOrPtr _t346;
				intOrPtr* _t347;
				char _t348;
				signed int _t349;

				_t317 =  *0xcea008; // 0x4c290ae8
				_v8 = _t317 ^ _t349;
				_t319 = _a4;
				_v1232 = _t319;
				InitializeCriticalSection(_t319);
				_t348 = 0;
				_v1228 = L"AdminToolsFolder";
				_t320 = 0x2b;
				_v1220 = 0x30;
				_v1224 = E00C85EAB;
				_v1216 = 0;
				_t335 = 6;
				_v1212 = 0;
				_v1208 = L"AppDataFolder";
				_v1204 = E00C85EAB;
				_v1200 = 0x1a;
				_v1196 = 0;
				_v1192 = 0;
				_v1188 = L"CommonAppDataFolder";
				_v1184 = E00C85EAB;
				_v1180 = 0x23;
				_v1176 = 0;
				_v1172 = 0;
				_v1168 = L"CommonFiles64Folder";
				_v1164 = E00C86418;
				_v1160 = _t320;
				_v1156 = 0;
				_v1152 = 0;
				_v1148 = L"CommonFilesFolder";
				_v1144 = E00C85EAB;
				_v1140 = _t320;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = L"CommonFiles6432Folder";
				_v1124 = E00C85D71;
				_v1120 = _t320;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = L"CompatibilityMode";
				_v1104 = E00C86184;
				_v1100 = 0xc;
				_v1096 = 0;
				_v1092 = 0;
				_v1088 = L"Date";
				_v1084 = E00C85F14;
				_v1080 = 0;
				_v1076 = 0;
				_v1072 = 0;
				_v1068 = L"ComputerName";
				_v1064 = E00C85E0B;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_v1048 = L"DesktopFolder";
				_v1044 = E00C85EAB;
				_v1040 = 0;
				_v1036 = 0;
				_v1032 = 0;
				_v1028 = L"FavoritesFolder";
				_v1024 = E00C85EAB;
				_v1020 = _t335;
				_v1016 = 0;
				_v1012 = 0;
				_v1008 = L"FontsFolder";
				_v1004 = E00C85EAB;
				_v1000 = 0x14;
				_v996 = 0;
				_v992 = 0;
				_v988 = L"InstallerName";
				_v984 = E00C8602F;
				_v980 = 0;
				_v976 = 0;
				_v972 = 0;
				_v968 = L"InstallerVersion";
				_t321 = 5;
				_v944 = E00C85EAB;
				_v904 = E00C85EAB;
				_t333 = 7;
				_v840 = _t335;
				_t336 = 9;
				_v884 = E00C86184;
				_v864 = E00C86184;
				_v844 = E00C86184;
				_v824 = E00C86184;
				_v804 = E00C86184;
				_v784 = E00C86184;
				_v764 = E00C86184;
				_v744 = E00C86184;
				_t342 = 0xb;
				_v964 = E00C8605C;
				_v960 = 0;
				_v956 = 0;
				_v952 = 0;
				_v948 = L"LocalAppDataFolder";
				_v940 = 0x1c;
				_v936 = 0;
				_v932 = 0;
				_v928 = L"LogonUser";
				_v924 = E00C860BA;
				_v920 = 0;
				_v916 = 0;
				_v912 = 0;
				_v908 = L"MyPicturesFolder";
				_v900 = 0x27;
				_v896 = 0;
				_v892 = 0;
				_v888 = L"NTProductType";
				_v880 = 4;
				_v876 = 0;
				_v872 = 0;
				_v868 = L"NTSuiteBackOffice";
				_v860 = _t321;
				_v856 = 0;
				_v852 = 0;
				_v848 = L"NTSuiteDataCenter";
				_v836 = 0;
				_v832 = 0;
				_v828 = L"NTSuiteEnterprise";
				_v820 = E00C85EAB;
				_v816 = 0;
				_v812 = 0;
				_v808 = L"NTSuitePersonal";
				_v800 = 8;
				_v796 = 0;
				_v792 = 0;
				_v788 = L"NTSuiteSmallBusiness";
				_v780 = _t336;
				_v776 = 0;
				_v772 = 0;
				_v768 = L"NTSuiteSmallBusinessRestricted";
				_v760 = 0xa;
				_v756 = 0;
				_v752 = 0;
				_v748 = L"NTSuiteWebServer";
				_v740 = E00C86184;
				_v736 = 0;
				_v732 = 0;
				_v728 = L"PersonalFolder";
				_v724 = E00C85EAB;
				_v720 = _t321;
				_v716 = 0;
				_v712 = 0;
				_v708 = L"Privileged";
				_v704 = E00C86360;
				_v700 = 0;
				_v696 = 0;
				_v692 = 0;
				_v688 = L"ProcessorArchitecture";
				_v684 = E00C865DF;
				_v680 = 0xe;
				_v676 = 0;
				_t322 = 0x26;
				_v660 = _t322;
				_v640 = _t322;
				_v620 = _t322;
				_v604 = E00C85EAB;
				_v564 = E00C85EAB;
				_v524 = E00C85EAB;
				_v504 = E00C85EAB;
				_v520 = _t342;
				_v624 = E00C85D71;
				_v560 = _t336;
				_v484 = E00C864B6;
				_v464 = E00C864B6;
				_t346 = 2;
				_v672 = 0;
				_v668 = L"ProgramFiles64Folder";
				_v664 = E00C86418;
				_v656 = 0;
				_v652 = 0;
				_v648 = L"ProgramFilesFolder";
				_v644 = E00C85EAB;
				_v636 = 0;
				_v632 = 0;
				_v628 = L"ProgramFiles6432Folder";
				_v616 = 0;
				_v612 = 0;
				_v608 = L"ProgramMenuFolder";
				_v600 = E00C85D71;
				_v596 = 0;
				_v592 = 0;
				_v588 = L"RebootPending";
				_v584 = E00C863A9;
				_v580 = 0;
				_v576 = 0;
				_v572 = 0;
				_v568 = L"SendToFolder";
				_v556 = 0;
				_v552 = 0;
				_v548 = L"ServicePackLevel";
				_v544 = E00C867E5;
				_v540 = 3;
				_v536 = 0;
				_v532 = 0;
				_v528 = L"StartMenuFolder";
				_v516 = 0;
				_v512 = 0;
				_v508 = L"StartupFolder";
				_v500 = _t333;
				_v496 = 0;
				_v492 = 0;
				_v488 = L"SystemFolder";
				_v480 = 0;
				_v476 = 0;
				_v472 = 0;
				_v468 = L"System64Folder";
				_v460 = 1;
				_v456 = 0;
				_v452 = 0;
				_v448 = L"SystemLanguageID";
				_v444 = E00C85D0D;
				_v440 = 0;
				_v436 = 0;
				_v432 = 0;
				_v428 = L"TempFolder";
				_v424 = E00C86644;
				_v420 = 0;
				_v416 = 0;
				_v412 = 0;
				_v408 = L"TemplateFolder";
				_v404 = E00C85EAB;
				_v400 = 0x15;
				_v396 = 0;
				_v392 = 0;
				_v284 = E00C85EAB;
				_v324 = E00C867E5;
				_v304 = E00C867E5;
				_t338 = E00C8648B;
				_v244 = E00C86159;
				_v164 = E00C86159;
				_v144 = E00C86159;
				_v388 = L"TerminalServer";
				_v384 = E00C86184;
				_v380 = 0xd;
				_v376 = 0;
				_v372 = 0;
				_v368 = L"UserLanguageID";
				_v364 = E00C85D3F;
				_v360 = 0;
				_v356 = 0;
				_v352 = 0;
				_v348 = L"VersionMsi";
				_v344 = E00C8671C;
				_v340 = 0;
				_v336 = 0;
				_v332 = 0;
				_v328 = L"VersionNT";
				_v320 = 1;
				_v316 = 0;
				_v312 = 0;
				_v308 = L"VersionNT64";
				_v300 = _t346;
				_v296 = 0;
				_v292 = 0;
				_v288 = L"WindowsFolder";
				_v280 = 0x24;
				_v276 = 0;
				_v272 = 0;
				_v268 = L"WindowsVolume";
				_v264 = E00C869B8;
				_v260 = 0;
				_v256 = 0;
				_v252 = 0;
				_v248 = L"WixBundleAction";
				_v240 = 0;
				_v236 = 0;
				_v232 = 1;
				_v228 = L"WixBundleExecutePackageCacheFolder";
				_v224 = E00C8648B;
				_v220 = 0;
				_v216 = 0;
				_v212 = 1;
				_v208 = L"WixBundleExecutePackageAction";
				_v204 = E00C8648B;
				_v200 = 0;
				_v196 = 0;
				_v192 = 1;
				_v188 = L"WixBundleForcedRestartPackage";
				_v184 = E00C8648B;
				_v180 = 0;
				_v176 = 1;
				_v172 = 1;
				_v168 = L"WixBundleInstalled";
				_v160 = 0;
				_v156 = 0;
				_v152 = 1;
				_v148 = L"WixBundleElevated";
				_v140 = 0;
				_v136 = 0;
				_v132 = 1;
				_v128 = L"WixBundleActiveParent";
				_v124 = E00C8648B;
				_v120 = 0;
				_v116 = 0;
				_v112 = 1;
				_v108 = L"WixBundleProviderKey";
				_v104 = E00C8648B;
				_v100 = 0xccb524;
				_v96 = 0;
				_v92 = 1;
				_v88 = L"WixBundleSourceProcessPath";
				_v84 = E00C8648B;
				_v80 = 0;
				_v76 = 0;
				_t347 =  &_v1216;
				_v72 = 1;
				_v68 = L"WixBundleSourceProcessFolder";
				_v64 = E00C8648B;
				_v60 = 0;
				_v56 = 0;
				_v52 = 1;
				_v48 = L"WixBundleTag";
				_v44 = E00C8648B;
				_v40 = 0xccb524;
				_v36 = 0;
				_v32 = 1;
				_v28 = L"WixBundleVersion";
				_v24 = E00C866F1;
				_v20 = 0;
				_v16 = 0;
				_v12 = 1;
				while(1) {
					_t328 = E00C85530(_t338, _v1232,  *((intOrPtr*)(_t347 - 0xc)),  *((intOrPtr*)(_t347 - 8)),  *((intOrPtr*)(_t347 - 4)),  *_t347,  *((intOrPtr*)(_t347 + 4))); // executed
					_t334 = _t328;
					if(_t328 < 0) {
						break;
					}
					_t348 = _t348 + 1;
					_t347 = _t347 + 0x14;
					if(_t348 < 0x3d) {
						continue;
					} else {
					}
					L5:
					return E00CADE36(_t334, _v8 ^ _t349, 1, _t347, _t348);
				}
				E00CC012F(_t334, "Failed to add built-in variable: %ls.",  *((intOrPtr*)(_t347 - 0xc)));
				goto L5;
			}

0x00c8750c
0x00c87513
0x00c87516
0x00c8751d
0x00c87523
0x00c87529
0x00c8752b
0x00c87537
0x00c8753d
0x00c8754e
0x00c87559
0x00c8755f
0x00c87560
0x00c87566
0x00c87570
0x00c87576
0x00c87580
0x00c87586
0x00c8758c
0x00c87596
0x00c8759c
0x00c875a6
0x00c875ac
0x00c875b2
0x00c875bc
0x00c875c6
0x00c875cc
0x00c875d2
0x00c875d8
0x00c875e2
0x00c875e8
0x00c875ee
0x00c875f4
0x00c875fa
0x00c87604
0x00c8760a
0x00c87610
0x00c87616
0x00c8761c
0x00c87626
0x00c8762c
0x00c87636
0x00c8763c
0x00c87642
0x00c8764c
0x00c87656
0x00c8765c
0x00c87662
0x00c87668
0x00c87672
0x00c8767c
0x00c87682
0x00c87688
0x00c8768e
0x00c87698
0x00c8769e
0x00c876a4
0x00c876aa
0x00c876b0
0x00c876ba
0x00c876c0
0x00c876c6
0x00c876cc
0x00c876d2
0x00c876dc
0x00c876e2
0x00c876ec
0x00c876f2
0x00c876f8
0x00c87702
0x00c8770c
0x00c87712
0x00c87718
0x00c8771e
0x00c8772a
0x00c8772d
0x00c87733
0x00c87739
0x00c8773c
0x00c87742
0x00c87745
0x00c8774b
0x00c87751
0x00c87757
0x00c8775d
0x00c87763
0x00c87769
0x00c8776f
0x00c87775
0x00c87776
0x00c87780
0x00c87786
0x00c8778c
0x00c87792
0x00c8779c
0x00c877a6
0x00c877ac
0x00c877b2
0x00c877bc
0x00c877c6
0x00c877cc
0x00c877d2
0x00c877d8
0x00c877e2
0x00c877ec
0x00c877f2
0x00c877f8
0x00c87802
0x00c8780c
0x00c87812
0x00c87818
0x00c87822
0x00c87828
0x00c8782e
0x00c87834
0x00c8783e
0x00c87844
0x00c8784a
0x00c87854
0x00c8785a
0x00c87860
0x00c87866
0x00c87870
0x00c8787a
0x00c87880
0x00c87886
0x00c87890
0x00c87896
0x00c8789c
0x00c878a2
0x00c878ac
0x00c878b6
0x00c878bc
0x00c878c2
0x00c878cc
0x00c878d2
0x00c878d8
0x00c878de
0x00c878e8
0x00c878f2
0x00c878f8
0x00c878fe
0x00c87904
0x00c8790e
0x00c87918
0x00c8791e
0x00c87924
0x00c8792a
0x00c87934
0x00c8793e
0x00c87948
0x00c87950
0x00c87951
0x00c87957
0x00c8795d
0x00c87968
0x00c8796e
0x00c87974
0x00c8797a
0x00c87985
0x00c8798f
0x00c87996
0x00c879a1
0x00c879a7
0x00c879b2
0x00c879b3
0x00c879b9
0x00c879c3
0x00c879cd
0x00c879d3
0x00c879d9
0x00c879e3
0x00c879ed
0x00c879f3
0x00c879f9
0x00c87a03
0x00c87a09
0x00c87a0f
0x00c87a19
0x00c87a1f
0x00c87a25
0x00c87a2b
0x00c87a35
0x00c87a3f
0x00c87a45
0x00c87a4b
0x00c87a51
0x00c87a5b
0x00c87a61
0x00c87a67
0x00c87a71
0x00c87a77
0x00c87a81
0x00c87a87
0x00c87a8d
0x00c87a97
0x00c87a9d
0x00c87aa3
0x00c87aad
0x00c87ab3
0x00c87ab9
0x00c87abf
0x00c87ac9
0x00c87acf
0x00c87ad5
0x00c87adb
0x00c87ae5
0x00c87aeb
0x00c87af1
0x00c87af7
0x00c87b01
0x00c87b0b
0x00c87b11
0x00c87b17
0x00c87b1d
0x00c87b27
0x00c87b31
0x00c87b37
0x00c87b3d
0x00c87b43
0x00c87b4d
0x00c87b53
0x00c87b5d
0x00c87b63
0x00c87b69
0x00c87b74
0x00c87b7a
0x00c87b80
0x00c87b85
0x00c87b8b
0x00c87b91
0x00c87b9c
0x00c87ba6
0x00c87bb0
0x00c87bba
0x00c87bc0
0x00c87bc6
0x00c87bd0
0x00c87bda
0x00c87be0
0x00c87be6
0x00c87bec
0x00c87bf6
0x00c87c00
0x00c87c06
0x00c87c0c
0x00c87c12
0x00c87c1c
0x00c87c22
0x00c87c28
0x00c87c2e
0x00c87c38
0x00c87c3e
0x00c87c44
0x00c87c4a
0x00c87c54
0x00c87c5e
0x00c87c64
0x00c87c6a
0x00c87c74
0x00c87c7e
0x00c87c84
0x00c87c8a
0x00c87c90
0x00c87c9a
0x00c87ca0
0x00c87ca6
0x00c87cac
0x00c87cb6
0x00c87cbc
0x00c87cc2
0x00c87cc8
0x00c87cce
0x00c87cd8
0x00c87cde
0x00c87ce4
0x00c87cea
0x00c87cf0
0x00c87cfa
0x00c87d00
0x00c87d06
0x00c87d0c
0x00c87d12
0x00c87d1c
0x00c87d22
0x00c87d28
0x00c87d2e
0x00c87d38
0x00c87d3e
0x00c87d44
0x00c87d47
0x00c87d4e
0x00c87d51
0x00c87d54
0x00c87d57
0x00c87d5a
0x00c87d61
0x00c87d64
0x00c87d67
0x00c87d6a
0x00c87d6d
0x00c87d74
0x00c87d77
0x00c87d7a
0x00c87d7d
0x00c87d83
0x00c87d86
0x00c87d8d
0x00c87d90
0x00c87d93
0x00c87d96
0x00c87d99
0x00c87da0
0x00c87da3
0x00c87da6
0x00c87da9
0x00c87dac
0x00c87db3
0x00c87dba
0x00c87dbd
0x00c87dc0
0x00c87dc3
0x00c87dd7
0x00c87ddc
0x00c87de0
0x00000000
0x00000000
0x00c87de2
0x00c87de3
0x00c87de9
0x00000000
0x00000000
0x00c87deb
0x00c87dfe
0x00c87e10
0x00c87e10
0x00c87df6
0x00000000

APIs

InitializeCriticalSection.KERNEL32(00C97378,00C852B5,00000000,00C8533D), ref: 00C87523

Strings

LogonUser, xrefs: 00C877B2
WixBundleActiveParent, xrefs: 00C87D47
Failed to add built-in variable: %ls., xrefs: 00C87DF0
WixBundleSourceProcessPath, xrefs: 00C87D6D
WixBundleAction, xrefs: 00C87C90
$, xrefs: 00C87C54
', xrefs: 00C877E2
0, xrefs: 00C8753D
WixBundleTag, xrefs: 00C87D99
WixBundleSourceProcessFolder, xrefs: 00C87D86
#, xrefs: 00C8759C
InstallerVersion, xrefs: 00C8771E
WixBundleExecutePackageAction, xrefs: 00C87CCE
Date, xrefs: 00C87642
InstallerName, xrefs: 00C876F8
WixBundleElevated, xrefs: 00C87D2E
WixBundleVersion, xrefs: 00C87DAC
)L, xrefs: 00C8750C
WixBundleInstalled, xrefs: 00C87D12
WixBundleProviderKey, xrefs: 00C87D5A
WixBundleExecutePackageCacheFolder, xrefs: 00C87CAC
WixBundleForcedRestartPackage, xrefs: 00C87CF0

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalInitializeSection
String ID: #$$$'$0$Date$Failed to add built-in variable: %ls.$InstallerName$InstallerVersion$LogonUser$WixBundleAction$WixBundleActiveParent$WixBundleElevated$WixBundleExecutePackageAction$WixBundleExecutePackageCacheFolder$WixBundleForcedRestartPackage$WixBundleInstalled$WixBundleProviderKey$WixBundleSourceProcessFolder$WixBundleSourceProcessPath$WixBundleTag$WixBundleVersion$)L
API String ID: 32694325-2033531867
Opcode ID: 47d808bccbaddbd625c5dd68c8029aefced9729d5b4666351b0fed35430aaa97
Instruction ID: cec52a2ff9d2f507cbdcbc1ce6dd4ef90a67e34f4ca22fdf749c47d97600bbe5
Opcode Fuzzy Hash: 47d808bccbaddbd625c5dd68c8029aefced9729d5b4666351b0fed35430aaa97
Instruction Fuzzy Hash: 303209F0C256798BDF65DF59C9887DDBAB8BB49B08F5081DEE10CA6211D7B00A858F84

Uniqueness

Uniqueness Score: -1.00%

Function 00C980AE, Relevance: 33.4, APIs: 7, Strings: 12, Instructions: 151
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 52%

			E00C980AE(void* __edx, intOrPtr _a8) {
				signed int _v8;
				char _v88;
				short _v608;
				char _v624;
				signed int _v628;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t18;
				intOrPtr _t23;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed short _t40;
				signed short _t48;
				intOrPtr _t51;
				void* _t52;
				void* _t57;
				void* _t58;
				signed int _t60;
				signed int _t64;
				signed int _t68;

				_t57 = __edx;
				_t18 =  *0xcea008; // 0x4c290ae8
				_v8 = _t18 ^ _t68;
				_v628 = _v628 & 0x00000000;
				_t51 = _a8;
				E00CAF670(_t58,  &_v608, 0, 0x208);
				_t59 =  &_v624;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t23 =  *0xceaa94; // 0x0
				if(_t23 != 0) {
					L17:
					_t60 = E00C821A5(_t51, _t23, 0);
					__eflags = _t60;
					if(_t60 < 0) {
						_push("Failed to copy working folder path.");
						goto L19;
					}
				} else {
					E00CC076C(GetCurrentProcess(),  &_v628); // executed
					if(_v628 == 0) {
						_t32 = GetTempPathW(0x104,  &_v608);
						__eflags = _t32;
						if(_t32 != 0) {
							goto L10;
						} else {
							_t40 = GetLastError();
							__eflags = _t40;
							_t64 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							__eflags = _t64;
							_t60 =  >=  ? 0x80004005 : _t64;
							E00C837D3(0x80004005, "cache.cpp", 0x46b, _t60);
							_push("Failed to get temp path for working folder.");
							goto L19;
						}
					} else {
						_t59 = 0x104;
						if(GetWindowsDirectoryW( &_v608, 0x104) != 0) {
							_t60 = E00C8338F(_t52, __eflags,  &_v608, 0x104);
							__eflags = _t60;
							if(_t60 >= 0) {
								_t60 = E00C836B4(_t52,  &_v608, 0x104, L"Temp\\");
								__eflags = _t60;
								if(_t60 >= 0) {
									L10:
									_t33 =  &_v624;
									__imp__UuidCreate(_t33);
									_t60 = _t33 | 0x00000001;
									__eflags = _t60;
									if(_t60 >= 0) {
										_t35 =  &_v624;
										__imp__StringFromGUID2(_t35,  &_v88, 0x27);
										__eflags = _t35;
										if(_t35 != 0) {
											_push( &_v88);
											_t60 = E00C81F20(0xceaa94, L"%ls%ls\\",  &_v608);
											__eflags = _t60;
											if(_t60 >= 0) {
												_t23 =  *0xceaa94; // 0x0
												goto L17;
											} else {
												_push("Failed to append bundle id on to temp path for working folder.");
												goto L19;
											}
										} else {
											_t60 = 0x8007000e;
											E00C837D3(_t35, "cache.cpp", 0x475, 0x8007000e);
											_push("Failed to convert working folder guid into string.");
											goto L19;
										}
									} else {
										_push("Failed to create working folder guid.");
										goto L19;
									}
								} else {
									_push("Failed to concat Temp directory on windows path for working folder.");
									goto L19;
								}
							} else {
								_push("Failed to ensure windows path for working folder ended in backslash.");
								goto L19;
							}
						} else {
							_t48 = GetLastError();
							_t67 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_t60 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "cache.cpp", 0x460, _t60);
							_push("Failed to get windows path for working folder.");
							L19:
							_push(_t60);
							E00CC012F();
						}
					}
				}
				return E00CADE36(_t51, _v8 ^ _t68, _t57, _t59, _t60);
			}

0x00c980ae
0x00c980b7
0x00c980be
0x00c980c1
0x00c980cf
0x00c980dc
0x00c980e3
0x00c980e9
0x00c980ed
0x00c980ee
0x00c980ef
0x00c980f0
0x00c980f7
0x00c98270
0x00c98279
0x00c9827b
0x00c9827d
0x00c9827f
0x00000000
0x00c9827f
0x00c980fd
0x00c9810b
0x00c9811d
0x00c981b1
0x00c981b7
0x00c981b9
0x00000000
0x00c981bb
0x00c981bb
0x00c981ca
0x00c981cc
0x00c981d4
0x00c981d6
0x00c981e4
0x00c981e9
0x00000000
0x00c981e9
0x00c98123
0x00c98123
0x00c98132
0x00c98179
0x00c9817b
0x00c9817d
0x00c9819b
0x00c9819d
0x00c9819f
0x00c981f3
0x00c981f3
0x00c981fa
0x00c98202
0x00c98202
0x00c98205
0x00c98214
0x00c9821b
0x00c98221
0x00c98223
0x00c98244
0x00c9825b
0x00c98260
0x00c98262
0x00c9826b
0x00000000
0x00c98264
0x00c98264
0x00000000
0x00c98264
0x00c98225
0x00c98225
0x00c98235
0x00c9823a
0x00000000
0x00c9823a
0x00c98207
0x00c98207
0x00000000
0x00c98207
0x00c981a1
0x00c981a1
0x00000000
0x00c981a1
0x00c9817f
0x00c9817f
0x00000000
0x00c9817f
0x00c98134
0x00c98134
0x00c98145
0x00c9814f
0x00c9815d
0x00c98162
0x00c98284
0x00c98284
0x00c98285
0x00c9828b
0x00c98132
0x00c9811d
0x00c9829e

APIs

GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00C85381), ref: 00C98104

Part of subcall function 00CC076C: OpenProcessToken.ADVAPI32(?,00000008,?,00C852B5,00000000,?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC078A
Part of subcall function 00CC076C: GetLastError.KERNEL32(?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC0794
Part of subcall function 00CC076C: FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC081D

GetWindowsDirectoryW.KERNEL32(?,00000104,00000000), ref: 00C9812A
GetLastError.KERNEL32 ref: 00C98134
GetTempPathW.KERNEL32(00000104,?,00000000), ref: 00C981B1
GetLastError.KERNEL32 ref: 00C981BB

Strings

Failed to ensure windows path for working folder ended in backslash., xrefs: 00C9817F
Temp\, xrefs: 00C98189
cache.cpp, xrefs: 00C98158, 00C981DF, 00C98230
Failed to append bundle id on to temp path for working folder., xrefs: 00C98264
Failed to copy working folder path., xrefs: 00C9827F
Failed to create working folder guid., xrefs: 00C98207
%ls%ls\, xrefs: 00C9824C
Failed to get temp path for working folder., xrefs: 00C981E9
Failed to concat Temp directory on windows path for working folder., xrefs: 00C981A1
)L, xrefs: 00C980B7
Failed to get windows path for working folder., xrefs: 00C98162
Failed to convert working folder guid into string., xrefs: 00C9823A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$Process$ChangeCloseCurrentDirectoryFindNotificationOpenPathTempTokenWindows
String ID: %ls%ls\$Failed to append bundle id on to temp path for working folder.$Failed to concat Temp directory on windows path for working folder.$Failed to convert working folder guid into string.$Failed to copy working folder path.$Failed to create working folder guid.$Failed to ensure windows path for working folder ended in backslash.$Failed to get temp path for working folder.$Failed to get windows path for working folder.$Temp\$cache.cpp$)L
API String ID: 58964441-1591100991
Opcode ID: 487a989d300b483f4a49d1bf97fdaa02492923475fdf8ae3a4e8eb44dc55850e
Instruction ID: c81fc7e58163cb6922bce8416072df8cb9369d5edaa8aefac3b49bd09388ba14
Opcode Fuzzy Hash: 487a989d300b483f4a49d1bf97fdaa02492923475fdf8ae3a4e8eb44dc55850e
Instruction Fuzzy Hash: BA41F972A40B24ABEF20A7A4DD4EF9F73A8AB01711F100166FE05E7240EA74DD489695

Uniqueness

Uniqueness Score: -1.00%

Function 00CA0E43, Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.OLE32(00000000,00000000), ref: 00CA0E65
CoUninitialize.OLE32 ref: 00CA10D9

Strings

Failed to set operation complete event., xrefs: 00CA1009
Failed to reset begin operation event., xrefs: 00CA1091
cabextract.cpp, xrefs: 00CA0EDB, 00CA0FFF, 00CA104A, 00CA1087, 00CA10B3
Invalid operation for this state., xrefs: 00CA10BD
Failed to extract all files from container, erf: %d:%X:%d, xrefs: 00CA0FC0
Failed to initialize cabinet.dll., xrefs: 00CA0EE7
Failed to wait for begin operation event., xrefs: 00CA1054
<the>.cab, xrefs: 00CA0F05
Failed to initialize COM., xrefs: 00CA0E71
)L, xrefs: 00CA0E49

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: InitializeUninitialize
String ID: <the>.cab$Failed to extract all files from container, erf: %d:%X:%d$Failed to initialize COM.$Failed to initialize cabinet.dll.$Failed to reset begin operation event.$Failed to set operation complete event.$Failed to wait for begin operation event.$Invalid operation for this state.$cabextract.cpp$)L
API String ID: 3442037557-763467906
Opcode ID: d87137baf87bf2ce8b2a87e6a6a341de07e2d521bb7f0f9ad1e89ecae2900214
Instruction ID: e716de675749636d8023c829c57a45f2d9a6edb47b96709343aae9a108bb6d92
Opcode Fuzzy Hash: d87137baf87bf2ce8b2a87e6a6a341de07e2d521bb7f0f9ad1e89ecae2900214
Instruction Fuzzy Hash: 0E517B36E40363EFD72016A58C45F6B76A49B43768F36023AFC02BB380D6658D40AAD6

Uniqueness

Uniqueness Score: -1.00%

Function 00C841D2, Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 158
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 66%

			E00C841D2(void* __ecx, union _LARGE_INTEGER* __edx, void* __eflags, struct _CRITICAL_SECTION* _a4, signed int _a8) {
				char _v8;
				void* _t50;
				int _t55;
				WCHAR* _t56;
				int _t62;
				WCHAR* _t63;
				signed int _t69;
				intOrPtr* _t72;
				signed int _t76;
				struct _CRITICAL_SECTION* _t79;
				signed int _t83;
				void* _t89;
				void* _t93;
				union _LARGE_INTEGER* _t96;
				struct _CRITICAL_SECTION* _t98;
				void* _t100;
				void* _t103;

				_t96 = __edx;
				_push(__ecx);
				_a8 = _a8 | 0xffffffff;
				_t98 = _a4;
				_v8 = _a8;
				 *(_t98 + 0x498) =  *(_t98 + 0x498) | 0xffffffff;
				 *(_t98 + 0x494) = 1;
				InitializeCriticalSection(_t98);
				_t9 = _t98 + 0xd0; // 0xd0
				InitializeCriticalSection(_t9);
				_t10 = _t98 + 0x4a0; // 0x4a0
				E00C94B0E(_t10);
				_t11 = _t98 + 0x4b8; // 0x4b8
				E00C94B0E(_t11);
				_t83 = 0;
				if( *((intOrPtr*)(_t98 + 0x4dc)) <= 0) {
					L14:
					_t40 = _t98 + 0x48; // 0x48
					_t50 = E00C8B389(_t96, _t40, _v8, _a8); // executed
					_t103 = _t50;
					if(_t103 < 0) {
						_push("Failed to initialize engine section.");
						_push(_t103);
						E00CC012F();
					}
					L16:
					return _t103;
				}
				do {
					if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)))) != 0x2d) {
						goto L13;
					}
					_t55 = lstrlenW(L"burn.filehandle.attached");
					_t56 = L"burn.filehandle.attached";
					if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t56), _t56, _t55) != 2) {
						L8:
						_t62 = lstrlenW(L"burn.filehandle.self");
						_t63 = L"burn.filehandle.self";
						if(CompareStringW(0x7f, 1,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 2, lstrlenW(_t63), _t63, _t62) != 2) {
							goto L13;
						}
						_t69 = lstrlenW(L"burn.filehandle.self");
						_t72 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t69 * 2;
						_t89 = 0x3d;
						_a4 = _t72;
						if(_t89 !=  *((intOrPtr*)(_t72 - 2)) || 0 ==  *_t72) {
							_t100 = 0x80070057;
							E00C837D3(_t72, "engine.cpp", 0x140, 0x80070057);
							_push(L"burn.filehandle.self");
							L19:
							_push("Missing required parameter for switch: %ls");
							_t103 = _t100;
							_push(_t100);
							goto L20;
						} else {
							_t103 = E00C829DC( &_v8, _t96, _t72, 0,  &_v8);
							if(_t103 < 0) {
								L17:
								_push(_a4);
								_push("Failed to parse file handle: \'%ls\'");
								_push(_t103);
								L20:
								E00CC012F();
								goto L16;
							}
							goto L13;
						}
					}
					_t76 = lstrlenW(L"burn.filehandle.attached");
					_t79 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0x4e0)) + _t83 * 4)) + 4 + _t76 * 2;
					_t93 = 0x3d;
					_a4 = _t79;
					if(_t93 !=  *((intOrPtr*)(_t79 - 2)) || 0 ==  *_t79) {
						_t100 = 0x80070057;
						E00C837D3(_t79, "engine.cpp", 0x135, 0x80070057);
						_push(L"burn.filehandle.attached");
						goto L19;
					} else {
						_t103 = E00C829DC( &_a8, _t96, _t79, 0,  &_a8);
						if(_t103 < 0) {
							goto L17;
						}
						goto L8;
					}
					L13:
					_t83 = _t83 + 1;
				} while (_t83 <  *((intOrPtr*)(_t98 + 0x4dc)));
				goto L14;
			}

0x00c841d2
0x00c841d5
0x00c841d9
0x00c841e6
0x00c841ea
0x00c841ed
0x00c841f4
0x00c841fe
0x00c84200
0x00c84207
0x00c84209
0x00c84210
0x00c84215
0x00c8421c
0x00c84221
0x00c84229
0x00c8434d
0x00c84350
0x00c84357
0x00c8435c
0x00c84360
0x00c84362
0x00c84367
0x00c84368
0x00c8436e
0x00c8436f
0x00c84377
0x00c84377
0x00c84235
0x00c84242
0x00000000
0x00000000
0x00c8424d
0x00c84250
0x00c84274
0x00c842c6
0x00c842cb
0x00c842ce
0x00c842f2
0x00000000
0x00000000
0x00c842f9
0x00c8430d
0x00c8430f
0x00c84310
0x00c84317
0x00c843b1
0x00c843c1
0x00c843c6
0x00c8439f
0x00c8439f
0x00c843a4
0x00c843a6
0x00000000
0x00c84328
0x00c84334
0x00c84338
0x00c8437a
0x00c8437a
0x00c8437d
0x00c84382
0x00c843a7
0x00c843a7
0x00000000
0x00c843ac
0x00000000
0x00c8433a
0x00c84317
0x00c8427b
0x00c8428f
0x00c84291
0x00c84292
0x00c84299
0x00c84385
0x00c84395
0x00c8439a
0x00000000
0x00c842aa
0x00c842b6
0x00c842ba
0x00000000
0x00000000
0x00000000
0x00c842c0
0x00c84340
0x00c84340
0x00c84341
0x00000000

APIs

InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,?,?,00C8515E,?,?,00000000,?,?), ref: 00C841FE
InitializeCriticalSection.KERNEL32(000000D0,?,?,00C8515E,?,?,00000000,?,?), ref: 00C84207
lstrlenW.KERNEL32(burn.filehandle.attached,000004B8,000004A0,?,?,00C8515E,?,?,00000000,?,?), ref: 00C8424D
lstrlenW.KERNEL32(burn.filehandle.attached,burn.filehandle.attached,00000000,?,?,00C8515E,?,?,00000000,?,?), ref: 00C84257
CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00C8515E,?,?,00000000,?,?), ref: 00C8426B
lstrlenW.KERNEL32(burn.filehandle.attached,?,?,00C8515E,?,?,00000000,?,?), ref: 00C8427B
lstrlenW.KERNEL32(burn.filehandle.self,?,?,00C8515E,?,?,00000000,?,?), ref: 00C842CB
lstrlenW.KERNEL32(burn.filehandle.self,burn.filehandle.self,00000000,?,?,00C8515E,?,?,00000000,?,?), ref: 00C842D5
CompareStringW.KERNEL32(0000007F,00000001,?,00000000,?,?,00C8515E,?,?,00000000,?,?), ref: 00C842E9
lstrlenW.KERNEL32(burn.filehandle.self,?,?,00C8515E,?,?,00000000,?,?), ref: 00C842F9

Strings

Missing required parameter for switch: %ls, xrefs: 00C8439F
Failed to parse file handle: '%ls', xrefs: 00C8437D
burn.filehandle.attached, xrefs: 00C84248, 00C84250, 00C84255, 00C84256, 00C84276, 00C8439A
burn.filehandle.self, xrefs: 00C842C6, 00C842CE, 00C842D3, 00C842D4, 00C842F4, 00C843C6
Failed to initialize engine section., xrefs: 00C84362
engine.cpp, xrefs: 00C84390, 00C843BC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: lstrlen$CompareCriticalInitializeSectionString
String ID: Failed to initialize engine section.$Failed to parse file handle: '%ls'$Missing required parameter for switch: %ls$burn.filehandle.attached$burn.filehandle.self$engine.cpp
API String ID: 3039292287-3209860532
Opcode ID: d49953b817cea850e8ffb87cf7356d801d09d3191065d8216fa50f14e63aeec6
Instruction ID: 51877dacab9f8c7e4be368c4c48b27525437ee79c980fb79cc934731a5576972
Opcode Fuzzy Hash: d49953b817cea850e8ffb87cf7356d801d09d3191065d8216fa50f14e63aeec6
Instruction Fuzzy Hash: 565185B1A40616BFCB24ABA9DC47F9EB76CFB04765F100129F618D72A0D770AD50C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00C8C129, Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 128
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 54%

			E00C8C129(HANDLE* _a4, intOrPtr _a8, void* _a12, WCHAR* _a16) {
				void* _t29;
				int _t31;
				union _LARGE_INTEGER* _t33;
				int _t34;
				long _t38;
				signed short _t40;
				signed short _t43;
				void* _t47;
				signed short _t48;
				HANDLE* _t51;
				intOrPtr _t52;
				long _t55;
				union _LARGE_INTEGER _t65;

				_t52 = _a8;
				_t51 = _a4;
				_t51[6] =  *(_t52 + 4);
				_t55 = 0;
				_t65 = 0;
				_t51[4] =  *(_t52 + 0x18);
				_t51[5] =  *(_t52 + 0x1c);
				_t51[2] =  *(_t52 + 0x40);
				_t51[3] =  *(_t52 + 0x44);
				if(_a12 != 0xffffffff) {
					_t29 = GetCurrentProcess();
					_t31 = DuplicateHandle(GetCurrentProcess(), _a12, _t29, _t51, 0, 0, 2); // executed
					if(_t31 != 0) {
						_t65 = 0;
						goto L7;
					} else {
						_t43 = GetLastError();
						_t61 =  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						_t55 =  >=  ? 0x80004005 :  <=  ? _t43 : _t43 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "container.cpp", 0xec, _t55);
						_push(_a16);
						_push("Failed to duplicate handle to container: %ls");
						goto L3;
					}
				} else {
					_t47 = CreateFileW(_a16, 0x80000000, 1, 0, 3, 0x8000080, 0);
					 *_t51 = _t47;
					if(_t47 != 0xffffffff) {
						L7:
						if( *((intOrPtr*)(_a8 + 0xc)) == _t55) {
							_t33 = _t55;
						} else {
							_t65 = _t51[2];
							_t33 = _t51[3];
						}
						_push(_t55);
						_t34 = SetFilePointerEx( *_t51, _t65, _t33, _t55); // executed
						if(_t34 != 0) {
							if(_t51[6] == 1) {
								_t38 = E00CA1484(_t51, _a16); // executed
								_t55 = _t38;
								if(_t55 < 0) {
									_push("Failed to open container.");
									goto L15;
								}
							}
						} else {
							_t40 = GetLastError();
							_t58 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							_t55 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "container.cpp", 0xf8, _t55);
							_push("Failed to move file pointer to container offset.");
							L15:
							_push(_t55);
							E00CC012F();
						}
					} else {
						_t48 = GetLastError();
						_t64 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t55 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "container.cpp", 0xe6, _t55);
						_push(_a16);
						_push("Failed to open file: %ls");
						L3:
						_push(_t55);
						E00CC012F();
					}
				}
				return _t55;
			}

0x00c8c12c
0x00c8c130
0x00c8c138
0x00c8c13b
0x00c8c141
0x00c8c146
0x00c8c14c
0x00c8c152
0x00c8c158
0x00c8c15b
0x00c8c1d0
0x00c8c1d9
0x00c8c1e1
0x00c8c21b
0x00000000
0x00c8c1e3
0x00c8c1e3
0x00c8c1f4
0x00c8c1fe
0x00c8c20c
0x00c8c211
0x00c8c214
0x00000000
0x00c8c214
0x00c8c15d
0x00c8c170
0x00c8c176
0x00c8c17b
0x00c8c21d
0x00c8c223
0x00c8c22d
0x00c8c225
0x00c8c225
0x00c8c228
0x00c8c228
0x00c8c22f
0x00c8c235
0x00c8c23d
0x00c8c27a
0x00c8c280
0x00c8c285
0x00c8c289
0x00c8c28b
0x00000000
0x00c8c28b
0x00c8c289
0x00c8c23f
0x00c8c23f
0x00c8c250
0x00c8c25a
0x00c8c268
0x00c8c26d
0x00c8c290
0x00c8c290
0x00c8c291
0x00c8c297
0x00c8c181
0x00c8c181
0x00c8c192
0x00c8c19c
0x00c8c1aa
0x00c8c1af
0x00c8c1b2
0x00c8c1b7
0x00c8c1b7
0x00c8c1b8
0x00c8c1bd
0x00c8c17b
0x00c8c29e

APIs

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,?,00000000,00000000,?,00C8C319,00C852FD,?,?,00C8533D), ref: 00C8C170
GetLastError.KERNEL32(?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00C8C181
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,?,00000000,00000000,?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?), ref: 00C8C1D0
GetCurrentProcess.KERNEL32(000000FF,00000000,?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00C8C1D6
DuplicateHandle.KERNELBASE(00000000,?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00C8C1D9
GetLastError.KERNEL32(?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00C8C1E3
SetFilePointerEx.KERNELBASE(?,00000000,00000000,00000000,00000000,?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00C8C235
GetLastError.KERNEL32(?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00C8C23F

Strings

Failed to duplicate handle to container: %ls, xrefs: 00C8C214
Failed to open file: %ls, xrefs: 00C8C1B2
feclient.dll, xrefs: 00C8C232
container.cpp, xrefs: 00C8C1A5, 00C8C207, 00C8C263
Failed to open container., xrefs: 00C8C28B
Failed to move file pointer to container offset., xrefs: 00C8C26D
crypt32.dll, xrefs: 00C8C231

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$CurrentFileProcess$CreateDuplicateHandlePointer
String ID: Failed to duplicate handle to container: %ls$Failed to move file pointer to container offset.$Failed to open container.$Failed to open file: %ls$container.cpp$crypt32.dll$feclient.dll
API String ID: 2619879409-373955632
Opcode ID: 18875de276ef1b9a38dd8ff46ec98d848f1779d85044ff4f185af102c60bcdb2
Instruction ID: efcfda5de8546450ae13b57b981f8571611605a5b2caa536d9469af39ec7d793
Opcode Fuzzy Hash: 18875de276ef1b9a38dd8ff46ec98d848f1779d85044ff4f185af102c60bcdb2
Instruction Fuzzy Hash: 4841D072240301ABEB10AF6ADC89F5B3BEAAB85724F11412DF918DB291DA31D801DB74

Uniqueness

Uniqueness Score: -1.00%

Function 00CC29B3, Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 86
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00CC29B3(void* __ecx, void* __edx, void* __esi, void* __eflags) {
				signed int _v8;
				void* _t8;
				_Unknown_base(*)()* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()* _t14;
				_Unknown_base(*)()* _t15;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t17;
				_Unknown_base(*)()* _t18;
				intOrPtr _t20;
				intOrPtr _t22;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr _t30;
				intOrPtr _t32;
				void* _t36;

				_v8 = _v8 & 0x00000000;
				_t8 = E00C837EA(__edx, L"Msi.dll", 0xceb680,  &_v8); // executed
				_t36 = _t8;
				if(_t36 >= 0) {
					E00CC4932(_v8, 0xceb684, 0xceb688); // executed
					_t12 = GetProcAddress( *0xceb680, "MsiDeterminePatchSequenceW");
					_t20 =  *0xceb68c; // 0x6e2ebe10
					_t21 =  ==  ? _t12 : _t20;
					 *0xceb6a8 = _t12;
					 *0xceb68c =  ==  ? _t12 : _t20;
					_t13 = GetProcAddress( *0xceb680, "MsiDetermineApplicablePatchesW");
					_t22 =  *0xceb690; // 0x6e2ea130
					_t23 =  ==  ? _t13 : _t22;
					 *0xceb6ac = _t13;
					 *0xceb690 =  ==  ? _t13 : _t22;
					_t14 = GetProcAddress( *0xceb680, "MsiEnumProductsExW");
					_t24 =  *0xceb694; // 0x6e2f03d0
					_t25 =  ==  ? _t14 : _t24;
					 *0xceb6b0 = _t14;
					 *0xceb694 =  ==  ? _t14 : _t24;
					_t15 = GetProcAddress( *0xceb680, "MsiGetPatchInfoExW");
					_t26 =  *0xceb698; // 0x6e2f3560
					_t27 =  ==  ? _t15 : _t26;
					 *0xceb6b4 = _t15;
					 *0xceb698 =  ==  ? _t15 : _t26;
					_t16 = GetProcAddress( *0xceb680, "MsiGetProductInfoExW");
					_t28 =  *0xceb69c; // 0x6e21ac90
					_t29 =  ==  ? _t16 : _t28;
					 *0xceb6b8 = _t16;
					 *0xceb69c =  ==  ? _t16 : _t28;
					_t17 = GetProcAddress( *0xceb680, "MsiSetExternalUIRecord");
					_t30 =  *0xceb6a0; // 0x6e2f71b0
					_t31 =  ==  ? _t17 : _t30;
					 *0xceb6bc = _t17;
					 *0xceb6a0 =  ==  ? _t17 : _t30;
					_t18 = GetProcAddress( *0xceb680, "MsiSourceListAddSourceExW");
					_t32 =  *0xceb6a4; // 0x6e2f7ec0
					 *0xceb6c0 = _t18;
					_t33 =  ==  ? _t18 : _t32;
					 *0xceb6c4 = 1;
					 *0xceb6a4 =  ==  ? _t18 : _t32;
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t36;
			}

0x00cc29b7
0x00cc29ca
0x00cc29cf
0x00cc29d3
0x00cc29e7
0x00cc29fd
0x00cc29ff
0x00cc2a12
0x00cc2a15
0x00cc2a1a
0x00cc2a20
0x00cc2a22
0x00cc2a35
0x00cc2a38
0x00cc2a3d
0x00cc2a43
0x00cc2a45
0x00cc2a58
0x00cc2a5b
0x00cc2a60
0x00cc2a66
0x00cc2a68
0x00cc2a7b
0x00cc2a7e
0x00cc2a83
0x00cc2a89
0x00cc2a8b
0x00cc2a9e
0x00cc2aa1
0x00cc2aa6
0x00cc2aac
0x00cc2aae
0x00cc2ac1
0x00cc2ac4
0x00cc2ac9
0x00cc2acf
0x00cc2ad1
0x00cc2ad9
0x00cc2ade
0x00cc2ae1
0x00cc2aeb
0x00cc2af1
0x00cc2af6
0x00cc2afb
0x00cc2afb
0x00cc2b06

APIs

Part of subcall function 00C837EA: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C83829
Part of subcall function 00C837EA: GetLastError.KERNEL32 ref: 00C83833

Part of subcall function 00CC4932: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00CC495A

GetProcAddress.KERNEL32(MsiDeterminePatchSequenceW,00000000), ref: 00CC29FD
GetProcAddress.KERNEL32(MsiDetermineApplicablePatchesW), ref: 00CC2A20
GetProcAddress.KERNEL32(MsiEnumProductsExW), ref: 00CC2A43
GetProcAddress.KERNEL32(MsiGetPatchInfoExW), ref: 00CC2A66
GetProcAddress.KERNEL32(MsiGetProductInfoExW), ref: 00CC2A89
GetProcAddress.KERNEL32(MsiSetExternalUIRecord), ref: 00CC2AAC
GetProcAddress.KERNEL32(MsiSourceListAddSourceExW), ref: 00CC2ACF

Strings

MsiGetProductInfoExW, xrefs: 00CC2A70
Msi.dll, xrefs: 00CC29C5
MsiDetermineApplicablePatchesW, xrefs: 00CC2A07
MsiEnumProductsExW, xrefs: 00CC2A2A
MsiSourceListAddSourceExW, xrefs: 00CC2AB6
MsiGetPatchInfoExW, xrefs: 00CC2A4D
MsiSetExternalUIRecord, xrefs: 00CC2A93
MsiDeterminePatchSequenceW, xrefs: 00CC29F2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AddressProc$ErrorLast$DirectorySystem
String ID: Msi.dll$MsiDetermineApplicablePatchesW$MsiDeterminePatchSequenceW$MsiEnumProductsExW$MsiGetPatchInfoExW$MsiGetProductInfoExW$MsiSetExternalUIRecord$MsiSourceListAddSourceExW
API String ID: 2510051996-1735120554
Opcode ID: 528abbdb77130dbaa4fd46e8651d42ecd962eb178f8c396761f1c1c5674fd62f
Instruction ID: ffbc92919308f0b08e335b3ec4829b037ed1e13cbac5b18afdeed25e1b5a86fb
Opcode Fuzzy Hash: 528abbdb77130dbaa4fd46e8651d42ecd962eb178f8c396761f1c1c5674fd62f
Instruction Fuzzy Hash: A331D5B1651289AFDF1DDF26EC92B3F3BBDAB54700740442EF4069A2A0E7B59D009F00

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2F23, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152
libraryloadercomCOMMON

Download Yara Rule

C-Code - Quality: 62%

			E00CC2F23(signed int _a4, intOrPtr* _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				_Unknown_base(*)()* _v20;
				signed int _t38;
				signed int _t46;
				signed int _t53;
				signed int _t58;
				signed short _t61;
				signed int _t64;
				signed int _t65;
				intOrPtr* _t66;
				intOrPtr* _t67;
				signed int _t68;
				signed int _t69;
				signed int _t71;
				signed int _t74;
				signed int _t79;
				struct HINSTANCE__* _t81;
				signed int _t82;

				_t64 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t81 = GetModuleHandleA("kernel32.dll");
				if(_t81 != 0) {
					_t38 = GetProcAddress(_t81, "IsWow64Process");
					__eflags = _t38;
					if(_t38 == 0) {
						_t79 = 0;
						L9:
						__imp__CoCreateInstance(0xceb6c8, 0, 1, 0xccb808,  &_v8); // executed
						_t82 = 0xceb6c8;
						__eflags = 0xceb6c8;
						if(0xceb6c8 < 0) {
							L23:
							__eflags = _t64;
							if(_t64 == 0) {
								L26:
								L27:
								_t66 = _v12;
								if(_t66 != 0) {
									 *((intOrPtr*)( *_t66 + 8))(_t66);
								}
								_t67 = _v8;
								if(_t67 != 0) {
									 *((intOrPtr*)( *_t67 + 8))(_t67);
								}
								return _t82;
							}
							_t46 =  *_t79(_v16);
							__eflags = _t46;
							if(_t46 != 0) {
								goto L26;
							}
							ExitProcess(1);
						}
						_t68 = 0;
						__eflags = 0;
						_t74 = 0xceb6c8;
						while(1) {
							__eflags =  *((intOrPtr*)(_t74 + _t68 * 4)) -  *((intOrPtr*)(0xccb7f8 + _t68 * 4));
							_t74 = 0xceb6c8;
							if(__eflags != 0) {
								break;
							}
							_t68 = _t68 + 1;
							__eflags = _t68 - 4;
							if(_t68 != 4) {
								continue;
							}
							L17:
							 *0xceb6dc = 1;
							L18:
							__eflags = _a4;
							if(_a4 == 0) {
								L21:
								_v8 = _v8 & 0x00000000;
								 *_a8 = _v8;
								_t71 = _a12;
								__eflags = _t71;
								if(_t71 != 0) {
									_t29 =  &_v12;
									 *_t29 = _v12 & 0x00000000;
									__eflags =  *_t29;
									 *_t71 = _v12;
								}
								goto L23;
							}
							_t82 = E00CC30BF( &_v12, _v8, _a4,  &_v12);
							__eflags = _t82;
							if(_t82 < 0) {
								goto L23;
							}
							_t53 = _v8;
							_t82 =  *((intOrPtr*)( *_t53 + 0x54))(_t53, _v12, 0);
							__eflags = _t82;
							if(_t82 < 0) {
								goto L23;
							}
							goto L21;
						}
						_t69 = 0;
						__eflags = 0;
						while(1) {
							__eflags =  *((intOrPtr*)(_t74 + _t69 * 4)) -  *((intOrPtr*)(0xccb7e8 + _t69 * 4));
							_t74 = 0xceb6c8;
							if(__eflags != 0) {
								goto L18;
							}
							_t69 = _t69 + 1;
							__eflags = _t69 - 4;
							if(_t69 != 4) {
								continue;
							}
							goto L17;
						}
						goto L18;
					}
					_v20 = GetProcAddress(_t81, "Wow64DisableWow64FsRedirection");
					_t65 = GetProcAddress(_t81, "Wow64EnableWow64FsRedirection");
					_t79 = GetProcAddress(_t81, "Wow64RevertWow64FsRedirection");
					_t58 = _v20;
					__eflags = _t58;
					if(_t58 == 0) {
						L7:
						_t64 = 0;
						goto L9;
					}
					__eflags = _t65;
					if(_t65 == 0) {
						goto L7;
					}
					__eflags = _t79;
					if(_t79 == 0) {
						goto L7;
					}
					 *_t58( &_v16);
					_t64 =  *_t65(1) & 0x000000ff;
					goto L9;
				}
				_t61 = GetLastError();
				_t85 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
				_t82 =  >=  ? 0x80004005 :  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
				E00C837D3(0x80004005, "xmlutil.cpp", 0x85, _t82);
				goto L27;
			}

0x00cc2f32
0x00cc2f34
0x00cc2f37
0x00cc2f3a
0x00cc2f43
0x00cc2f47
0x00cc2f89
0x00cc2f8b
0x00cc2f8d
0x00cc2fd0
0x00cc2fd2
0x00cc2fe5
0x00cc2feb
0x00cc2fed
0x00cc2fef
0x00cc3085
0x00cc3085
0x00cc3087
0x00cc309a
0x00cc309b
0x00cc309b
0x00cc30a0
0x00cc30a5
0x00cc30a5
0x00cc30a8
0x00cc30ad
0x00cc30b2
0x00cc30b2
0x00cc30bc
0x00cc30bc
0x00cc308c
0x00cc308e
0x00cc3090
0x00000000
0x00000000
0x00cc3094
0x00cc3094
0x00cc2ff5
0x00cc2ff5
0x00cc2ff7
0x00cc2ffc
0x00cc3004
0x00cc3007
0x00cc300c
0x00000000
0x00000000
0x00cc300e
0x00cc300f
0x00cc3012
0x00000000
0x00000000
0x00cc3030
0x00cc3030
0x00cc303a
0x00cc303a
0x00cc303e
0x00cc3069
0x00cc306f
0x00cc3073
0x00cc3075
0x00cc3078
0x00cc307a
0x00cc307f
0x00cc307f
0x00cc307f
0x00cc3083
0x00cc3083
0x00000000
0x00cc307a
0x00cc304f
0x00cc3051
0x00cc3053
0x00000000
0x00000000
0x00cc3055
0x00cc3063
0x00cc3065
0x00cc3067
0x00000000
0x00000000
0x00000000
0x00cc3067
0x00cc3016
0x00cc3016
0x00cc3018
0x00cc3020
0x00cc3023
0x00cc3028
0x00000000
0x00000000
0x00cc302a
0x00cc302b
0x00cc302e
0x00000000
0x00000000
0x00000000
0x00cc302e
0x00000000
0x00cc3018
0x00cc2f9d
0x00cc2fa8
0x00cc2fac
0x00cc2fae
0x00cc2fb1
0x00cc2fb3
0x00cc2fcc
0x00cc2fcc
0x00000000
0x00cc2fcc
0x00cc2fb5
0x00cc2fb7
0x00000000
0x00000000
0x00cc2fb9
0x00cc2fbb
0x00000000
0x00000000
0x00cc2fc1
0x00cc2fc7
0x00000000
0x00cc2fc7
0x00cc2f49
0x00cc2f5a
0x00cc2f64
0x00cc2f72
0x00000000

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00CC34DF,00000000,?,00000000), ref: 00CC2F3D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00CABDED,?,00C852FD,?,00000000,?), ref: 00CC2F49
GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00CC2F89
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CC2F95
GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 00CC2FA0
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CC2FAA
CoCreateInstance.OLE32(00CEB6C8,00000000,00000001,00CCB808,?,?,?,?,?,?,?,?,?,?,?,00CABDED), ref: 00CC2FE5
ExitProcess.KERNEL32 ref: 00CC3094

Strings

IsWow64Process, xrefs: 00CC2F83
Wow64RevertWow64FsRedirection, xrefs: 00CC2FA2
Wow64EnableWow64FsRedirection, xrefs: 00CC2F97
xmlutil.cpp, xrefs: 00CC2F6D
Wow64DisableWow64FsRedirection, xrefs: 00CC2F8F
kernel32.dll, xrefs: 00CC2F2D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AddressProc$CreateErrorExitHandleInstanceLastModuleProcess
String ID: IsWow64Process$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$xmlutil.cpp
API String ID: 2124981135-499589564
Opcode ID: e77d320380986c82d280485eeb73f6f7464db4de975b96b024c48bf17c891253
Instruction ID: efeaaec33ccb98f939e4eb81a99f78742770f582bee5c0b530e631a0696f2ce6
Opcode Fuzzy Hash: e77d320380986c82d280485eeb73f6f7464db4de975b96b024c48bf17c891253
Instruction Fuzzy Hash: 1641DF32A003A5ABDB24DFA9D845FAEB7A4EF44751F11806DF901EB250DB71DE408B90

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1484, Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00CA1484(void* _a4, intOrPtr _a8) {
				void* _t11;
				void* _t12;
				void* _t13;
				void* _t29;
				void* _t30;

				_t29 = _a4;
				 *(_t29 + 0x3c) =  *(_t29 + 0x3c) | 0xffffffff;
				_t30 = E00C821A5(_t29 + 0x1c, _a8, 0);
				if(_t30 >= 0) {
					_t11 = CreateEventW(0, 1, 0, 0);
					 *(_t29 + 0x24) = _t11;
					if(_t11 != 0) {
						_t12 = CreateEventW(0, 1, 0, 0);
						 *(_t29 + 0x28) = _t12;
						if(_t12 != 0) {
							_t13 = CreateThread(0, 0, E00CA0E43, _t29, 0, 0); // executed
							 *(_t29 + 0x20) = _t13;
							if(_t13 != 0) {
								_t30 = E00CA1224(_t29);
								if(_t30 < 0) {
									_push("Failed to wait for operation complete.");
									goto L10;
								}
							} else {
								_t34 =  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t17 & 0x0000ffff | 0x80070000;
								E00C837D3(0x80004005, "cabextract.cpp", 0x93, _t30);
								_push("Failed to create extraction thread.");
								goto L10;
							}
						} else {
							_t37 =  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t20 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "cabextract.cpp", 0x8f, _t30);
							_push("Failed to create operation complete event.");
							goto L10;
						}
					} else {
						_t40 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t30 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "cabextract.cpp", 0x8c, _t30);
						_push("Failed to create begin operation event.");
						goto L10;
					}
				} else {
					_push("Failed to copy file name.");
					L10:
					_push(_t30);
					E00CC012F();
				}
				return _t30;
			}

0x00ca148a
0x00ca1493
0x00ca14a0
0x00ca14a4
0x00ca14bb
0x00ca14bd
0x00ca14c2
0x00ca1501
0x00ca1503
0x00ca1508
0x00ca1549
0x00ca154f
0x00ca1554
0x00ca1591
0x00ca1595
0x00ca1597
0x00000000
0x00ca1597
0x00ca1556
0x00ca1567
0x00ca1571
0x00ca157f
0x00ca1584
0x00000000
0x00ca1584
0x00ca150a
0x00ca151b
0x00ca1525
0x00ca1533
0x00ca1538
0x00000000
0x00ca1538
0x00ca14c4
0x00ca14d5
0x00ca14df
0x00ca14ed
0x00ca14f2
0x00000000
0x00ca14f2
0x00ca14a6
0x00ca14a6
0x00ca159c
0x00ca159c
0x00ca159d
0x00ca15a3
0x00ca15aa

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,wininet.dll,?,00000000,00000000,00000000,?,?,00C8C285,?,00000000,?,00C8C319), ref: 00CA14BB
GetLastError.KERNEL32(?,00C8C285,?,00000000,?,00C8C319,00C852FD,?,?,00C8533D,00C8533D,00000000,?,00000000), ref: 00CA14C4

Strings

wininet.dll, xrefs: 00CA149A
cabextract.cpp, xrefs: 00CA14E8, 00CA152E, 00CA157A
Failed to wait for operation complete., xrefs: 00CA1597
Failed to create begin operation event., xrefs: 00CA14F2
Failed to create operation complete event., xrefs: 00CA1538
Failed to create extraction thread., xrefs: 00CA1584
Failed to copy file name., xrefs: 00CA14A6

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CreateErrorEventLast
String ID: Failed to copy file name.$Failed to create begin operation event.$Failed to create extraction thread.$Failed to create operation complete event.$Failed to wait for operation complete.$cabextract.cpp$wininet.dll
API String ID: 545576003-938279966
Opcode ID: 02417fc30f6f249c2f74daa84ae33a78f4ea17b03c92b70282575b47b05301c2
Instruction ID: 9c7a2147149c161f73195c5a6d1ecb2c11e3f05c111f11798770e6eff50532c1
Opcode Fuzzy Hash: 02417fc30f6f249c2f74daa84ae33a78f4ea17b03c92b70282575b47b05301c2
Instruction Fuzzy Hash: 8321F5B2E407367AF72126B99C46F6769ECEB457A8F020222FD05E7280E654DD0086E6

Uniqueness

Uniqueness Score: -1.00%

Function 00CA0627, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00CA0627(void* __ecx, CHAR* _a4) {
				void* _v8;
				long _t18;
				void* _t19;
				signed short _t22;
				void* _t27;
				int _t29;
				signed short _t33;
				signed int _t36;
				int _t37;
				signed int _t40;
				void** _t44;
				void* _t47;

				_push(__ecx);
				_t40 =  *0xceaac0; // 0x0
				_push(_t36);
				_t37 = _t36 | 0xffffffff;
				_t47 = 0;
				_v8 = _t37;
				_t44 =  *( *((intOrPtr*)( *[fs:0x2c] + _t40 * 4)) + 4);
				_t18 = CompareStringA(0, 0, "<the>.cab", _t37, _a4, _t37); // executed
				if(_t18 != 2) {
					_t19 = CreateFileA(_a4, 0x80000000, 1, 0, 3, 0x8000080, 0);
					_v8 = _t19;
					if(_t19 == _t37) {
						_t22 = GetLastError();
						_t51 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						_t47 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "cabextract.cpp", 0x2d5, _t47);
						E00CC012F(_t47, "Failed to open cabinet file: %hs", _a4);
					}
					L8:
					_t44[0xc] = _t47;
					_t21 =  <  ? _t37 : _v8;
					return  <  ? _t37 : _v8;
				}
				_t27 = GetCurrentProcess();
				_t29 = DuplicateHandle(GetCurrentProcess(),  *_t44, _t27,  &_v8, 0, 0, _t18); // executed
				if(_t29 != 0) {
					_t47 = E00CA04BE(_t40,  &(_t44[7]), _v8, _t44[2], _t44[3]);
					if(_t47 >= 0) {
						goto L8;
					}
					_push("Failed to add virtual file pointer for cab container.");
					L3:
					_push(_t47);
					E00CC012F();
					goto L8;
				}
				_t33 = GetLastError();
				_t55 =  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				_t47 =  >=  ? 0x80004005 :  <=  ? _t33 : _t33 & 0x0000ffff | 0x80070000;
				E00C837D3(0x80004005, "cabextract.cpp", 0x2ca, _t47);
				_push("Failed to duplicate handle to cab container.");
				goto L3;
			}

0x00ca062a
0x00ca062b
0x00ca0637
0x00ca063d
0x00ca0644
0x00ca0646
0x00ca0649
0x00ca0657
0x00ca0660
0x00ca06f0
0x00ca06f6
0x00ca06fb
0x00ca06fd
0x00ca070e
0x00ca0718
0x00ca0726
0x00ca0734
0x00ca0739
0x00ca073c
0x00ca073c
0x00ca0746
0x00ca074d
0x00ca074d
0x00ca066f
0x00ca0677
0x00ca067f
0x00ca06d0
0x00ca06d4
0x00000000
0x00000000
0x00ca06d6
0x00ca06b4
0x00ca06b4
0x00ca06b5
0x00000000
0x00ca06bb
0x00ca0681
0x00ca0692
0x00ca069c
0x00ca06aa
0x00ca06af
0x00000000

APIs

CompareStringA.KERNELBASE(00000000,00000000,<the>.cab,?,?), ref: 00CA0657
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 00CA066F
GetCurrentProcess.KERNEL32(?,00000000,?,?), ref: 00CA0674
DuplicateHandle.KERNELBASE(00000000,?,?), ref: 00CA0677
GetLastError.KERNEL32(?,?), ref: 00CA0681
CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,08000080,00000000,?,?), ref: 00CA06F0
GetLastError.KERNEL32(?,?), ref: 00CA06FD

Strings

Failed to add virtual file pointer for cab container., xrefs: 00CA06D6
Failed to duplicate handle to cab container., xrefs: 00CA06AF
cabextract.cpp, xrefs: 00CA06A5, 00CA0721
Failed to open cabinet file: %hs, xrefs: 00CA072E
<the>.cab, xrefs: 00CA0650

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CurrentErrorLastProcess$CompareCreateDuplicateFileHandleString
String ID: <the>.cab$Failed to add virtual file pointer for cab container.$Failed to duplicate handle to cab container.$Failed to open cabinet file: %hs$cabextract.cpp
API String ID: 3030546534-3446344238
Opcode ID: 4a591a91aad30a342ddcbf52f0627e64cfc5e0bb71c91ded5855f31d38151a5d
Instruction ID: a1740a26cfe78b565e112725924ada9547c732589174d9dcd85f3d07302fa489
Opcode Fuzzy Hash: 4a591a91aad30a342ddcbf52f0627e64cfc5e0bb71c91ded5855f31d38151a5d
Instruction Fuzzy Hash: 9031F372A41725BBEB216BA5CC49F9F7AACEF057A4F110126FD08E7250C7209D109AE5

Uniqueness

Uniqueness Score: -1.00%

Function 00C86C5D, Relevance: 19.7, APIs: 2, Strings: 11, Instructions: 167
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E00C86C5D(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, signed int* _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _t44;
				void* _t47;
				signed int _t53;
				void* _t55;
				void* _t57;
				struct _CRITICAL_SECTION* _t68;
				void* _t69;
				signed int _t70;
				signed int _t74;
				signed int _t75;
				unsigned int _t79;
				intOrPtr _t80;
				void* _t81;
				intOrPtr _t82;
				signed int* _t83;
				void* _t84;

				_t69 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t68 = _a4;
				EnterCriticalSection(_t68);
				_t80 = _a8;
				_t81 = E00C855B6(_t69, _t68, _t80,  &_v8);
				if(_t81 >= 0) {
					_t44 = _v8;
					if(_t81 != 1) {
						_t77 =  *(_t68 + 0x20);
						_t70 = _t44 * 0x38;
						_t82 =  *((intOrPtr*)(_t70 + _t77 + 0x2c));
						if(_t82 <= 0 || _a20 == 1 || _a20 == 2 &&  *((intOrPtr*)(_t70 + _t77 + 0x28)) != 0 || _a20 == 3 && _t82 != 2) {
							L14:
							_t83 = _a12;
							if(_a24 == 0) {
								L31:
								_a20 = _v8 * 0x38;
								_t47 = E00CA035B(_t77,  *(_t68 + 0x20) + 8 + _v8 * 0x38, _t83); // executed
								_t81 = _t47;
								if(_t81 >= 0) {
									 *((intOrPtr*)( *(_t68 + 0x20) + _a20 + 0x24)) = _a16;
									goto L34;
								}
								_push(_t80);
								_push("Failed to set value of variable: %ls");
								goto L2;
							}
							_t77 =  *(_t68 + 0x20);
							_t74 = _t44 * 0x38;
							if( *((intOrPtr*)(_t74 + _t77 + 0x2c)) != 0) {
								goto L31;
							}
							if( *((intOrPtr*)(_t74 + _t77 + 0x20)) == 0) {
								_t53 = _t83[4];
								if(_t53 == 0) {
									if( *((intOrPtr*)(_t74 + _t77 + 0x18)) == 0) {
										goto L31;
									}
									_push( *_t83);
									L29:
									_push(_t80);
									_push("Unsetting variable \'%ls\'");
									L30:
									_push(2);
									E00CC061A();
									_t84 = _t84 + 0x10;
									goto L31;
								}
								_t55 = _t53 - 1;
								if(_t55 == 0) {
									_push(_t83[1]);
									_push( *_t83);
									E00CC061A(2, "Setting numeric variable \'%ls\' to value %lld", _t80);
									_t84 = _t84 + 0x14;
									goto L31;
								}
								_t57 = _t55 - 1;
								if(_t57 == 0) {
									if( *_t83 != 0) {
										_push( *_t83);
										_push(_t80);
										_push("Setting string variable \'%ls\' to value \'%ls\'");
										goto L30;
									}
									_push(0);
									goto L29;
								}
								if(_t57 == 1) {
									_t75 =  *_t83;
									_t79 = _t83[1];
									_push(_t75 & 0x0000ffff);
									_v12 = _t79;
									_push((_t79 << 0x00000020 | _t75) >> 0x10 & 0x0000ffff);
									_push(_t79 & 0x0000ffff);
									_t77 = _t79 >> 0x10;
									_push(_t79 >> 0x10);
									E00CC061A(2, "Setting version variable \'%ls\' to value \'%hu.%hu.%hu.%hu\'", _t80);
									_t84 = _t84 + 0x1c;
								}
								goto L31;
							}
							E00CC061A(2, "Setting hidden variable \'%ls\'", _t80);
							_t84 = _t84 + 0xc;
							goto L31;
						} else {
							_t81 = 0x80070057;
							E00C837D3(_t44, "variable.cpp", 0x605, 0x80070057);
							_push(_t80);
							_push("Attempt to set built-in variable value: %ls");
							L2:
							_push(_t81);
							E00CC012F();
							_t84 = _t84 + 0xc;
							L34:
							LeaveCriticalSection(_t68);
							if(_t81 < 0 && _a24 != 0) {
								_push(_t81);
								E00CC061A(2, "Setting variable failed: ID \'%ls\', HRESULT 0x%x", _t80);
							}
							return _t81;
						}
					}
					_t81 = E00C86AC6(_t44, _t69, _t68, _t80, _t44);
					if(_t81 >= 0) {
						_t44 = _v8;
						goto L14;
					}
					_push(_t80);
					_push("Failed to insert variable \'%ls\'.");
					goto L2;
				}
				_push(_t80);
				_push("Failed to find variable value \'%ls\'.");
				goto L2;
			}

0x00c86c5d
0x00c86c63
0x00c86c68
0x00c86c6e
0x00c86c74
0x00c86c82
0x00c86c86
0x00c86c9c
0x00c86ca2
0x00c86cba
0x00c86cbd
0x00c86cc0
0x00c86cc6
0x00c86d06
0x00c86d0a
0x00c86d0d
0x00c86dcd
0x00c86dd5
0x00c86dde
0x00c86de3
0x00c86de7
0x00c86dfd
0x00000000
0x00c86dfd
0x00c86de9
0x00c86dea
0x00000000
0x00c86dea
0x00c86d13
0x00c86d16
0x00c86d1e
0x00000000
0x00000000
0x00c86d29
0x00c86d43
0x00c86d46
0x00c86db9
0x00000000
0x00000000
0x00c86dbb
0x00c86dbd
0x00c86dbd
0x00c86dbe
0x00c86dc3
0x00c86dc3
0x00c86dc5
0x00c86dca
0x00000000
0x00c86dca
0x00c86d48
0x00c86d4b
0x00c86d9d
0x00c86da0
0x00c86daa
0x00c86daf
0x00000000
0x00c86daf
0x00c86d4d
0x00c86d50
0x00c86d8d
0x00c86d93
0x00c86d95
0x00c86d96
0x00000000
0x00c86d96
0x00c86d8f
0x00000000
0x00c86d8f
0x00c86d55
0x00c86d57
0x00c86d59
0x00c86d5f
0x00c86d62
0x00c86d6f
0x00c86d73
0x00c86d74
0x00c86d77
0x00c86d80
0x00c86d85
0x00c86d85
0x00000000
0x00c86d55
0x00c86d33
0x00c86d38
0x00000000
0x00c86ce6
0x00c86ce6
0x00c86cf6
0x00c86cfb
0x00c86cfc
0x00c86c8e
0x00c86c8e
0x00c86c8f
0x00c86c94
0x00c86e01
0x00c86e02
0x00c86e0a
0x00c86e12
0x00c86e1b
0x00c86e20
0x00c86e2b
0x00c86e2b
0x00c86cc6
0x00c86cac
0x00c86cb0
0x00c86d03
0x00000000
0x00c86d03
0x00c86cb2
0x00c86cb3
0x00000000
0x00c86cb3
0x00c86c88
0x00c86c89
0x00000000

APIs

EnterCriticalSection.KERNEL32(00000001,?,00000000,00C8533D,00000000,00000001), ref: 00C86C6E

Part of subcall function 00C855B6: CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,00C8648B,00C8648B,?,00C8554A,?,?,00000000), ref: 00C855F2
Part of subcall function 00C855B6: GetLastError.KERNEL32(?,00C8554A,?,?,00000000,?,00000000,00C8648B,?,00C87DDC,?,?,?,?,?), ref: 00C85621

LeaveCriticalSection.KERNEL32(00000001,?,00000001), ref: 00C86E02

Strings

Setting numeric variable '%ls' to value %lld, xrefs: 00C86DA3
Unsetting variable '%ls', xrefs: 00C86DBE
Failed to find variable value '%ls'., xrefs: 00C86C89
Failed to insert variable '%ls'., xrefs: 00C86CB3
Setting version variable '%ls' to value '%hu.%hu.%hu.%hu', xrefs: 00C86D79
Attempt to set built-in variable value: %ls, xrefs: 00C86CFC
Setting string variable '%ls' to value '%ls', xrefs: 00C86D96
variable.cpp, xrefs: 00C86CF1
Failed to set value of variable: %ls, xrefs: 00C86DEA
Setting variable failed: ID '%ls', HRESULT 0x%x, xrefs: 00C86E14
Setting hidden variable '%ls', xrefs: 00C86D2C

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$CompareEnterErrorLastLeaveString
String ID: Attempt to set built-in variable value: %ls$Failed to find variable value '%ls'.$Failed to insert variable '%ls'.$Failed to set value of variable: %ls$Setting hidden variable '%ls'$Setting numeric variable '%ls' to value %lld$Setting string variable '%ls' to value '%ls'$Setting variable failed: ID '%ls', HRESULT 0x%x$Setting version variable '%ls' to value '%hu.%hu.%hu.%hu'$Unsetting variable '%ls'$variable.cpp
API String ID: 2716280545-445000439
Opcode ID: c5ef3c297a76b521c32b71e0bed1292dc30f96c490761be4ea16e8127f869b97
Instruction ID: 11f380c38f3f7aec5c3d830e53776abde9525af7767e9c006c2e073c46e60865
Opcode Fuzzy Hash: c5ef3c297a76b521c32b71e0bed1292dc30f96c490761be4ea16e8127f869b97
Instruction Fuzzy Hash: 8F512871B00224A7CB30AF15CD4AF6B7B68EB9570CF20052EFC595A282C270DE50DBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00C96859, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 68
COMMON

Download Yara Rule

C-Code - Quality: 52%

			E00C96859(void* __ecx, void* _a4, signed int* _a8, intOrPtr* _a12) {
				void* _v8;
				void* _t12;
				int _t14;
				signed int _t17;
				void* _t18;
				signed int* _t29;
				void* _t33;

				_v8 = _v8 | 0xffffffff;
				_t29 = _a8;
				 *_t29 =  *_t29 | 0xffffffff;
				_t12 = GetCurrentProcess();
				_t14 = DuplicateHandle(GetCurrentProcess(), _a4, _t12,  &_v8, 0, 1, 2); // executed
				if(_t14 != 0) {
					_push(_v8);
					_t15 = _a12;
					_push(L"burn.filehandle.attached");
					_t33 = E00C81F62(_a12, L"%ls -%ls=%u",  *_t15);
					if(_t33 >= 0) {
						_t17 = _v8;
						 *_t29 = _t17;
						_t18 = _t17 | 0xffffffff;
						_v8 = _t18;
					} else {
						_push("Failed to append the file handle to the command line.");
						goto L2;
					}
				} else {
					_t37 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
					_t33 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "core.cpp", 0x3da, _t33);
					_push("Failed to duplicate file handle for attached container.");
					L2:
					_push(_t33);
					E00CC012F();
					_t18 = _v8;
				}
				if(_t18 != 0xffffffff) {
					CloseHandle(_t18);
				}
				return _t33;
			}

0x00c9685d
0x00c9686c
0x00c96875
0x00c96879
0x00c96882
0x00c9688a
0x00c968cc
0x00c968cf
0x00c968d2
0x00c968e4
0x00c968eb
0x00c968f4
0x00c968f7
0x00c968f9
0x00c968fc
0x00c968ed
0x00c968ed
0x00000000
0x00c968ed
0x00c9688c
0x00c9689d
0x00c968a7
0x00c968b5
0x00c968ba
0x00c968bf
0x00c968bf
0x00c968c0
0x00c968c5
0x00c968c9
0x00c96902
0x00c96905
0x00c96905
0x00c96912

APIs

GetCurrentProcess.KERNEL32(000000FF,00000000,00000001,00000002,?,00000000,?,?,00C84D0B,?,?), ref: 00C96879
GetCurrentProcess.KERNEL32(?,00000000,?,?,00C84D0B,?,?), ref: 00C9687F
DuplicateHandle.KERNELBASE(00000000,?,?,00C84D0B,?,?), ref: 00C96882
GetLastError.KERNEL32(?,?,00C84D0B,?,?), ref: 00C9688C
CloseHandle.KERNEL32(000000FF,?,00C84D0B,?,?), ref: 00C96905

Strings

Failed to append the file handle to the command line., xrefs: 00C968ED
burn.filehandle.attached, xrefs: 00C968D2
core.cpp, xrefs: 00C968B0
%ls -%ls=%u, xrefs: 00C968D9
Failed to duplicate file handle for attached container., xrefs: 00C968BA

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CurrentHandleProcess$CloseDuplicateErrorLast
String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to duplicate file handle for attached container.$burn.filehandle.attached$core.cpp
API String ID: 4224961946-4196573879
Opcode ID: a9bd396f9ce14a71c4dddc9647b886d0b0afb13996d5753ce4ac3eb948322e4c
Instruction ID: 78ebd6b90eea07fd001e072d812c0f73cf73c871c7a548f47afbce7e30d72373
Opcode Fuzzy Hash: a9bd396f9ce14a71c4dddc9647b886d0b0afb13996d5753ce4ac3eb948322e4c
Instruction Fuzzy Hash: CF117271A40715FBDB10ABB9DD0AF9E7BA8AF04B20F210226F921E72D0D7718E119794

Uniqueness

Uniqueness Score: -1.00%

Function 00C96915, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 72
fileCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00C96915(WCHAR* _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				struct _SECURITY_ATTRIBUTES _v16;
				void* _t10;
				void** _t18;
				void* _t22;
				void* _t23;

				_t18 = _a8;
				_t23 = 0;
				 *_t18 =  *_t18 | 0xffffffff;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16.bInheritHandle = 1;
				_t10 = CreateFileW(_a4, 0x80000000, 5,  &_v16, 3, 0x80, 0); // executed
				_t22 = _t10;
				if(_t22 == 0xffffffff) {
					L10:
					return _t23;
				}
				_push(_t22);
				_push(L"burn.filehandle.self");
				_t23 = E00C81F62(_a12, L"%ls -%ls=%u",  *_a12);
				if(_t23 >= 0) {
					_t14 = _a16;
					if(_a16 == 0) {
						L7:
						 *_t18 = _t22;
						_t22 = _t22 | 0xffffffff;
						L8:
						if(_t22 != 0xffffffff) {
							CloseHandle(_t22);
						}
						goto L10;
					}
					_push(_t22);
					_push(L"burn.filehandle.self");
					_t23 = E00C81F20(_t14, L"%ls -%ls=%u",  *_t14);
					if(_t23 >= 0) {
						goto L7;
					}
					_push("Failed to append the file handle to the obfuscated command line.");
					L3:
					_push(_t23);
					E00CC012F();
					goto L8;
				}
				_push("Failed to append the file handle to the command line.");
				goto L3;
			}

0x00c9691c
0x00c96926
0x00c96928
0x00c9692b
0x00c96934
0x00c96935
0x00c96944
0x00c9694b
0x00c96951
0x00c96956
0x00c969c2
0x00c969c9
0x00c969c9
0x00c9695b
0x00c9695c
0x00c9696e
0x00c96975
0x00c96986
0x00c9698b
0x00c969b0
0x00c969b0
0x00c969b2
0x00c969b5
0x00c969b8
0x00c969bb
0x00c969bb
0x00000000
0x00c969b8
0x00c9698d
0x00c9698e
0x00c969a0
0x00c969a7
0x00000000
0x00000000
0x00c969a9
0x00c9697c
0x00c9697c
0x00c9697d
0x00000000
0x00c96983
0x00c96977
0x00000000

APIs

CreateFileW.KERNELBASE(?,80000000,00000005,?,00000003,00000080,00000000,?,00000000,?,?,?), ref: 00C9694B
CloseHandle.KERNEL32(00000000), ref: 00C969BB

Strings

Failed to append the file handle to the command line., xrefs: 00C96977
burn.filehandle.self, xrefs: 00C9695C, 00C9698E
Failed to append the file handle to the obfuscated command line., xrefs: 00C969A9
%ls -%ls=%u, xrefs: 00C96963, 00C96995

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseCreateFileHandle
String ID: %ls -%ls=%u$Failed to append the file handle to the command line.$Failed to append the file handle to the obfuscated command line.$burn.filehandle.self
API String ID: 3498533004-3263533295
Opcode ID: 3b76287312f9c1eb9eedbd99dd7734e4183f761bd0e27d711e0776fd4b465da2
Instruction ID: 73519a68b6add110a250332430481d7e553595d1cef83dfdb7189c7967401bfa
Opcode Fuzzy Hash: 3b76287312f9c1eb9eedbd99dd7734e4183f761bd0e27d711e0776fd4b465da2
Instruction Fuzzy Hash: 6B110832640610BBCB206AB9DC0AF5F7BA8DB45B70F020365FE28AB2E1D77059119691

Uniqueness

Uniqueness Score: -1.00%

Function 00CC076C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00CC076C(void* _a4, signed int* _a8) {
				void* _v8;
				void _v12;
				long _v16;
				int _t20;
				signed short _t27;
				long _t31;

				_t31 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(OpenProcessToken(_a4, 8,  &_v8) != 0) {
					_t20 = GetTokenInformation(_v8, 0x14,  &_v12, 4,  &_v16); // executed
					if(_t20 == 0) {
						_t31 =  <=  ? GetLastError() : 0x80004005 & 0x0000ffff | 0x80070000;
						if(_t31 != 0x80070057) {
							if(_t31 < 0) {
								_push(_t31);
								_push(0x35);
								goto L8;
							}
						} else {
							_t31 = 0;
							 *_a8 = 0;
						}
					} else {
						 *_a8 = 0 | _v12 != 0x00000000;
					}
				} else {
					_t27 = GetLastError();
					_t36 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_push(_t31);
					_push(0x21);
					L8:
					_push("procutil.cpp");
					E00C837D3(0x80004005);
				}
				if(_v8 != 0) {
					FindCloseChangeNotification(_v8); // executed
				}
				return _t31;
			}

0x00cc077f
0x00cc0781
0x00cc0784
0x00cc0787
0x00cc0792
0x00cc07c6
0x00cc07ce
0x00cc07f0
0x00cc07f9
0x00cc0806
0x00cc0808
0x00cc0809
0x00000000
0x00cc0809
0x00cc07fb
0x00cc07fe
0x00cc0800
0x00cc0800
0x00cc07d0
0x00cc07db
0x00cc07db
0x00cc0794
0x00cc0794
0x00cc07a5
0x00cc07af
0x00cc07b2
0x00cc07b3
0x00cc080b
0x00cc080b
0x00cc0810
0x00cc0810
0x00cc0818
0x00cc081d
0x00cc081d
0x00cc082a

APIs

OpenProcessToken.ADVAPI32(?,00000008,?,00C852B5,00000000,?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC078A
GetLastError.KERNEL32(?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC0794
GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC07C6
FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,00C974AB,00000000), ref: 00CC081D

Strings

procutil.cpp, xrefs: 00CC080B

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Token$ChangeCloseErrorFindInformationLastNotificationOpenProcess
String ID: procutil.cpp
API String ID: 2387526074-1178289305
Opcode ID: d36571ac79b610d376a68f25f80777f3f6c8a8111ede23e2e0db6ef13cd3b4a6
Instruction ID: da96d08a7ac2a3c462e2503c1ac9d11b41046d5cdbd3d2f1f65afcd9e8b6c010
Opcode Fuzzy Hash: d36571ac79b610d376a68f25f80777f3f6c8a8111ede23e2e0db6ef13cd3b4a6
Instruction Fuzzy Hash: BC218471D40228EBDB109B95DC45F9EBBE8EF54751F21816AED15E7190D7708E00DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC343B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00CC344A
InterlockedIncrement.KERNEL32(00CEB6D8), ref: 00CC3467
CLSIDFromProgID.OLE32(Msxml2.DOMDocument,00CEB6C8,?,?,?,?,?,?), ref: 00CC3482
CLSIDFromProgID.OLE32(MSXML.DOMDocument,00CEB6C8,?,?,?,?,?,?), ref: 00CC348E

Strings

MSXML.DOMDocument, xrefs: 00CC3489
Msxml2.DOMDocument, xrefs: 00CC347D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: FromProg$IncrementInitializeInterlocked
String ID: MSXML.DOMDocument$Msxml2.DOMDocument
API String ID: 2109125048-2356320334
Opcode ID: 700d16726a3ce7aea560b7f3958940a8026cd6dd0d7368454bdd84f1384a1e26
Instruction ID: fae652b5accd7176fc9070c20298f4b84b46e04c8c5c62f80caef015efc79047
Opcode Fuzzy Hash: 700d16726a3ce7aea560b7f3958940a8026cd6dd0d7368454bdd84f1384a1e26
Instruction Fuzzy Hash: B6F0A7207413F556CB1ACBD6FC0EF2B1E6C9B80B95F00402CF800D1194D3509E818AA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4932, Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 94
memoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00CC4932(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				void* _v8;
				char _v12;
				char _v16;
				long _t15;
				char* _t18;
				long _t25;
				intOrPtr _t28;
				void* _t31;
				int _t32;

				_t15 =  &_v8;
				_push(_t15);
				_push(_a4);
				_t32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				L00CC94F0(); // executed
				_t25 = _t15;
				if(_t25 != 0) {
					L4:
					_t16 = GlobalAlloc(0, _t25); // executed
					_t31 = _t16;
					if(_t31 != 0) {
						_push(_t31);
						_push(_t25);
						_push(_v8);
						_push(_a4);
						L00CC9500(); // executed
						if(_t16 != 0) {
							L10:
							_push( &_v16);
							_t18 =  &_v12;
							_push(_t18);
							_push("\\");
							_push(_t31);
							L00CC9510();
							if(_t18 != 0) {
								L13:
								_t28 = _v12;
								 *_a8 =  *((intOrPtr*)(_t28 + 8));
								 *_a12 =  *((intOrPtr*)(_t28 + 0xc));
							} else {
								_t32 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
								if(_t32 >= 0) {
									goto L13;
								} else {
									_push(_t32);
									_push(0x122);
									goto L9;
								}
							}
						} else {
							_t32 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
							if(_t32 >= 0) {
								goto L10;
							} else {
								_push(_t32);
								_push(0x11d);
								L9:
								_push("fileutil.cpp");
								E00C837D3(_t22);
							}
						}
						GlobalFree(_t31);
					} else {
						_t32 = 0x8007000e;
						_push(0x8007000e);
						_push(0x119);
						goto L3;
					}
				} else {
					_t32 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					if(_t32 >= 0) {
						goto L4;
					} else {
						_push(_t32);
						_push(0x115);
						L3:
						_push("fileutil.cpp");
						E00C837D3(_t16);
					}
				}
				return _t32;
			}

0x00cc493b
0x00cc4940
0x00cc4941
0x00cc4944
0x00cc4946
0x00cc4949
0x00cc494c
0x00cc494f
0x00cc4954
0x00cc4958
0x00cc4987
0x00cc4989
0x00cc498f
0x00cc4993
0x00cc49a2
0x00cc49a3
0x00cc49a4
0x00cc49a7
0x00cc49aa
0x00cc49b1
0x00cc49dd
0x00cc49e0
0x00cc49e1
0x00cc49e4
0x00cc49e5
0x00cc49ea
0x00cc49eb
0x00cc49f2
0x00cc4a14
0x00cc4a14
0x00cc4a1d
0x00cc4a25
0x00cc49f4
0x00cc4a05
0x00cc4a0a
0x00000000
0x00cc4a0c
0x00cc4a0c
0x00cc4a0d
0x00000000
0x00cc4a0d
0x00cc4a0a
0x00cc49b3
0x00cc49c4
0x00cc49c9
0x00000000
0x00cc49cb
0x00cc49cb
0x00cc49cc
0x00cc49d1
0x00cc49d1
0x00cc49d6
0x00cc49d6
0x00cc49c9
0x00cc4a28
0x00cc4995
0x00cc4995
0x00cc499a
0x00cc499b
0x00000000
0x00cc499b
0x00cc495a
0x00cc496b
0x00cc4970
0x00000000
0x00cc4972
0x00cc4972
0x00cc4973
0x00cc4978
0x00cc4978
0x00cc497d
0x00cc497d
0x00cc4970
0x00cc4a36

APIs

GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 00CC495A
GlobalAlloc.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00CC4989
GetLastError.KERNEL32(?,00000000,00000000,00000000), ref: 00CC49B3
GetLastError.KERNEL32(00000000,00CCB790,?,?,?,00000000,00000000,00000000), ref: 00CC49F4
GlobalFree.KERNEL32 ref: 00CC4A28

Strings

fileutil.cpp, xrefs: 00CC4978, 00CC49D1

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$Global$AllocFree
String ID: fileutil.cpp
API String ID: 1145190524-2967768451
Opcode ID: b2bcb8eacefac7868acdb46729f69542b35b166b7588aafc0d0bc6481d891a39
Instruction ID: f668f5a3d3ef63261a8e04bf9df55df5219cffbf23a4e9b3e87d3f58df16328e
Opcode Fuzzy Hash: b2bcb8eacefac7868acdb46729f69542b35b166b7588aafc0d0bc6481d891a39
Instruction Fuzzy Hash: 5D21C575A40329AB97159BA6CC55FAFBBACEF84361F01816AFD05E7210D7308D0096A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CA07E4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 59%

			E00CA07E4(signed int __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12) {
				union _LARGE_INTEGER* _v8;
				intOrPtr _v12;
				void* _v16;
				intOrPtr _t32;
				signed short _t36;
				signed short _t41;
				signed short _t42;
				void* _t46;
				union _LARGE_INTEGER _t52;
				signed int _t55;
				signed int _t56;
				intOrPtr _t60;
				intOrPtr _t61;
				signed short _t64;

				_t55 =  *0xceaac0; // 0x0
				_t61 = 0;
				_v16 = 0;
				_v12 = 0;
				_t60 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t55 * 4)) + 4));
				_t32 = _a12;
				if(_t32 == 0) {
					asm("cdq");
					_t56 = __edx;
					_t52 = _a8.LowPart +  *((intOrPtr*)(_t60 + 8));
					asm("adc ecx, [edi+0xc]");
					goto L7;
				} else {
					_t46 = _t32 - 1;
					if(_t46 == 0) {
						asm("cdq");
						_t52 = _a8.LowPart;
						_t56 = __edx;
						goto L7;
					} else {
						if(_t46 == 1) {
							_t56 =  *(_t60 + 0x14);
							asm("adc ecx, [edi+0xc]");
							asm("cdq");
							_t52 =  *((intOrPtr*)(_t60 + 0x10)) +  *((intOrPtr*)(_t60 + 8)) + _a8.LowPart;
							asm("adc ecx, edx");
							L7:
							_v8 = _t56;
							_t36 = E00CA11CF(__eflags, _t60 + 0x1c, _a4, _t52, _t56,  &_v16, _a12);
							__eflags = _t36;
							if(_t36 == 0) {
								L10:
								_t25 =  &_v16;
								 *_t25 = _v16 -  *((intOrPtr*)(_t60 + 8));
								__eflags =  *_t25;
							} else {
								_push(_a12);
								_t41 = SetFilePointerEx(_a4, _t52, _v8,  &_v16); // executed
								__eflags = _t41;
								if(_t41 != 0) {
									goto L10;
								} else {
									_t42 = GetLastError();
									__eflags = _t42;
									_t64 =  <=  ? _t42 : _t42 & 0x0000ffff | 0x80070000;
									__eflags = _t64;
									_t61 =  >=  ? 0x80004005 : _t64;
									E00C837D3(0x80004005, "cabextract.cpp", 0x345, _t61);
									E00CC012F(_t61, "Failed to move file pointer 0x%x bytes.", _a8);
								}
							}
						} else {
							_t61 = 0x80070057;
							_push("Invalid seek type.");
							E00CC012F();
							_t56 = 0x80070057;
						}
					}
				}
				 *((intOrPtr*)(_t60 + 0x30)) = _t61;
				_t39 =  <  ? _t56 | 0xffffffff : _v16;
				return  <  ? _t56 | 0xffffffff : _v16;
			}

0x00ca07ea
0x00ca07fc
0x00ca07fe
0x00ca0801
0x00ca0804
0x00ca080d
0x00ca080f
0x00ca0855
0x00ca0858
0x00ca085a
0x00ca085d
0x00000000
0x00ca0811
0x00ca0811
0x00ca0814
0x00ca084b
0x00ca084c
0x00ca084e
0x00000000
0x00ca0816
0x00ca0819
0x00ca083b
0x00ca083e
0x00ca0841
0x00ca0842
0x00ca0844
0x00ca0860
0x00ca0866
0x00ca0873
0x00ca0878
0x00ca087a
0x00ca08d5
0x00ca08d8
0x00ca08d8
0x00ca08d8
0x00ca087c
0x00ca087c
0x00ca088a
0x00ca0890
0x00ca0892
0x00000000
0x00ca0894
0x00ca0894
0x00ca08a3
0x00ca08a5
0x00ca08ad
0x00ca08af
0x00ca08bd
0x00ca08cb
0x00ca08d0
0x00ca0892
0x00ca081b
0x00ca081b
0x00ca0820
0x00ca0826
0x00ca082c
0x00ca082c
0x00ca0819
0x00ca0814
0x00ca08db
0x00ca08e8
0x00ca08ef

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?), ref: 00CA088A
GetLastError.KERNEL32(?,?,?), ref: 00CA0894

Strings

Invalid seek type., xrefs: 00CA0820
Failed to move file pointer 0x%x bytes., xrefs: 00CA08C5
cabextract.cpp, xrefs: 00CA08B8

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: Failed to move file pointer 0x%x bytes.$Invalid seek type.$cabextract.cpp
API String ID: 2976181284-417918914
Opcode ID: bd6e128a046b4f385d1a0d97dc4e31c503394ce2421ced8f83100e9f7473761a
Instruction ID: 80780ef77f67ceeefb5b89d430eb6f16c5e01078638a53e870de921e8963532f
Opcode Fuzzy Hash: bd6e128a046b4f385d1a0d97dc4e31c503394ce2421ced8f83100e9f7473761a
Instruction Fuzzy Hash: 6A31C231A0021AFFDB04DFA9C884EAAB7A8FF05764F148229F915A7650D334AE10CBD4

Uniqueness

Uniqueness Score: -1.00%

Function 00CC31C7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84
memoryCOMMON

Download Yara Rule

C-Code - Quality: 54%

			E00CC31C7(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v20;
				char _v28;
				intOrPtr* _t23;
				void* _t24;
				signed int _t33;
				void* _t35;
				intOrPtr* _t38;
				intOrPtr* _t39;
				void* _t43;
				void* _t44;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t43 = 0;
				__imp__#8( &_v28);
				_t23 = _a4;
				_t24 =  *((intOrPtr*)( *_t23 + 0x44))(_t23,  &_v8);
				_t44 = _t24;
				if(_t44 < 0) {
					L9:
					_t38 = _v8;
					if(_t38 != 0) {
						 *((intOrPtr*)( *_t38 + 8))(_t38);
					}
					_t39 = _v12;
					if(_t39 != 0) {
						 *((intOrPtr*)( *_t39 + 8))(_t39);
					}
					__imp__#9( &_v28);
					if(_t43 != 0) {
						__imp__#6(_t43);
					}
					return _t44;
				}
				__imp__#2(_a8);
				_t43 = _t24;
				if(_t43 != 0) {
					_t44 = E00CC336E( &_v12, _v8, _t43,  &_v12);
					if(_t44 != 1) {
						if(_t44 < 0) {
							goto L9;
						}
						_t33 = _v12;
						_t44 =  *((intOrPtr*)( *_t33 + 0x20))(_t33,  &_v28);
						if(_t44 == 1) {
							goto L4;
						}
						if(_t44 >= 0) {
							_t35 = E00C821A5(_a12, _v20, 0); // executed
							_t44 = _t35;
						}
						goto L9;
					}
					L4:
					_t44 = 0x80070490;
					goto L9;
				}
				_t44 = 0x8007000e;
				E00C837D3(_t24, "xmlutil.cpp", 0x2a6, 0x8007000e);
				goto L9;
			}

0x00cc31cd
0x00cc31d4
0x00cc31db
0x00cc31dd
0x00cc31e3
0x00cc31ed
0x00cc31f0
0x00cc31f4
0x00cc3262
0x00cc3262
0x00cc3267
0x00cc326c
0x00cc326c
0x00cc326f
0x00cc3274
0x00cc3279
0x00cc3279
0x00cc3280
0x00cc3288
0x00cc328b
0x00cc328b
0x00cc3298
0x00cc3298
0x00cc31f9
0x00cc31ff
0x00cc3203
0x00cc3229
0x00cc322e
0x00cc3239
0x00000000
0x00000000
0x00cc323b
0x00cc3248
0x00cc324d
0x00000000
0x00000000
0x00cc3251
0x00cc325b
0x00cc3260
0x00cc3260
0x00000000
0x00cc3251
0x00cc3230
0x00cc3230
0x00000000
0x00cc3230
0x00cc3205
0x00cc3215
0x00000000

APIs

VariantInit.OLEAUT32(?), ref: 00CC31DD
SysAllocString.OLEAUT32(?), ref: 00CC31F9
VariantClear.OLEAUT32(?), ref: 00CC3280
SysFreeString.OLEAUT32(00000000), ref: 00CC328B

Strings

xmlutil.cpp, xrefs: 00CC3210

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: StringVariant$AllocClearFreeInit
String ID: xmlutil.cpp
API String ID: 760788290-1270936966
Opcode ID: 21feeed2d48db2e1aab95bba39fbc114c53b80438a5080ba6d0c8cd5ebdd38b8
Instruction ID: a7962716e2570cb57fc2a600547665efd56d1a64f174791ebd3a4720e63a5312
Opcode Fuzzy Hash: 21feeed2d48db2e1aab95bba39fbc114c53b80438a5080ba6d0c8cd5ebdd38b8
Instruction Fuzzy Hash: 2F219631A01255EFCF10DB98D84DFAE7BB9AF44711F15815CF915AB222CB31DE018B90

Uniqueness

Uniqueness Score: -1.00%

Function 00C84013, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E00C84013(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8) {
				int _t5;
				long _t7;
				short _t12;
				signed short _t14;
				short* _t17;
				WCHAR* _t19;
				WCHAR* _t21;
				short _t22;

				_t21 = _a4;
				_t22 = 0;
				_t5 = CreateDirectoryW(_t21, _a8); // executed
				if(_t5 != 0) {
					L17:
					return _t22;
				}
				_t7 = GetLastError();
				if(_t7 != 0xb7) {
					if(_t7 == 3 || E00C840E2(_t21, 0) == 0) {
						_t8 =  *_t21 & 0x0000ffff;
						_t19 = _t21;
						_t17 = 0;
						if(( *_t21 & 0x0000ffff) == 0) {
							L15:
							_t22 = 0x80070003;
							E00C837D3(_t8, "dirutil.cpp", 0x72, 0x80070003);
							goto L16;
						} else {
							_push(0x5c);
							do {
								_t17 =  ==  ? _t19 : _t17;
								_t19 =  &(_t19[1]);
								_t8 =  *_t19 & 0x0000ffff;
							} while (( *_t19 & 0x0000ffff) != 0);
							if(_t17 == 0) {
								goto L15;
							} else {
								 *_t17 = 0;
								_t22 = E00C84013(_t21, _a8);
								_t12 = 0x5c;
								 *_t17 = _t12;
								if(_t22 >= 0) {
									if(CreateDirectoryW(_t21, _a8) != 0) {
										_t22 = 0;
									} else {
										_t14 = GetLastError();
										if(_t14 != 0xb7) {
											_t22 =  <=  ? _t14 : _t14 & 0x0000ffff | 0x80070000;
										} else {
											_t22 = 1;
										}
									}
								}
								L16:
								goto L17;
							}
						}
					} else {
						goto L2;
					}
				}
				L2:
				_t22 = 0;
				goto L17;
			}

0x00c8401b
0x00c8401e
0x00c84021
0x00c84029
0x00c840db
0x00c840df
0x00c840df
0x00c8402f
0x00c8403a
0x00c84046
0x00c84054
0x00c84057
0x00c8405a
0x00c8405f
0x00c840c7
0x00c840c7
0x00c840d4
0x00000000
0x00c84061
0x00c84061
0x00c84064
0x00c84067
0x00c8406a
0x00c8406d
0x00c84070
0x00c84077
0x00000000
0x00c84079
0x00c8407f
0x00c84087
0x00c8408b
0x00c8408c
0x00c84091
0x00c8409f
0x00c840c3
0x00c840a1
0x00c840a1
0x00c840ac
0x00c840be
0x00c840ae
0x00c840b0
0x00c840b0
0x00c840ac
0x00c8409f
0x00c840d9
0x00000000
0x00c840d9
0x00c84077
0x00000000
0x00000000
0x00000000
0x00c84046
0x00c8403c
0x00c8403c
0x00000000

APIs

CreateDirectoryW.KERNELBASE(00C8533D,00C853B5,00000000,00000000,?,00C99EE4,00000000,00000000,00C8533D,00000000,00C852B5,00000000,?,?,00C8D4AC,00C8533D), ref: 00C84021
GetLastError.KERNEL32(?,00C99EE4,00000000,00000000,00C8533D,00000000,00C852B5,00000000,?,?,00C8D4AC,00C8533D,00000000,00000000), ref: 00C8402F
CreateDirectoryW.KERNEL32(00C8533D,00C853B5,00C85381,?,00C99EE4,00000000,00000000,00C8533D,00000000,00C852B5,00000000,?,?,00C8D4AC,00C8533D,00000000), ref: 00C84097
GetLastError.KERNEL32(?,00C99EE4,00000000,00000000,00C8533D,00000000,00C852B5,00000000,?,?,00C8D4AC,00C8533D,00000000,00000000), ref: 00C840A1

Strings

dirutil.cpp, xrefs: 00C840CF

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: dirutil.cpp
API String ID: 1375471231-2193988115
Opcode ID: 3697115c3afe792fd5aa6a03d99210d092d12d6688eaf66fed128d385a779761
Instruction ID: 42959ab3e123bfd333ed79701646db44058205192427e25869297e6d5b45add4
Opcode Fuzzy Hash: 3697115c3afe792fd5aa6a03d99210d092d12d6688eaf66fed128d385a779761
Instruction Fuzzy Hash: E4110A35600323EAEB353AE18C45B3FB698EF50B69F114226FF55EB050D7608D01A3E9

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0917, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CC0917(void* __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t9;
				int _t11;
				void* _t14;
				long _t21;

				_t21 = 0;
				_v8 = 0;
				_t9 = WaitForSingleObject(_a4, _a8);
				_v8 = _t9;
				if(_t9 != 0xffffffff) {
					if(_t9 != 0x102) {
						_t11 = GetExitCodeProcess(_a4,  &_v8); // executed
						if(_t11 != 0) {
							 *_a12 = _v8;
						} else {
							_t25 =  <=  ? GetLastError() : _t13 & 0x0000ffff | 0x80070000;
							_t14 = 0x80004005;
							_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t13 & 0x0000ffff | 0x80070000;
							_push(_t21);
							_push(0x12a);
							goto L2;
						}
					} else {
						_t21 = 0x80070102;
					}
				} else {
					_t28 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					_t14 = 0x80004005;
					_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
					_push(_t21);
					_push(0x121);
					L2:
					_push("procutil.cpp");
					E00C837D3(_t14);
				}
				return _t21;
			}

0x00cc091f
0x00cc0924
0x00cc0927
0x00cc092d
0x00cc0933
0x00cc096a
0x00cc097a
0x00cc0982
0x00cc09b0
0x00cc0984
0x00cc0995
0x00cc0998
0x00cc099f
0x00cc09a2
0x00cc09a3
0x00000000
0x00cc09a3
0x00cc096c
0x00cc096c
0x00cc096c
0x00cc0935
0x00cc0946
0x00cc0949
0x00cc0950
0x00cc0953
0x00cc0954
0x00cc0959
0x00cc0959
0x00cc095e
0x00cc095e
0x00cc09b8

APIs

WaitForSingleObject.KERNEL32(000000FF,?,00000000,?,?,00C84E16,?,000000FF,?,?,?,?,?,00000000,?,?), ref: 00CC0927
GetLastError.KERNEL32(?,?,00C84E16,?,000000FF,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00CC0935

Strings

procutil.cpp, xrefs: 00CC0959

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: procutil.cpp
API String ID: 1211598281-1178289305
Opcode ID: 1b51bec3d164ce5851b2a3d113db725bb127276b2096a22e1c9c45d44ea341c8
Instruction ID: 629e398c77a4d86af3bb3e1e24c612bdd69ccd8493ab7d34c12ad0ed6cc8c056
Opcode Fuzzy Hash: 1b51bec3d164ce5851b2a3d113db725bb127276b2096a22e1c9c45d44ea341c8
Instruction Fuzzy Hash: 88118272E00225EBEB209BA6CD05B9F7AD4EB04361F214219FD15E7251D2348D4096E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3DB5, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 101
fileCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00CC3DB5(signed short __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, signed short _a16, intOrPtr* _a20) {
				signed int _v8;
				void _v4104;
				long _v4108;
				intOrPtr _v4112;
				long _v4116;
				void* _v4120;
				intOrPtr _v4124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t32;
				long _t37;
				int _t39;
				signed short _t40;
				long _t45;
				void* _t47;
				intOrPtr* _t49;
				void* _t50;
				intOrPtr _t55;
				signed short _t56;
				intOrPtr _t58;
				void* _t59;
				signed short _t64;
				void* _t65;
				signed int _t66;
				void* _t73;

				_t56 = __edx;
				E00CC9F00();
				_t32 =  *0xcea008; // 0x4c290ae8
				_v8 = _t32 ^ _t66;
				asm("xorps xmm0, xmm0");
				_t49 = _a20;
				asm("movlpd [ebp-0x100c], xmm0");
				_v4120 = _a4;
				_t58 = _v4112;
				_v4124 = _a8;
				_v4116 = _v4108;
				do {
					if(_a12 != 0 || _a16 != 0) {
						_t56 = _a16;
						_t37 = _a12 - _t58;
						asm("sbb edx, ecx");
						__eflags = _t56;
						if(__eflags < 0) {
							L8:
							_v4108 = _t56;
							goto L9;
						}
						if(__eflags > 0) {
							L7:
							_v4108 = _v4108 & 0x00000000;
							_t37 = 0x1000;
							goto L9;
						}
						__eflags = _t37 - 0x1000;
						if(_t37 <= 0x1000) {
							goto L8;
						}
						goto L7;
					} else {
						_t37 = 0x1000;
						L9:
						_v4108 = _t37;
						_t39 = ReadFile(_v4120,  &_v4104, _t37,  &_v4108, 0); // executed
						if(_t39 == 0) {
							_t40 = GetLastError();
							__eflags = _t40;
							_t64 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
							__eflags = _t64;
							_t61 =  >=  ? 0x80004005 : _t64;
							E00C837D3(0x80004005, "fileutil.cpp", 0x407,  >=  ? 0x80004005 : _t64);
							L20:
							_pop(_t59);
							_pop(_t65);
							_pop(_t50);
							return E00CADE36(_t50, _v8 ^ _t66, _t56, _t59, _t65);
						}
						_t45 = _v4108;
						if(_t45 == 0) {
							goto L13;
						}
						_t47 = E00CC4CEE( &_v4108, _v4124,  &_v4104, _t45); // executed
						if(_t47 < 0) {
							goto L20;
						}
						_t45 = _v4108;
					}
					L13:
					_t55 = _v4116;
					_t58 = _t58 + _t45;
					asm("adc ecx, 0x0");
					_v4116 = _t55;
					_t73 = _t55 - _a16;
				} while (_t73 <= 0 && (_t73 < 0 || _t58 < _a12) && _t45 != 0);
				if(_t49 != 0) {
					 *_t49 = _t58;
					 *((intOrPtr*)(_t49 + 4)) = _t55;
				}
				goto L20;
			}

0x00cc3db5
0x00cc3dbd
0x00cc3dc2
0x00cc3dc9
0x00cc3dcf
0x00cc3dd3
0x00cc3dd7
0x00cc3de7
0x00cc3df1
0x00cc3df7
0x00cc3dfd
0x00cc3e03
0x00cc3e07
0x00cc3e19
0x00cc3e1c
0x00cc3e1e
0x00cc3e20
0x00cc3e22
0x00cc3e3b
0x00cc3e3b
0x00000000
0x00cc3e3b
0x00cc3e24
0x00cc3e2d
0x00cc3e2d
0x00cc3e34
0x00000000
0x00cc3e34
0x00cc3e26
0x00cc3e2b
0x00000000
0x00000000
0x00000000
0x00cc3e0f
0x00cc3e0f
0x00cc3e41
0x00cc3e49
0x00cc3e5e
0x00cc3e66
0x00cc3ec1
0x00cc3ed0
0x00cc3ed2
0x00cc3eda
0x00cc3edc
0x00cc3eea
0x00cc3eef
0x00cc3ef4
0x00cc3ef5
0x00cc3ef8
0x00cc3f01
0x00cc3f01
0x00cc3e68
0x00cc3e70
0x00000000
0x00000000
0x00cc3e80
0x00cc3e89
0x00000000
0x00000000
0x00cc3e8b
0x00cc3e8b
0x00cc3e91
0x00cc3e91
0x00cc3e97
0x00cc3e99
0x00cc3e9c
0x00cc3ea2
0x00cc3ea2
0x00cc3eb8
0x00cc3eba
0x00cc3ebc
0x00cc3ebc
0x00000000

APIs

ReadFile.KERNELBASE(?,?,00000000,?,00000000), ref: 00CC3E5E
GetLastError.KERNEL32 ref: 00CC3EC1

Strings

fileutil.cpp, xrefs: 00CC3EE5
)L, xrefs: 00CC3DC2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastRead
String ID: fileutil.cpp$)L
API String ID: 1948546556-3511594318
Opcode ID: ca99463d225304883f10ad57823e0b7eb1912288e33b0b31c1f55eee418b1702
Instruction ID: bffa6c733070b4dba78adeb5b84d5bcf707e7a96ce76ef5f9287c324ff5bac02
Opcode Fuzzy Hash: ca99463d225304883f10ad57823e0b7eb1912288e33b0b31c1f55eee418b1702
Instruction Fuzzy Hash: 83415F71E002A99BDB21DE55D840BEAB7A4FF48751F0081AEE949E7240D7B49FC49B90

Uniqueness

Uniqueness Score: -1.00%

Function 00C837EA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C837EA(void* __edx, intOrPtr _a4, struct HINSTANCE__** _a8, intOrPtr _a12) {
				signed int _v8;
				short _v528;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t15;
				signed int _t20;
				void* _t22;
				struct HINSTANCE__* _t26;
				signed short _t27;
				void* _t31;
				struct HINSTANCE__** _t32;
				void* _t33;
				void* _t36;
				intOrPtr _t37;
				signed int _t42;

				_t36 = __edx;
				_t15 =  *0xcea008; // 0x4c290ae8
				_v8 = _t15 ^ _t42;
				_t32 = _a8;
				_t37 = _a12;
				E00CAF670(_t37,  &_v528, 0, 0x208);
				_t38 = 0x104;
				_t20 = GetSystemDirectoryW( &_v528, 0x104);
				if(_t20 != 0) {
					_t33 = 0x5c;
					if(_t33 ==  *((intOrPtr*)(_t42 + _t20 * 2 - 0x20e))) {
						L6:
						_t22 = E00C836B4(_t33,  &_v528, _t38, _a4);
						_t39 = _t22;
						if(_t22 < 0) {
							L10:
							return E00CADE36(_t32, _v8 ^ _t42, _t36, _t37, _t39);
						}
						_t26 = LoadLibraryW( &_v528); // executed
						 *_t32 = _t26;
						if(_t26 == 0) {
							goto L1;
						}
						if(_t37 != 0) {
							_t39 = E00C821A5(_t37,  &_v528, 0x104);
						}
						goto L10;
					}
					_t31 = E00C83665(_t33,  &_v528, 0x104, "\\", 1);
					_t39 = _t31;
					if(_t31 < 0) {
						goto L10;
					} else {
						_t38 = 0x104;
						goto L6;
					}
				}
				L1:
				_t27 = GetLastError();
				_t39 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
				if(( <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000) >= 0) {
					_t39 = 0x80004005;
				}
				goto L10;
			}

0x00c837ea
0x00c837f3
0x00c837fa
0x00c837fe
0x00c83809
0x00c83814
0x00c83822
0x00c83829
0x00c83831
0x00c83854
0x00c8385d
0x00c8387e
0x00c83889
0x00c8388e
0x00c83892
0x00c838bf
0x00c838d1
0x00c838d1
0x00c8389b
0x00c838a1
0x00c838a5
0x00000000
0x00000000
0x00c838a9
0x00c838bd
0x00c838bd
0x00000000
0x00c838a9
0x00c8386e
0x00c83873
0x00c83877
0x00000000
0x00c83879
0x00c83879
0x00000000
0x00c83879
0x00c83877
0x00c83833
0x00c83833
0x00c83844
0x00c83849
0x00c8384b
0x00c8384b
0x00000000

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C83829
GetLastError.KERNEL32 ref: 00C83833
LoadLibraryW.KERNELBASE(?,?,00000104,?), ref: 00C8389B

Strings

)L, xrefs: 00C837F3

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: DirectoryErrorLastLibraryLoadSystem
String ID: )L
API String ID: 1230559179-501487344
Opcode ID: 8a4f2d9f290e13add076c6daf36edc617bd8dc46e4bcd7ee2f47b53859ea87e1
Instruction ID: d4eecbe1e946edf8b7a11040384d2735e85cf8536db61e82f7f923cceb064b26
Opcode Fuzzy Hash: 8a4f2d9f290e13add076c6daf36edc617bd8dc46e4bcd7ee2f47b53859ea87e1
Instruction Fuzzy Hash: 2621C8B2D0136977DB20ABA48C49F9E776CAF00B14F150176FD15E7281E630DE4487A4

Uniqueness

Uniqueness Score: -1.00%

Function 00CA074E, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52
fileCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00CA074E(void* __ecx, void* __eflags, void* _a4, void* _a8, long _a12) {
				long _v8;
				int _t19;
				signed short _t22;
				signed int _t27;
				intOrPtr _t31;
				struct _OVERLAPPED* _t34;

				_t27 =  *0xceaac0; // 0x0
				_t34 = 0;
				_v8 = 0;
				_t31 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t27 * 4)) + 4));
				E00CA114F(__eflags, _t31 + 0x1c, _a4, _a12); // executed
				_t19 = ReadFile(_a4, _a8, _a12,  &_v8, 0); // executed
				if(_t19 == 0) {
					_t22 = GetLastError();
					_t38 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					_t34 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "cabextract.cpp", 0x2ec, _t34);
					_push("Failed to read during cabinet extraction.");
					E00CC012F();
					_t27 = _t34;
				}
				 *((intOrPtr*)(_t31 + 0x30)) = _t34;
				_t21 =  <  ? _t27 | 0xffffffff : _v8;
				return  <  ? _t27 | 0xffffffff : _v8;
			}

0x00ca0752
0x00ca0766
0x00ca076b
0x00ca076e
0x00ca0778
0x00ca078b
0x00ca0793
0x00ca0795
0x00ca07a6
0x00ca07b0
0x00ca07be
0x00ca07c3
0x00ca07c9
0x00ca07cf
0x00ca07cf
0x00ca07d0
0x00ca07dc
0x00ca07e3

APIs

Part of subcall function 00CA114F: SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00CA077D,?,?,?), ref: 00CA1177
Part of subcall function 00CA114F: GetLastError.KERNEL32(?,00CA077D,?,?,?), ref: 00CA1181

ReadFile.KERNELBASE(?,?,?,?,00000000,?,?,?), ref: 00CA078B
GetLastError.KERNEL32 ref: 00CA0795

Strings

cabextract.cpp, xrefs: 00CA07B9
Failed to read during cabinet extraction., xrefs: 00CA07C3

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLast$PointerRead
String ID: Failed to read during cabinet extraction.$cabextract.cpp
API String ID: 2170121939-2426083571
Opcode ID: fd87cd32a78226240cd000091601feac9b6587eb30eef88f9ab4ff1d9b542bf4
Instruction ID: 33fbda60cfe8c6138589d76225d8f51aee4f3bb405c704c8e1e1e3a328fd498e
Opcode Fuzzy Hash: fd87cd32a78226240cd000091601feac9b6587eb30eef88f9ab4ff1d9b542bf4
Instruction Fuzzy Hash: 2501A172A00265BBDB109FA9DC05E9A7BA9FF09B60F01012AFE09E7650D7319A119BD4

Uniqueness

Uniqueness Score: -1.00%

Function 00CA114F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00CA114F(void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				int _t11;
				void* _t19;
				long _t20;

				_t20 = 0x80070490;
				_t19 = E00CA1127(_a4, _a8);
				if(_t19 != 0) {
					_t20 = 0;
					_push(0);
					_t11 = SetFilePointerEx(_a8,  *(_t19 + 8),  *(_t19 + 0xc), 0); // executed
					if(_t11 != 0) {
						 *(_t19 + 8) =  *(_t19 + 8) + _a12;
						asm("adc [edi+0xc], esi");
					} else {
						_t23 =  <=  ? GetLastError() : _t12 & 0x0000ffff | 0x80070000;
						_t20 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t12 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "cabextract.cpp", 0x37e, _t20);
						_push("Failed to move to virtual file pointer.");
						_push(_t20);
						E00CC012F();
					}
				}
				return _t20;
			}

0x00ca1157
0x00ca1164
0x00ca1168
0x00ca116a
0x00ca116c
0x00ca1177
0x00ca117f
0x00ca11c1
0x00ca11c4
0x00ca1181
0x00ca1192
0x00ca119c
0x00ca11aa
0x00ca11af
0x00ca11b4
0x00ca11b5
0x00ca11bb
0x00ca117f
0x00ca11cc

APIs

SetFilePointerEx.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000000,?,00CA077D,?,?,?), ref: 00CA1177
GetLastError.KERNEL32(?,00CA077D,?,?,?), ref: 00CA1181

Strings

Failed to move to virtual file pointer., xrefs: 00CA11AF
cabextract.cpp, xrefs: 00CA11A5

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: Failed to move to virtual file pointer.$cabextract.cpp
API String ID: 2976181284-3005670968
Opcode ID: 7b1dd46efda96b9d7279080de9acef4182027083e5faf4684d5c0413a8a33cf4
Instruction ID: c9a519bd1849c77c656f58b152543ceda0939ccd9a56098f48ff1932b0b2d5bf
Opcode Fuzzy Hash: 7b1dd46efda96b9d7279080de9acef4182027083e5faf4684d5c0413a8a33cf4
Instruction Fuzzy Hash: 9601F232600236BBDB211AAADC04E8BBFE9EF417B5F01812AFE1896110D7218C10D6D4

Uniqueness

Uniqueness Score: -1.00%

Function 00C8501B, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C8501B(signed short* _a4) {
				signed int _t8;
				int _t9;
				int _t12;
				signed int _t13;
				short* _t15;
				signed int _t16;
				signed short* _t17;
				int _t19;

				_t8 =  *0xceaa50; // 0x1
				_t15 = L"burn.clean.room";
				_t19 = 1;
				if((_t8 & 0x00000001) != 0) {
					_t9 =  *0xceaa4c; // 0xf
				} else {
					 *0xceaa50 = _t8 | 1;
					_t9 = lstrlenW(_t15);
					 *0xceaa4c = _t9;
				}
				_t17 = _a4;
				if(_t17 == 0) {
					L8:
					_t19 = 0;
				} else {
					_t16 =  *_t17 & 0x0000ffff;
					if(_t16 == 0x2d || _t16 == 0x2f) {
						_t12 = CompareStringW(0x7f, _t19,  &(_t17[1]), _t9, _t15, _t9); // executed
						if(_t12 != 2) {
							goto L8;
						} else {
							_t13 =  *0xceaa4c; // 0xf
							if( *((short*)(_t17 + 2 + _t13 * 2)) != 0x3d) {
								goto L8;
							}
						}
					} else {
						goto L8;
					}
				}
				return _t19;
			}

0x00c8501e
0x00c85027
0x00c8502c
0x00c85030
0x00c85047
0x00c85032
0x00c85035
0x00c8503a
0x00c85040
0x00c85040
0x00c8504c
0x00c85051
0x00c85082
0x00c85082
0x00c85053
0x00c85053
0x00c85059
0x00c8506a
0x00c85073
0x00000000
0x00c85075
0x00c85075
0x00c85080
0x00000000
0x00000000
0x00c85080
0x00000000
0x00000000
0x00000000
0x00c85059
0x00c8508a

APIs

lstrlenW.KERNEL32(burn.clean.room,?,?,?,?,00C81104,?,?,00000000), ref: 00C8503A
CompareStringW.KERNELBASE(0000007F,00000001,?,0000000F,burn.clean.room,0000000F,?,?,?,?,00C81104,?,?,00000000), ref: 00C8506A

Strings

burn.clean.room, xrefs: 00C85027, 00C85034, 00C85061

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CompareStringlstrlen
String ID: burn.clean.room
API String ID: 1433953587-3055529264
Opcode ID: 9bd882970cbd03946c63f3ece41d3bede9f93278cda9a82cc4991f7a7f9ff04e
Instruction ID: 9ff8b54798bf5fead2589fe127b693c5044adf9d4e953a5c5e03ed4b7ebd891e
Opcode Fuzzy Hash: 9bd882970cbd03946c63f3ece41d3bede9f93278cda9a82cc4991f7a7f9ff04e
Instruction Fuzzy Hash: A201D1B2600765AEC7205B99ECC4F7BBBACFB087697104126F919C7610C7B0AD40DBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4CEE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC4CEE(void* __ecx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _t14;
				intOrPtr _t19;
				void* _t23;
				void* _t26;

				_t19 = _a8;
				_t26 = 0;
				_v8 = _v8 & 0;
				_t23 = 0;
				do {
					_t14 = WriteFile(_a4, _t23 + _t19, _a12 - _t23,  &_v8, 0); // executed
					if(_t14 != 0) {
						goto L3;
					} else {
						_t26 =  <=  ? GetLastError() : _t16 & 0x0000ffff | 0x80070000;
						if(_t26 < 0) {
							E00C837D3(_t16, "fileutil.cpp", 0x3e7, _t26);
						} else {
							goto L3;
						}
					}
					L6:
					return _t26;
					L3:
					_t23 = _t23 + _v8;
				} while (_t23 < _a12);
				goto L6;
			}

0x00cc4cf3
0x00cc4cf7
0x00cc4cf9
0x00cc4cfd
0x00cc4cff
0x00cc4d12
0x00cc4d1a
0x00000000
0x00cc4d1c
0x00cc4d2d
0x00cc4d32
0x00cc4d49
0x00000000
0x00000000
0x00000000
0x00cc4d32
0x00cc4d4e
0x00cc4d56
0x00cc4d34
0x00cc4d34
0x00cc4d37
0x00000000

APIs

WriteFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00CC3E85,?,?,?), ref: 00CC4D12
GetLastError.KERNEL32(?,?,00CC3E85,?,?,?), ref: 00CC4D1C

Strings

fileutil.cpp, xrefs: 00CC4D44

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: fileutil.cpp
API String ID: 442123175-2967768451
Opcode ID: 490bbc08c06c8cc344f4056d84178c3e4050f509b4b233938ef2b3e3fccc85f9
Instruction ID: b6b83619ffac5bddae30af96a45f9d0d3a3c2f2e8fdc7c6e2a1d8f80bde21cc5
Opcode Fuzzy Hash: 490bbc08c06c8cc344f4056d84178c3e4050f509b4b233938ef2b3e3fccc85f9
Instruction Fuzzy Hash: 4CF03C72A01269BBD711AF9ACD49F9FBBADFB44761F01812AFD05D7140E630AE1096E0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC47D3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00CC47D3(void* __ecx, void* _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr* _a16, intOrPtr _a20) {
				intOrPtr _v8;
				void* _v12;
				int _t11;
				intOrPtr* _t12;
				void* _t21;

				_push(_a20);
				_t21 = 0;
				_t11 = SetFilePointerEx(_a4, _a8, _a12,  &_v12); // executed
				if(_t11 != 0) {
					_t12 = _a16;
					if(_t12 != 0) {
						 *_t12 = _v12;
						 *((intOrPtr*)(_t12 + 4)) = _v8;
					}
				} else {
					_t25 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t21 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "fileutil.cpp", 0x20a, _t21);
				}
				return _t21;
			}

0x00cc47d9
0x00cc47df
0x00cc47eb
0x00cc47f3
0x00cc4825
0x00cc482a
0x00cc482f
0x00cc4834
0x00cc4834
0x00cc47f5
0x00cc4806
0x00cc4810
0x00cc481e
0x00cc481e
0x00cc483d

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00C98564,00000000,00000000,00000000,00000000,00000000), ref: 00CC47EB
GetLastError.KERNEL32(?,?,?,00C98564,00000000,00000000,00000000,00000000,00000000), ref: 00CC47F5

Strings

fileutil.cpp, xrefs: 00CC4819

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID: fileutil.cpp
API String ID: 2976181284-2967768451
Opcode ID: 098a51e125d98a96a5ed5a489ec602b2bcd3ce4915e52c7960ad2f5c07efd983
Instruction ID: 56c06df5252e76c54b05ddd057943cd497021b4dfe28cfc57edfaa6f4df82934
Opcode Fuzzy Hash: 098a51e125d98a96a5ed5a489ec602b2bcd3ce4915e52c7960ad2f5c07efd983
Instruction Fuzzy Hash: EDF08171A00269AFAB149F95CC05EAB7BE9EF04751F018119FD05D7250D631CD10D7E0

Uniqueness

Uniqueness Score: -1.00%

Function 00C83999, Relevance: 4.5, APIs: 3, Instructions: 20
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E00C83999(void* _a4) {
				char _t3;
				long _t6;

				_t6 = 0;
				_t3 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
				if(_t3 == 0) {
					_t6 =  <=  ? GetLastError() : _t5 & 0x0000ffff | 0x80070000;
				}
				return _t6;
			}

0x00c839a0
0x00c839aa
0x00c839b2
0x00c839c5
0x00c839c5
0x00c839cc

APIs

GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00C83B34,00000000,?,00C81472,00000000,80004005,00000000,80004005,00000000,000001C7,?,00C813B7), ref: 00C839A3
RtlFreeHeap.NTDLL(00000000,?,00C83B34,00000000,?,00C81472,00000000,80004005,00000000,80004005,00000000,000001C7,?,00C813B7,000001C7,00000100), ref: 00C839AA
GetLastError.KERNEL32(?,00C83B34,00000000,?,00C81472,00000000,80004005,00000000,80004005,00000000,000001C7,?,00C813B7,000001C7,00000100,?), ref: 00C839B4

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$ErrorFreeLastProcess
String ID:
API String ID: 406640338-0
Opcode ID: 9690d288358b8cbbb31e5159d6e480dbc2f832e4a3271780e86705e480eef252
Instruction ID: 9e855cfc37ff90769216760e9caa1554a7e467d90b150f78fad333fa7712844e
Opcode Fuzzy Hash: 9690d288358b8cbbb31e5159d6e480dbc2f832e4a3271780e86705e480eef252
Instruction Fuzzy Hash: 51D012726002346787102BFADD0DB9FBE9CEF455A2B024021FD05D2110D7258D1096E4

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3499, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00CC3499(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				short _v30;
				void _v32;
				void* _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr* _v48;
				void* _v56;
				short _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				void* _t39;
				void* _t46;
				void* _t48;
				short _t49;
				void* _t55;
				intOrPtr* _t59;
				signed int _t60;
				void* _t65;
				signed int _t74;
				void* _t75;
				void* _t76;

				_t31 =  *0xcea008; // 0x4c290ae8
				_v8 = _t31 ^ _t74;
				_v40 = _a4;
				_v48 = _a12;
				_t60 = 6;
				memset( &_v32, 0, _t60 << 2);
				_t76 = _t75 + 0xc;
				_v36 = 0;
				_v44 = 0;
				__imp__#8( &_v64);
				_t39 = E00CC2F23(0,  &_v36, 0); // executed
				_t59 = _v36;
				_t69 = 1;
				_t71 =  ==  ? 0x80004005 : _t39;
				if(( ==  ? 0x80004005 : _t39) >= 0) {
					_t46 =  *((intOrPtr*)( *_t59 + 0x110))(_t59, 0);
					_t71 = _t46;
					if(_t46 >= 0) {
						_t48 =  *((intOrPtr*)( *_t59 + 0x118))(_t59, 0);
						_t71 = _t48;
						if(_t48 >= 0) {
							_t49 = 0x12;
							_v30 = _t49;
							_v20 = _v40;
							_v32 = 1;
							_v28 = 1;
							_v16 = _a8;
							_t69 = _t76 - 0x10;
							_v64 = 0x2011;
							_v56 =  &_v32;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd"); // executed
							_t55 =  *((intOrPtr*)( *_t59 + 0xe8))(_t59,  &_v44);
							_t71 =  ==  ? 0x8007006e : _t55;
							if(( ==  ? 0x8007006e : _t55) >= 0) {
								 *_v48 = _t59;
								_t59 = 0;
							}
						}
					}
				}
				if(_t59 != 0) {
					 *((intOrPtr*)( *_t59 + 8))(_t59);
				}
				return E00CADE36(_t59, _v8 ^ _t74, _t65, _t69, _t71);
			}

0x00cc349f
0x00cc34a6
0x00cc34af
0x00cc34bc
0x00cc34c1
0x00cc34c2
0x00cc34c2
0x00cc34c7
0x00cc34cb
0x00cc34ce
0x00cc34da
0x00cc34df
0x00cc34e6
0x00cc34ee
0x00cc34f3
0x00cc34fa
0x00cc3500
0x00cc3504
0x00cc350b
0x00cc3511
0x00cc3515
0x00cc3519
0x00cc351a
0x00cc3527
0x00cc352d
0x00cc3531
0x00cc3535
0x00cc3540
0x00cc3542
0x00cc3549
0x00cc354e
0x00cc3550
0x00cc3551
0x00cc3552
0x00cc3553
0x00cc3563
0x00cc3568
0x00cc356d
0x00cc356f
0x00cc356f
0x00cc3568
0x00cc3515
0x00cc3504
0x00cc3573
0x00cc3578
0x00cc3578
0x00cc358d

APIs

VariantInit.OLEAUT32(?), ref: 00CC34CE

Part of subcall function 00CC2F23: GetModuleHandleA.KERNEL32(kernel32.dll,00000000,00000000,00CC34DF,00000000,?,00000000), ref: 00CC2F3D
Part of subcall function 00CC2F23: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00CABDED,?,00C852FD,?,00000000,?), ref: 00CC2F49

Strings

)L, xrefs: 00CC349F

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorHandleInitLastModuleVariant
String ID: )L
API String ID: 52713655-501487344
Opcode ID: 29f3e886176a89e234b986f3e038314ab87f5c747f527c94304bc1e6ce6188c4
Instruction ID: 6e0eed8672f4e92cfc7eb9f2c77c27c32c461f63aeae2d0e9b884b91f4a3391b
Opcode Fuzzy Hash: 29f3e886176a89e234b986f3e038314ab87f5c747f527c94304bc1e6ce6188c4
Instruction Fuzzy Hash: 58311A76E006699BCB11DFA8D884ADEB7F8EF09710F01456AED15EB311D670AE448BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0E3F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC0E3F(void* _a4, short* _a8, int _a12, void** _a16) {
				signed short _t5;
				void* _t8;
				signed short _t12;
				int _t14;

				_t14 = 0;
				_t5 = RegOpenKeyExW(_a4, _a8, 0, _a12, _a16); // executed
				_t12 = _t5;
				_t8 =  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
				if(_t8 != 0x80070002) {
					if(_t12 != 0) {
						_t14 =  >=  ? 0x80004005 : _t8;
						E00C837D3(0x80004005, "regutil.cpp", 0xa7, _t14);
					}
				} else {
					_t14 = 0x80070002;
				}
				return _t14;
			}

0x00cc0e46
0x00cc0e52
0x00cc0e58
0x00cc0e69
0x00cc0e6e
0x00cc0e76
0x00cc0e81
0x00cc0e8f
0x00cc0e8f
0x00cc0e70
0x00cc0e70
0x00cc0e70
0x00cc0e98

APIs

RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00CC5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00CC0E52

Strings

regutil.cpp, xrefs: 00CC0E8A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Open
String ID: regutil.cpp
API String ID: 71445658-955085611
Opcode ID: 8159b2bc1f5b7aec58bf6983bd0ac596196ccf8ede4f8b905249c62830cf9988
Instruction ID: ad98babe536eff68fb37402eb1654e615f5b143a65ba42731ea7674120cfdaa1
Opcode Fuzzy Hash: 8159b2bc1f5b7aec58bf6983bd0ac596196ccf8ede4f8b905249c62830cf9988
Instruction Fuzzy Hash: C7F0A772741575ABEF2959568C00FAB7DC5EF447A1F11852CFD49DA150D231CC1093D0

Uniqueness

Uniqueness Score: -1.00%

Function 00CBF349, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CBF349() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00CC9814(_t3, _t5, _t7, 0xce8024, 0xcea94c); // executed
				goto __eax;
			}

0x00cbf353
0x00cbf354
0x00cbf35b
0x00cbf362

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00CBF35B

Part of subcall function 00CC9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9891
Part of subcall function 00CC9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC98A2

Strings

px|n, xrefs: 00CBF349, 00CBF355

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: px|n
API String ID: 1269201914-957955277
Opcode ID: bdfbdb67b05595775ef6aeb5c2cb72628b022368fb8d70b87b6698d63a48f3a3
Instruction ID: c7299c8e04d6a550533f6f63a8e6c7b02fca4d353ab930bb99a70479c3dd34ee
Opcode Fuzzy Hash: bdfbdb67b05595775ef6aeb5c2cb72628b022368fb8d70b87b6698d63a48f3a3
Instruction Fuzzy Hash: B1B012D2258481BC32041313AD06C36025CC1C1F34734C03EF501C1082E8801D091032

Uniqueness

Uniqueness Score: -1.00%

Function 00CBF36A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CBF36A() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00CC9814(_t3, _t5, _t7, 0xce8024, 0xcea944); // executed
				goto __eax;
			}

0x00cbf353
0x00cbf354
0x00cbf35b
0x00cbf362

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00CBF35B

Part of subcall function 00CC9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9891
Part of subcall function 00CC9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC98A2

Strings

px|n, xrefs: 00CBF355

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: px|n
API String ID: 1269201914-957955277
Opcode ID: 723577b509a94e70d1d5ae2698fcec9cbb0f35be1c22cd74332f43c70a459ef1
Instruction ID: e1e54fe23dc36471e81187b12db90892901f20b430dee2f98c013967101f43e1
Opcode Fuzzy Hash: 723577b509a94e70d1d5ae2698fcec9cbb0f35be1c22cd74332f43c70a459ef1
Instruction Fuzzy Hash: C2B012D1258481AD324453175E07D36019DC1C1F30734C03EF005C2182E8801C0A1032

Uniqueness

Uniqueness Score: -1.00%

Function 00CBF37A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CBF37A() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00CC9814(_t3, _t5, _t7, 0xce8024, 0xcea948); // executed
				goto __eax;
			}

0x00cbf353
0x00cbf354
0x00cbf35b
0x00cbf362

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00CBF35B

Part of subcall function 00CC9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9891
Part of subcall function 00CC9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC98A2

Strings

px|n, xrefs: 00CBF355

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID: px|n
API String ID: 1269201914-957955277
Opcode ID: 5840090d75a61b81cd21cd49308fb05b4a9ab99852516bec1a923ca517d7e1fb
Instruction ID: 1bed397a9991a2cbec0027a58f88fab43c4c77adfaec981520457c605b4c6c88
Opcode Fuzzy Hash: 5840090d75a61b81cd21cd49308fb05b4a9ab99852516bec1a923ca517d7e1fb
Instruction Fuzzy Hash: 19B012D1258581AC324453175D06D36019CC1C1F30734C13EF005C2182E8901C491032

Uniqueness

Uniqueness Score: -1.00%

Function 00CB85A5, Relevance: 3.0, APIs: 2, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CB85A5(void* __ecx) {
				void* _t6;
				void* _t14;
				void* _t18;
				WCHAR* _t19;

				_t14 = __ecx;
				_t19 = GetEnvironmentStringsW();
				if(_t19 != 0) {
					_t12 = (E00CB856E(_t19) - _t19 >> 1) + (E00CB856E(_t19) - _t19 >> 1);
					_t6 = E00CB5154(_t14, (E00CB856E(_t19) - _t19 >> 1) + (E00CB856E(_t19) - _t19 >> 1)); // executed
					_t18 = _t6;
					if(_t18 != 0) {
						E00CAF0F0(_t18, _t19, _t12);
					}
					E00CB511A(0);
					FreeEnvironmentStringsW(_t19);
				} else {
					_t18 = 0;
				}
				return _t18;
			}

0x00cb85a5
0x00cb85af
0x00cb85b3
0x00cb85c4
0x00cb85c8
0x00cb85cd
0x00cb85d3
0x00cb85d8
0x00cb85dd
0x00cb85e2
0x00cb85e9
0x00cb85b5
0x00cb85b5
0x00cb85b5
0x00cb85f4

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00CB85A9
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CB85E9

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: a8aca0fc6820f4bce52640d0cf71ee4305ba3978dae99d75accd64dfb1174f7b
Instruction ID: dd1db43b896607dfc326a34db17d52f70fe2549aa0bbbfa9b0c4b1545073a0e1
Opcode Fuzzy Hash: a8aca0fc6820f4bce52640d0cf71ee4305ba3978dae99d75accd64dfb1174f7b
Instruction Fuzzy Hash: 9FE0E5335058116BE1322269BC4AFEF2A0CDFC27B1F250014F01897141EE208E0E90B4

Uniqueness

Uniqueness Score: -1.00%

Function 00C83A72, Relevance: 3.0, APIs: 2, Instructions: 14
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 58%

			E00C83A72(void* _a4, long _a8, signed int _a12) {
				void* _t8;

				asm("sbb eax, eax");
				_t8 = RtlReAllocateHeap(GetProcessHeap(),  ~_a12 & 0x00000008, _a4, _a8); // executed
				return _t8;
			}

0x00c83a80
0x00c83a8d
0x00c83a94

APIs

GetProcessHeap.KERNEL32(?,000001C7,?,?,00C8227D,?,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000), ref: 00C83A86
RtlReAllocateHeap.NTDLL(00000000,?,00C8227D,?,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83A8D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: c7bcb22ffbe0ef49eea22c4cabc77d7be4f9c5fe3f059f66b0cdea3801a19a92
Instruction ID: 41c1b99706a56959dfba2694a59bd21eb382f2348d2fb741feee3a68c266e8ad
Opcode Fuzzy Hash: c7bcb22ffbe0ef49eea22c4cabc77d7be4f9c5fe3f059f66b0cdea3801a19a92
Instruction Fuzzy Hash: 93D0123215020DEBCF005FE8DC0EFAE7BACEB58613B048405F915C2110C73DE8649B60

Uniqueness

Uniqueness Score: -1.00%

Function 00CC5728, Relevance: 1.6, APIs: 1, Instructions: 60
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E00CC5728(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr _a12, char** _a16) {
				void* _v8;
				void* _t13;
				char** _t24;
				void* _t27;

				_push(__ecx);
				_v8 = 0;
				_t13 = E00CC5664(__ecx, _a4,  &_v8); // executed
				_t24 = _a16;
				_t27 = _t13;
				if(_t27 == 0x80070002 || _t27 == 0x80070003) {
					L5:
					_t27 = 1;
					goto L6;
				} else {
					if(_t27 < 0) {
						L6:
						if(_v8 != 0) {
							RegCloseKey(_v8);
							_v8 = 0;
						}
						if(_t27 == 1 || _t27 < 0) {
							if(_a12 != 0) {
								_t27 = E00C821A5(_t24, _a12, 0);
							} else {
								if( *_t24 != 0) {
									E00CC54EF( *_t24);
									 *_t24 = 0;
								}
							}
						}
						return _t27;
					}
					_t27 = E00CC0F6E(_v8, _a8, _t24);
					if(_t27 == 0x80070002 || _t27 == 0x80070003) {
						goto L5;
					} else {
						goto L6;
					}
				}
			}

0x00cc572b
0x00cc5738
0x00cc573b
0x00cc5740
0x00cc5743
0x00cc574b
0x00cc5777
0x00cc5779
0x00000000
0x00cc5755
0x00cc5757
0x00cc577a
0x00cc577d
0x00cc5782
0x00cc5788
0x00cc5788
0x00cc578e
0x00cc5797
0x00cc57b2
0x00cc5799
0x00cc579b
0x00cc579f
0x00cc57a4
0x00cc57a4
0x00cc579b
0x00cc5797
0x00cc57bc
0x00cc57bc
0x00cc5765
0x00cc576d
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc576d

APIs

RegCloseKey.ADVAPI32(80070490,00000000,80070490,00CEAAA0,00000000,80070490,00000000,?,00C9890E,WiX\Burn,PackageCache,00000000,00CEAAA0,00000000,00000000,80070490), ref: 00CC5782

Part of subcall function 00CC0F6E: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000002,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00CC0FE4
Part of subcall function 00CC0F6E: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,?), ref: 00CC101F

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: QueryValue$Close
String ID:
API String ID: 1979452859-0
Opcode ID: ef1bee5d8691a4d6cb203b2f47bde912ec492a3f88ab012dda7c2e350ce2345f
Instruction ID: b48be75ef1fac17afef0c0d2fd2f7ede7b52830126ad761502e19941b67a0a62
Opcode Fuzzy Hash: ef1bee5d8691a4d6cb203b2f47bde912ec492a3f88ab012dda7c2e350ce2345f
Instruction Fuzzy Hash: C9117076C10529EFCF22AEA4DD85FAEB669EB04361B15423DED2167110C3356EE0EBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00CB523F, Relevance: 1.5, APIs: 1, Instructions: 39
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 95%

			E00CB523F(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t16;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0xceb5b8, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00CB4A8E();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00CB3E36())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E00CB4ADD(_t15, _t16, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				_t16 = _t13 % _t18;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}

0x00cb523f
0x00cb5245
0x00cb524a
0x00cb5258
0x00cb5258
0x00cb525e
0x00cb5260
0x00cb5260
0x00cb5277
0x00cb5280
0x00cb5288
0x00000000
0x00000000
0x00cb5268
0x00cb526a
0x00cb528c
0x00cb5291
0x00cb5297
0x00000000
0x00cb5297
0x00cb526d
0x00cb5272
0x00cb5273
0x00cb5275
0x00000000
0x00000000
0x00cb5275
0x00000000
0x00cb5277
0x00cb5250
0x00cb5251
0x00cb5256
0x00000000
0x00000000
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00CB6113,00000001,00000364), ref: 00CB5280

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 32cf9ad6481e9ca5647ebae63627051d52a8e93ab50bd295f4aed23764a00778
Instruction ID: 5952971b5f909fa86a616e1f509f65a7600c53034a3ee28ac192e1acad875408
Opcode Fuzzy Hash: 32cf9ad6481e9ca5647ebae63627051d52a8e93ab50bd295f4aed23764a00778
Instruction Fuzzy Hash: B0F0E235646A24ABDB616B629C45BEF3B48DF51771F1C4121EC24EB2C1CF70DD019AE2

Uniqueness

Uniqueness Score: -1.00%

Function 00CB5154, Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 94%

			E00CB5154(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				void* _t8;
				long _t9;

				_t7 = __ecx;
				_t9 = _a4;
				if(_t9 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00CB3E36())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t9 == 0) {
					_t9 = _t9 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0xceb5b8, 0, _t9); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00CB4A8E();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E00CB4ADD(_t7, _t8, __eflags, _t9);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}

0x00cb5154
0x00cb515a
0x00cb5160
0x00cb5192
0x00cb5197
0x00cb519d
0x00000000
0x00cb519d
0x00cb5164
0x00cb5166
0x00cb5166
0x00cb517d
0x00cb5186
0x00cb518e
0x00000000
0x00000000
0x00cb516e
0x00cb5170
0x00000000
0x00000000
0x00cb5173
0x00cb5178
0x00cb5179
0x00cb517b
0x00000000
0x00000000
0x00cb517b
0x00000000

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,00CB1E90,?,0000015D,?,?,?,?,00CB32E9,000000FF,00000000,?,?), ref: 00CB5186

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0a0e699635285f7c22e15b09a601fc5d2439fd7dc03fd885d2676ad5470cd662
Instruction ID: 311beafaeed0e550d0e0b6872d445ceb5aab5573d714c9d00ec7517110f9899a
Opcode Fuzzy Hash: 0a0e699635285f7c22e15b09a601fc5d2439fd7dc03fd885d2676ad5470cd662
Instruction Fuzzy Hash: F4E0ED61245AA4ABE6322A6E8C00BDF3648DB417A0F094120AC3A960C1EB20CE0296A0

Uniqueness

Uniqueness Score: -1.00%

Function 00C834C5, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,00000104,00000000,?,00C989CA,0000001C,80070490,00000000,00000000,80070490), ref: 00C834E5

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: 9f081a6fc425a42d740cee6a718fbe7ce24b7e5de81cc1fa3658954479326265
Instruction ID: 1de5b896a679970bb46d139e6dc8f32242133f2b3552e0324ef6cf79f0db56d7
Opcode Fuzzy Hash: 9f081a6fc425a42d740cee6a718fbe7ce24b7e5de81cc1fa3658954479326265
Instruction Fuzzy Hash: 41E012722012257BA6033EA69C0EDEB7B9CDF45758B048055FE44D6010EA61E95197B8

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2DD0, Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC2DD0() {
				struct HINSTANCE__* _t1;

				_t1 =  *0xceb680; // 0x0
				if(_t1 != 0) {
					_t1 = FreeLibrary(_t1); // executed
					 *0xceb680 = 0;
					 *0xceb6bc = 0;
					 *0xceb6b8 = 0;
					 *0xceb6b4 = 0;
					 *0xceb6b0 = 0;
					 *0xceb6ac = 0;
					 *0xceb6a8 = 0;
					 *0xceb6c0 = 0;
				}
				 *0xceb6c4 = 0;
				return _t1;
			}

0x00cc2dd0
0x00cc2dda
0x00cc2ddd
0x00cc2de3
0x00cc2de9
0x00cc2def
0x00cc2df5
0x00cc2dfb
0x00cc2e01
0x00cc2e07
0x00cc2e0d
0x00cc2e0d
0x00cc2e13
0x00cc2e1a

APIs

FreeLibrary.KERNELBASE(00000000,00000000,00C8547B,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC2DDD

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 70d8bc95a9f087a92a8fa28dd02c22a0e59e2f5ff8c46288f92c987a4ac7c7a4
Instruction ID: ea13051f92c6b87e71583cbbdd1856eb763e9cd5a4dc9cd62fe5e8eda66c04d5
Opcode Fuzzy Hash: 70d8bc95a9f087a92a8fa28dd02c22a0e59e2f5ff8c46288f92c987a4ac7c7a4
Instruction Fuzzy Hash: F3E0F6B59262AA9E8B188F59FDC4B6F7BBCB708B41315065FF400DA270C3B45D408F90

Uniqueness

Uniqueness Score: -1.00%

Function 00CC94D5, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CC94D5() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00CC9814(_t3, _t5, _t7, 0xce80c4, 0xcea960); // executed
				goto __eax;
			}

0x00cc94df
0x00cc94e0
0x00cc94e7
0x00cc94ee

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00CC94E7

Part of subcall function 00CC9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9891
Part of subcall function 00CC9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC98A2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: a29a4dc70f4635a4ba1f34dd61a6f51a987d2782c9e8a5a5fa33849a01e32868
Instruction ID: 2f096c2b01ac8197f0dbe459c343f343692aa8c609829f6314851fb50f267f66
Opcode Fuzzy Hash: a29a4dc70f4635a4ba1f34dd61a6f51a987d2782c9e8a5a5fa33849a01e32868
Instruction Fuzzy Hash: A3B012C6268541BC36086217DD4AD36111CD5C0F20331C17EF101D20D1E8501C091133

Uniqueness

Uniqueness Score: -1.00%

Function 00CC94F6, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CC94F6() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00CC9814(_t3, _t5, _t7, 0xce80c4, 0xcea95c); // executed
				goto __eax;
			}

0x00cc94df
0x00cc94e0
0x00cc94e7
0x00cc94ee

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00CC94E7

Part of subcall function 00CC9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9891
Part of subcall function 00CC9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC98A2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 33d98b805a5e6741db5acdd8c61bebdb5daa9cc41d83479d9796d955385fea5d
Instruction ID: dd79a0e242e9bf1b99ce51099a169ab07f13c79e65550d9fefc9037a91d078e6
Opcode Fuzzy Hash: 33d98b805a5e6741db5acdd8c61bebdb5daa9cc41d83479d9796d955385fea5d
Instruction Fuzzy Hash: CCB012C62684426C3248A217DD0BE36011CC1C0F20330C17EF505C30C1E8501C0D1132

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9506, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CC9506() {
				void* _t3;
				void* _t5;
				void* _t7;

				_push(_t3);
				_push(_t5);
				E00CC9814(_t3, _t5, _t7, 0xce80c4, 0xcea964); // executed
				goto __eax;
			}

0x00cc94df
0x00cc94e0
0x00cc94e7
0x00cc94ee

APIs

___delayLoadHelper2@8.DELAYIMP ref: 00CC94E7

Part of subcall function 00CC9814: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CC9891
Part of subcall function 00CC9814: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CC98A2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
String ID:
API String ID: 1269201914-0
Opcode ID: 4f4ae91859ebaebc1cb13e83f1aba6f5eff9cb74b612fb3c71956794cf7e3012
Instruction ID: 7c5d47cbcaea75c65d1a2f9d1fe0d192323ea1d726804fb383238a5b32bd1471
Opcode Fuzzy Hash: 4f4ae91859ebaebc1cb13e83f1aba6f5eff9cb74b612fb3c71956794cf7e3012
Instruction Fuzzy Hash: 7BB012C62686416C3648A257EF0BE36011CC5C0F20330817EF105C30D1E8501C0A1132

Uniqueness

Uniqueness Score: -1.00%

Function 00C814B2, Relevance: 1.3, APIs: 1, Instructions: 54
stringCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 96%

			E00C814B2(unsigned int _a4, WCHAR* _a8, unsigned int _a12, intOrPtr _a16) {
				unsigned int _t9;
				signed int _t10;
				signed int _t13;
				signed int _t14;
				unsigned int _t15;
				void* _t16;
				unsigned int _t18;
				unsigned int _t20;
				unsigned int _t21;

				_t9 = _a4;
				_t20 = 0;
				_t14 = _t13 | 0xffffffff;
				if( *_t9 == 0) {
					L4:
					_t18 = _a12;
					if(_t18 == 0) {
						_t9 = lstrlenW(_a8);
						_t18 = _t9;
					}
					_t4 = _t18 + 1; // 0x1
					_t16 = _t4;
					_t15 =  >=  ? _t16 : _t14;
					asm("sbb eax, eax");
					_t10 = _t9 & 0x80070216;
					if(_t16 < _t18) {
						L10:
						return _t10;
					} else {
						if(_t20 >= _t15) {
							L9:
							_t10 = E00C81A6E(_t16,  *_a4, _t20, _a8, _t18, 0, 0, 0x200);
							goto L10;
						}
						_t20 = _t15;
						_t10 = E00C8143C(_a4, _t15, _a16); // executed
						if(_t10 < 0) {
							goto L10;
						}
						goto L9;
					}
				}
				_t9 = E00C83B51( *_t9);
				_t21 = _t9;
				if(_t21 != _t14) {
					_t20 = _t21 >> 1;
					goto L4;
				}
				return 0x80070057;
			}

0x00c814b5
0x00c814ba
0x00c814bc
0x00c814c1
0x00c814d9
0x00c814da
0x00c814df
0x00c814e4
0x00c814ea
0x00c814ea
0x00c814ec
0x00c814ec
0x00c814f1
0x00c814f4
0x00c814f6
0x00c814fd
0x00c8152d
0x00000000
0x00c814ff
0x00c81501
0x00c81515
0x00c81528
0x00000000
0x00c81528
0x00c81506
0x00c8150c
0x00c81513
0x00000000
0x00000000
0x00000000
0x00c81513
0x00c814fd
0x00c814c5
0x00c814ca
0x00c814ce
0x00c814d7
0x00000000
0x00c814d7
0x00000000

APIs

lstrlenW.KERNEL32(00000000,00000000,00000000,?,?,00C821B8,?,00000000,?,00000000,?,00C838BD,00000000,?,00000104), ref: 00C814E4

Part of subcall function 00C83B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,00C821DC,000001C7,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83B59
Part of subcall function 00C83B51: HeapSize.KERNEL32(00000000,?,00C821DC,000001C7,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83B60

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$ProcessSizelstrlen
String ID:
API String ID: 3492610842-0
Opcode ID: 24ba361f865cc9af1c4a48a53ce22412b55377118aa37b9d3539649604a9a2b4
Instruction ID: cf61bd0e907bfe97770ea4e15b5e72701a2d27e1d3c565b24f1b716173d4b03e
Opcode Fuzzy Hash: 24ba361f865cc9af1c4a48a53ce22412b55377118aa37b9d3539649604a9a2b4
Instruction Fuzzy Hash: 45014537200218AFCF217E54CC44F9A77DDAF80768F298228FE259B060D731DD029798

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CAC0FA, Relevance: 37.1, APIs: 1, Strings: 20, Instructions: 364
COMMONCrypto

Download Yara Rule

C-Code - Quality: 82%

			E00CAC0FA(void* __ebx, void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr* _a56, intOrPtr* _a60, intOrPtr* _a64, intOrPtr* _a68, intOrPtr* _a72, intOrPtr _a76) {
				void* _v8;
				intOrPtr _t83;
				intOrPtr* _t85;
				intOrPtr _t88;
				intOrPtr* _t90;
				intOrPtr* _t94;
				intOrPtr* _t99;
				intOrPtr* _t100;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr* _t108;
				intOrPtr* _t111;
				intOrPtr* _t113;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr _t146;
				void* _t159;
				intOrPtr _t162;
				intOrPtr* _t164;
				intOrPtr* _t172;
				intOrPtr _t173;
				void* _t175;
				intOrPtr _t176;
				intOrPtr _t185;
				void* _t186;
				intOrPtr _t187;
				intOrPtr* _t189;
				intOrPtr* _t195;
				intOrPtr* _t197;
				intOrPtr _t199;
				void* _t200;

				_t186 = __edi;
				_t159 = __ebx;
				_v8 = 0;
				if(E00C97EF7(_a24) != 0) {
					E00C81F20( &_v8, L" -%ls", _t82);
					_t200 = _t200 + 0xc;
				}
				_push(_t159);
				_push(_t186);
				_t83 = E00C838D4(8, 1);
				_t187 = _a12;
				 *((intOrPtr*)(_t187 + 0x7c)) = _t83;
				if(_t83 != 0) {
					 *((intOrPtr*)(_t187 + 0x80)) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) = E00C838D4(0x58, 1);
					_t85 =  *((intOrPtr*)(_t187 + 0x7c));
					__eflags = _t85;
					if(_t85 != 0) {
						_t162 = _a44;
						 *((intOrPtr*)( *_t85 + 4)) = 3;
						_t88 =  *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c))));
						 *((intOrPtr*)(_t88 + 0x10)) = _t162;
						 *((intOrPtr*)(_t88 + 0x14)) = _a48;
						_t90 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))), _a20, 0);
						__eflags = _t90;
						if(_t90 >= 0) {
							_t94 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x18, _a32, 0);
							__eflags = _t94;
							if(_t94 >= 0) {
								_t99 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x38, _a36, 0);
								__eflags = _t99;
								if(_t99 >= 0) {
									_t100 = _a40;
									_t172 = 0;
									__eflags = _t100;
									if(_t100 == 0) {
										L18:
										__eflags = _a72;
										if(_a72 == 0) {
											L22:
											_t173 = _a28;
											__eflags = _t173 - 4;
											if(_t173 == 4) {
												L25:
												_t185 = 1;
												_t195 = 0;
												__eflags = 0;
											} else {
												__eflags = _t173 - 3;
												if(_t173 == 3) {
													goto L25;
												} else {
													_t195 = 0;
													_t185 = 0;
												}
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)) + 4)) = _t185;
											 *((intOrPtr*)(_t187 + 0x40)) = _t173;
											 *((intOrPtr*)(_t187 + 0xa8)) = 1;
											 *((intOrPtr*)(_t187 + 0x8c)) = 1;
											 *((intOrPtr*)(_t187 + 0x14)) = _a16;
											__eflags = _t173 - 4;
											if(_t173 == 4) {
												L29:
												_t105 = 2;
											} else {
												__eflags = _t173 - 3;
												if(_t173 == 3) {
													goto L29;
												} else {
													_t105 = _t195;
												}
											}
											 *((intOrPtr*)(_t187 + 0x28)) = _t162;
											 *((intOrPtr*)(_t187 + 0x30)) = _t162;
											 *((intOrPtr*)(_t187 + 0x44)) = _t105;
											_t106 = _a48;
											 *((intOrPtr*)(_t187 + 0x2c)) = _t106;
											 *((intOrPtr*)(_t187 + 0x34)) = _t106;
											 *((intOrPtr*)(_t187 + 0x1c)) = _a52;
											_t108 = E00C821A5(_t187, _a20, 0);
											__eflags = _t108;
											if(_t108 >= 0) {
												_t52 = _t187 + 0x24; // 0x2e4
												_t197 = E00C821A5(_t52, _a20, 0);
												__eflags = _t197;
												if(_t197 >= 0) {
													__eflags = _a56;
													if(_a56 == 0) {
														L37:
														_t111 = _v8;
														__eflags = _t111;
														if(_t111 == 0) {
															L40:
															__eflags = _a60;
															if(_a60 == 0) {
																L47:
																__eflags = _a64;
																if(_a64 == 0) {
																	L54:
																	_t175 = _a4 + 0xf7530000;
																	asm("adc eax, 0xfffcfff9");
																	__eflags = _a8 - 4;
																	if(__eflags > 0) {
																		L58:
																		_t113 = 0;
																		__eflags = 0;
																	} else {
																		if(__eflags < 0) {
																			L57:
																			_t113 = 1;
																		} else {
																			__eflags = _t175 - 0x9c10000;
																			if(_t175 > 0x9c10000) {
																				goto L58;
																			} else {
																				goto L57;
																			}
																		}
																	}
																	_t164 = _a68;
																	 *((intOrPtr*)(_t187 + 0xb0)) = _t113;
																	__eflags = _t164;
																	if(_t164 != 0) {
																		_t176 = E00C838D4(0x10, 1);
																		 *((intOrPtr*)(_t187 + 0x84)) = _t176;
																		__eflags = _t176;
																		if(_t176 != 0) {
																			 *((intOrPtr*)(_t187 + 0x88)) = 1;
																			 *((intOrPtr*)(_t176 + 0xc)) =  *((intOrPtr*)(_t164 + 0xc));
																			_t197 = E00C821A5( *((intOrPtr*)(_t187 + 0x84)),  *_t164, 0);
																			__eflags = _t197;
																			if(_t197 < 0) {
																				goto L31;
																			} else {
																				_t197 = E00C821A5( *((intOrPtr*)(_t187 + 0x84)) + 4,  *((intOrPtr*)(_t164 + 4)), 0);
																				__eflags = _t197;
																				if(_t197 >= 0) {
																					_t197 = E00C821A5( *((intOrPtr*)(_t187 + 0x84)) + 8,  *((intOrPtr*)(_t164 + 8)), 0);
																					__eflags = _t197;
																					if(_t197 < 0) {
																						_push("Failed to copy display name for pseudo bundle.");
																						goto L67;
																					}
																				} else {
																					_push("Failed to copy version for pseudo bundle.");
																					goto L67;
																				}
																			}
																		} else {
																			_t189 = 0x8007000e;
																			_t197 = 0x8007000e;
																			E00C837D3(_t117, "pseudobundle.cpp", 0x86, 0x8007000e);
																			_push("Failed to allocate memory for dependency providers.");
																			goto L4;
																		}
																	}
																} else {
																	_t64 = _t187 + 0x9c; // 0x35c
																	_t166 = _t64;
																	_t197 = E00C821A5(_t64, _a64, 0);
																	__eflags = _t197;
																	if(_t197 >= 0) {
																		_t134 = _v8;
																		__eflags = _t134;
																		if(_t134 == 0) {
																			L53:
																			 *((intOrPtr*)(_t187 + 0x18)) = 1;
																			goto L54;
																		} else {
																			_t197 = E00C81EF2(_t166, _t134, 0);
																			__eflags = _t197;
																			if(_t197 >= 0) {
																				goto L53;
																			} else {
																				_push("Failed to append relation type to uninstall arguments for related bundle package");
																				goto L67;
																			}
																		}
																	} else {
																		_push("Failed to copy uninstall arguments for related bundle package");
																		goto L67;
																	}
																}
															} else {
																_t59 = _t187 + 0x98; // 0x358
																_t167 = _t59;
																_t197 = E00C821A5(_t59, _a60, 0);
																__eflags = _t197;
																if(_t197 >= 0) {
																	_t138 = _v8;
																	__eflags = _t138;
																	if(_t138 == 0) {
																		L46:
																		 *((intOrPtr*)(_t187 + 0xac)) = 1;
																		goto L47;
																	} else {
																		_t197 = E00C81EF2(_t167, _t138, 0);
																		__eflags = _t197;
																		if(_t197 >= 0) {
																			goto L46;
																		} else {
																			_push("Failed to append relation type to repair arguments for related bundle package");
																			goto L67;
																		}
																	}
																} else {
																	_push("Failed to copy repair arguments for related bundle package");
																	goto L67;
																}
															}
														} else {
															_t57 = _t187 + 0x94; // 0x354
															_t197 = E00C81EF2(_t57, _t111, 0);
															__eflags = _t197;
															if(_t197 >= 0) {
																goto L40;
															} else {
																_push("Failed to append relation type to install arguments for related bundle package");
																goto L67;
															}
														}
													} else {
														_t55 = _t187 + 0x94; // 0x354
														_t197 = E00C821A5(_t55, _a56, 0);
														__eflags = _t197;
														if(_t197 >= 0) {
															goto L37;
														} else {
															_push("Failed to copy install arguments for related bundle package");
															goto L67;
														}
													}
												} else {
													_push("Failed to copy cache id for pseudo bundle.");
													goto L67;
												}
											} else {
												L31:
												_push("Failed to copy key for pseudo bundle.");
												goto L67;
											}
										} else {
											_t199 = _a76;
											 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x30)) = E00C838D4(_t199, _t172);
											_t146 =  *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c))));
											__eflags =  *((intOrPtr*)(_t146 + 0x30));
											if( *((intOrPtr*)(_t146 + 0x30)) != 0) {
												 *((intOrPtr*)(_t146 + 0x34)) = _t199;
												E00CA1664( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x34)), _a72, _t199);
												goto L22;
											} else {
												_t189 = 0x8007000e;
												_t197 = 0x8007000e;
												E00C837D3(_t146, "pseudobundle.cpp", 0x3f, 0x8007000e);
												_push("Failed to allocate memory for pseudo bundle payload hash.");
												goto L4;
											}
										}
									} else {
										__eflags =  *_t100;
										if( *_t100 == 0) {
											goto L18;
										} else {
											_t197 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t187 + 0x7c)))) + 0x40, _t100, 0);
											__eflags = _t197;
											if(_t197 >= 0) {
												_t172 = 0;
												__eflags = 0;
												goto L18;
											} else {
												_push("Failed to copy download source for pseudo bundle.");
												goto L67;
											}
										}
									}
								} else {
									_push("Failed to copy local source path for pseudo bundle.");
									goto L67;
								}
							} else {
								_push("Failed to copy filename for pseudo bundle.");
								goto L67;
							}
						} else {
							_push("Failed to copy key for pseudo bundle payload.");
							L67:
							_push(_t197);
							goto L68;
						}
					} else {
						_t189 = 0x8007000e;
						_t197 = 0x8007000e;
						E00C837D3(_t85, "pseudobundle.cpp", 0x29, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L4;
					}
				} else {
					_t189 = 0x8007000e;
					_t197 = 0x8007000e;
					E00C837D3(_t83, "pseudobundle.cpp", 0x25, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of related bundle struct");
					L4:
					_push(_t189);
					L68:
					E00CC012F();
				}
				_t114 = _v8;
				if(_v8 != 0) {
					E00CC54EF(_t114);
				}
				return _t197;
			}

0x00cac0fa
0x00cac0fa
0x00cac104
0x00cac10e
0x00cac11a
0x00cac11f
0x00cac11f
0x00cac122
0x00cac123
0x00cac12a
0x00cac12f
0x00cac132
0x00cac137
0x00cac15b
0x00cac169
0x00cac16b
0x00cac16e
0x00cac170
0x00cac18f
0x00cac199
0x00cac1a3
0x00cac1a5
0x00cac1a8
0x00cac1b0
0x00cac1b7
0x00cac1b9
0x00cac1d4
0x00cac1db
0x00cac1dd
0x00cac1f8
0x00cac1ff
0x00cac201
0x00cac20d
0x00cac210
0x00cac212
0x00cac214
0x00cac23d
0x00cac23d
0x00cac241
0x00cac299
0x00cac299
0x00cac29c
0x00cac29f
0x00cac2ac
0x00cac2ae
0x00cac2af
0x00cac2af
0x00cac2a1
0x00cac2a1
0x00cac2a4
0x00000000
0x00cac2a6
0x00cac2a6
0x00cac2a8
0x00cac2a8
0x00cac2a4
0x00cac2b4
0x00cac2ba
0x00cac2bd
0x00cac2c3
0x00cac2cc
0x00cac2cf
0x00cac2d2
0x00cac2dd
0x00cac2df
0x00cac2d4
0x00cac2d4
0x00cac2d7
0x00000000
0x00cac2d9
0x00cac2d9
0x00cac2d9
0x00cac2d7
0x00cac2e0
0x00cac2e3
0x00cac2ec
0x00cac2ef
0x00cac2f2
0x00cac2f5
0x00cac2fc
0x00cac2ff
0x00cac306
0x00cac308
0x00cac318
0x00cac321
0x00cac323
0x00cac325
0x00cac331
0x00cac334
0x00cac356
0x00cac356
0x00cac359
0x00cac35b
0x00cac37b
0x00cac37b
0x00cac37e
0x00cac3cd
0x00cac3cd
0x00cac3d1
0x00cac41d
0x00cac423
0x00cac429
0x00cac42e
0x00cac431
0x00cac442
0x00cac442
0x00cac442
0x00cac433
0x00cac433
0x00cac43d
0x00cac43f
0x00cac435
0x00cac435
0x00cac43b
0x00000000
0x00000000
0x00000000
0x00000000
0x00cac43b
0x00cac433
0x00cac444
0x00cac447
0x00cac44d
0x00cac44f
0x00cac45e
0x00cac460
0x00cac466
0x00cac468
0x00cac48b
0x00cac498
0x00cac4ab
0x00cac4ad
0x00cac4af
0x00000000
0x00cac4b5
0x00cac4ca
0x00cac4cc
0x00cac4ce
0x00cac4ec
0x00cac4ee
0x00cac4f0
0x00cac4f2
0x00000000
0x00cac4f2
0x00cac4d0
0x00cac4d0
0x00000000
0x00cac4d0
0x00cac4ce
0x00cac46a
0x00cac46a
0x00cac47a
0x00cac47c
0x00cac481
0x00000000
0x00cac481
0x00cac468
0x00cac3d3
0x00cac3d5
0x00cac3d5
0x00cac3e5
0x00cac3e7
0x00cac3e9
0x00cac3f5
0x00cac3f8
0x00cac3fa
0x00cac416
0x00cac416
0x00000000
0x00cac3fc
0x00cac406
0x00cac408
0x00cac40a
0x00000000
0x00cac40c
0x00cac40c
0x00000000
0x00cac40c
0x00cac40a
0x00cac3eb
0x00cac3eb
0x00000000
0x00cac3eb
0x00cac3e9
0x00cac380
0x00cac382
0x00cac382
0x00cac392
0x00cac394
0x00cac396
0x00cac3a2
0x00cac3a5
0x00cac3a7
0x00cac3c3
0x00cac3c3
0x00000000
0x00cac3a9
0x00cac3b3
0x00cac3b5
0x00cac3b7
0x00000000
0x00cac3b9
0x00cac3b9
0x00000000
0x00cac3b9
0x00cac3b7
0x00cac398
0x00cac398
0x00000000
0x00cac398
0x00cac396
0x00cac35d
0x00cac35f
0x00cac36b
0x00cac36d
0x00cac36f
0x00000000
0x00cac371
0x00cac371
0x00000000
0x00cac371
0x00cac36f
0x00cac336
0x00cac33a
0x00cac346
0x00cac348
0x00cac34a
0x00000000
0x00cac34c
0x00cac34c
0x00000000
0x00cac34c
0x00cac34a
0x00cac327
0x00cac327
0x00000000
0x00cac327
0x00cac30a
0x00cac30a
0x00cac30a
0x00000000
0x00cac30a
0x00cac243
0x00cac243
0x00cac252
0x00cac25a
0x00cac25c
0x00cac25f
0x00cac27f
0x00cac291
0x00000000
0x00cac261
0x00cac261
0x00cac26e
0x00cac270
0x00cac275
0x00000000
0x00cac275
0x00cac25f
0x00cac216
0x00cac216
0x00cac219
0x00000000
0x00cac21b
0x00cac22b
0x00cac22d
0x00cac22f
0x00cac23b
0x00cac23b
0x00000000
0x00cac231
0x00cac231
0x00000000
0x00cac231
0x00cac22f
0x00cac219
0x00cac203
0x00cac203
0x00000000
0x00cac203
0x00cac1df
0x00cac1df
0x00000000
0x00cac1df
0x00cac1bb
0x00cac1bb
0x00cac4f7
0x00cac4f7
0x00000000
0x00cac4f7
0x00cac172
0x00cac172
0x00cac17f
0x00cac181
0x00cac186
0x00000000
0x00cac186
0x00cac139
0x00cac139
0x00cac146
0x00cac148
0x00cac14d
0x00cac152
0x00cac152
0x00cac4f8
0x00cac4f8
0x00cac4fe
0x00cac4ff
0x00cac506
0x00cac509
0x00cac509
0x00cac514

Strings

Failed to allocate memory for dependency providers., xrefs: 00CAC481
Failed to copy uninstall arguments for related bundle package, xrefs: 00CAC3EB
pseudobundle.cpp, xrefs: 00CAC141, 00CAC17A, 00CAC269, 00CAC475
Failed to copy local source path for pseudo bundle., xrefs: 00CAC203
Failed to copy filename for pseudo bundle., xrefs: 00CAC1DF
Failed to copy install arguments for related bundle package, xrefs: 00CAC34C
Failed to allocate space for burn package payload inside of related bundle struct, xrefs: 00CAC14D
Failed to allocate memory for pseudo bundle payload hash., xrefs: 00CAC275
Failed to copy key for pseudo bundle., xrefs: 00CAC30A
Failed to copy version for pseudo bundle., xrefs: 00CAC4D0
Failed to copy key for pseudo bundle payload., xrefs: 00CAC1BB
Failed to append relation type to repair arguments for related bundle package, xrefs: 00CAC3B9
Failed to append relation type to install arguments for related bundle package, xrefs: 00CAC371
Failed to copy display name for pseudo bundle., xrefs: 00CAC4F2
-%ls, xrefs: 00CAC114
Failed to copy repair arguments for related bundle package, xrefs: 00CAC398
Failed to copy cache id for pseudo bundle., xrefs: 00CAC327
Failed to append relation type to uninstall arguments for related bundle package, xrefs: 00CAC40C
Failed to copy download source for pseudo bundle., xrefs: 00CAC231
Failed to allocate space for burn payload inside of related bundle struct, xrefs: 00CAC186

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID: -%ls$Failed to allocate memory for dependency providers.$Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of related bundle struct$Failed to allocate space for burn payload inside of related bundle struct$Failed to append relation type to install arguments for related bundle package$Failed to append relation type to repair arguments for related bundle package$Failed to append relation type to uninstall arguments for related bundle package$Failed to copy cache id for pseudo bundle.$Failed to copy display name for pseudo bundle.$Failed to copy download source for pseudo bundle.$Failed to copy filename for pseudo bundle.$Failed to copy install arguments for related bundle package$Failed to copy key for pseudo bundle payload.$Failed to copy key for pseudo bundle.$Failed to copy local source path for pseudo bundle.$Failed to copy repair arguments for related bundle package$Failed to copy uninstall arguments for related bundle package$Failed to copy version for pseudo bundle.$pseudobundle.cpp
API String ID: 1357844191-2832335422
Opcode ID: 4dea44adb06ac40b538e1b6858e9583f96e922510875e58968df3fbab3748443
Instruction ID: 0018a09fb600024c2a099e3b918c6657759e718e8b08a8737ef0b8d6cab7c7eb
Opcode Fuzzy Hash: 4dea44adb06ac40b538e1b6858e9583f96e922510875e58968df3fbab3748443
Instruction Fuzzy Hash: BAC1E472A00657BFEB169E64CC95E7A76A8BF09708F00422AFE16EB351D730EC109794

Uniqueness

Uniqueness Score: -1.00%

Function 00C844E9, Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00C844E9(void* __edx) {
				signed int _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t13;
				int _t24;
				signed short _t31;
				signed short _t34;
				signed short _t37;
				void* _t45;
				int _t47;
				int _t48;
				signed int _t60;

				_t45 = __edx;
				_t13 =  *0xcea008; // 0x4c290ae8
				_v8 = _t13 ^ _t60;
				asm("stosd");
				_v28 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t47 = 0;
				if(OpenProcessToken(GetCurrentProcess(), 0x20,  &_v28) != 0) {
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					if(LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges)) != 0) {
						if(AdjustTokenPrivileges(_v28, 0,  &_v24, 0x10, 0, 0) != 0) {
							do {
								_t48 = 0;
								Sleep(0x3e8);
								_push(0x80040002);
								_push(1);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								if( *0xceaa5c() == 0) {
									_t48 =  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
								}
								_t24 = _t47;
								_t47 = _t47 + 1;
							} while (_t24 < 0xa && (_t48 == 0x800704f7 || _t48 == 0x80070015));
							if(_t48 < 0) {
								E00C837D3(_t24, "engine.cpp", 0x376, _t48);
								_push("Failed to schedule restart.");
								goto L13;
							}
						} else {
							_t31 = GetLastError();
							_t53 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							_t48 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "engine.cpp", 0x362, _t48);
							_push("Failed to adjust token to add shutdown privileges.");
							goto L13;
						}
					} else {
						_t34 = GetLastError();
						_t56 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "engine.cpp", 0x35d, _t48);
						_push("Failed to get shutdown privilege LUID.");
						goto L13;
					}
				} else {
					_t37 = GetLastError();
					_t59 =  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					_t48 =  >=  ? 0x80004005 :  <=  ? _t37 : _t37 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "engine.cpp", 0x356, _t48);
					_push("Failed to get process token.");
					L13:
					_push(_t48);
					E00CC012F();
				}
				if(_v28 != 0) {
					CloseHandle(_v28);
				}
				return E00CADE36(0, _v8 ^ _t60, _t45, _t47, _t48);
			}

0x00c844e9
0x00c844ef
0x00c844f6
0x00c84501
0x00c84504
0x00c84507
0x00c84508
0x00c84509
0x00c84510
0x00c84521
0x00c8455e
0x00c8456c
0x00c8457b
0x00c845c9
0x00c84600
0x00c84605
0x00c84607
0x00c8460d
0x00c84612
0x00c84614
0x00c84615
0x00c84616
0x00c84617
0x00c84620
0x00c84633
0x00c84633
0x00c84636
0x00c84638
0x00c84639
0x00c84650
0x00c8465d
0x00c84662
0x00000000
0x00c84662
0x00c845cb
0x00c845cb
0x00c845dc
0x00c845e6
0x00c845f4
0x00c845f9
0x00000000
0x00c845f9
0x00c8457d
0x00c8457d
0x00c8458e
0x00c84598
0x00c845a6
0x00c845ab
0x00000000
0x00c845ab
0x00c84523
0x00c84523
0x00c84534
0x00c8453e
0x00c8454c
0x00c84551
0x00c84667
0x00c84667
0x00c84668
0x00c8466e
0x00c84672
0x00c84677
0x00c84677
0x00c8468f

APIs

GetCurrentProcess.KERNEL32(00000020,?,00000001,00000000,?,?,?,?,?,?,?), ref: 00C84512
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00C84519
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,?,?,?), ref: 00C84523
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00C84573
GetLastError.KERNEL32 ref: 00C8457D
CloseHandle.KERNEL32(?), ref: 00C84677

Strings

Failed to get shutdown privilege LUID., xrefs: 00C845AB
Failed to adjust token to add shutdown privileges., xrefs: 00C845F9
Failed to schedule restart., xrefs: 00C84662
Failed to get process token., xrefs: 00C84551
SeShutdownPrivilege, xrefs: 00C84566
)L, xrefs: 00C844EF
engine.cpp, xrefs: 00C84547, 00C845A1, 00C845EF, 00C84658

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastProcess$CloseCurrentHandleLookupOpenPrivilegeTokenValue
String ID: Failed to adjust token to add shutdown privileges.$Failed to get process token.$Failed to get shutdown privilege LUID.$Failed to schedule restart.$SeShutdownPrivilege$engine.cpp$)L
API String ID: 4232854991-922794856
Opcode ID: 0924a1c22ac1ae41657ec3e9a7826788c85a135d01c18a7657a9d665054cd6b0
Instruction ID: 1a686bf8689e27c4b228678600e9be034a50f2563bf7dda12ed6a22f59492c5c
Opcode Fuzzy Hash: 0924a1c22ac1ae41657ec3e9a7826788c85a135d01c18a7657a9d665054cd6b0
Instruction Fuzzy Hash: 8141B6B2A40325ABEB206BB5DC8AF7F76A8EB01756F010129FE05F7190E6648D0087E5

Uniqueness

Uniqueness Score: -1.00%

Function 00C86184, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 147
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E00C86184(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				struct _OSVERSIONINFOEXW _v292;
				intOrPtr _v300;
				intOrPtr _v312;
				signed int _v316;
				intOrPtr _v320;
				signed int _v324;
				void* __ebx;
				signed int __edi;
				intOrPtr* __esi;
				void* __ebp;
				signed int _t33;
				signed int _t42;
				signed short _t49;
				intOrPtr _t52;
				signed int _t53;
				intOrPtr _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t64;
				signed int _t68;

				_t59 = __edx;
				_t33 =  *0xcea008; // 0x4c290ae8
				_v8 = _t33 ^ _t68;
				_t52 = _a8;
				E00CAF670(_t60,  &_v292, 0, 0x11c);
				_v292.dwOSVersionInfoSize = 0x11c;
				_t61 =  &_v316;
				_t53 = 6;
				memset(_t61, 0, _t53 << 2);
				_t62 = _t61 + _t53;
				if(GetVersionExW( &_v292) != 0) {
					_t42 = _a4 + 0xfffffffc;
					if(_t42 <= 9) {
						switch( *((intOrPtr*)(_t42 * 4 +  &M00C86338))) {
							case 0:
								_t48 = _v292.wProductType & 0x000000ff;
								asm("cdq");
								_v312 = _t59;
								_v300 = 1;
								goto L21;
							case 1:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 2;
								goto L6;
							case 2:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 7;
								goto L6;
							case 3:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 1;
								goto L6;
							case 4:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 9;
								goto L6;
							case 5:
								__eax = _v292.wSuiteMask;
								goto L6;
							case 6:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 5;
								goto L6;
							case 7:
								__eax = _v292.wSuiteMask;
								__eax = _v292.wSuiteMask >> 0xa;
								L6:
								__edi = 0;
								__edi = 1;
								__eax = __eax & 1;
								goto L7;
							case 8:
								__edi = 0;
								__edi = 1;
								_push(1);
								_push(2);
								_push(0);
								_push(0);
								__esi = __imp__VerSetConditionMask;
								__eax =  *__esi();
								_push(1);
								_push(1);
								_push(__edx);
								_push(__eax);
								__eax =  *__esi();
								_push(1);
								_push(0x20);
								_push(__edx);
								_push(__eax);
								__eax =  *__esi();
								_push(1);
								_push(0x10);
								_push(__edx);
								_push(__eax);
								__eax =  *__esi();
								_push(__edx);
								 &_v292 = VerifyVersionInfoW( &_v292, 0x33,  &_v292);
								L7:
								asm("cdq");
								_v312 = __edx;
								goto L20;
							case 9:
								__eax = _v292.wSuiteMask;
								__edi = 0;
								__edi = 1;
								if((__al & 0x00000010) == 0) {
									L18:
									asm("xorps xmm0, xmm0");
									asm("movlpd [ebp-0x140], xmm0");
									__esi = _v320;
									__eax = _v324;
								} else {
									__eax = __eax & 0x00000100;
									__ecx = 0;
									if(__cx != __ax) {
										goto L18;
									} else {
										__eax = 1;
									}
								}
								_v312 = __esi;
								L20:
								_v300 = __edi;
								L21:
								_v316 = _t48;
								goto L22;
						}
					}
					L22:
					_t64 = E00C9FF73(_t59,  &_v316, _t52);
					if(_t64 < 0) {
						_push("Failed to set variant value.");
						goto L24;
					}
				} else {
					_t49 = GetLastError();
					_t67 =  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
					_t64 =  >=  ? 0x80004005 :  <=  ? _t49 : _t49 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "variable.cpp", 0x6a1, _t64);
					_push("Failed to get OS info.");
					L24:
					_push(_t64);
					E00CC012F();
				}
				return E00CADE36(_t52, _v8 ^ _t68, _t59, _t62, _t64);
			}

0x00c86184
0x00c8618d
0x00c86194
0x00c86198
0x00c861ac
0x00c861b4
0x00c861c0
0x00c861c8
0x00c861c9
0x00c861c9
0x00c861da
0x00c86217
0x00c8621d
0x00c86223
0x00000000
0x00c8622a
0x00c8622e
0x00c8622f
0x00c86235
0x00000000
0x00000000
0x00c86244
0x00c86247
0x00000000
0x00000000
0x00c8625b
0x00c8625e
0x00000000
0x00000000
0x00c86263
0x00c86266
0x00000000
0x00000000
0x00c8626a
0x00c8626d
0x00000000
0x00000000
0x00c86272
0x00000000
0x00000000
0x00c86277
0x00c8627a
0x00000000
0x00000000
0x00c8627f
0x00c86282
0x00c8624a
0x00c8624a
0x00c8624c
0x00c8624d
0x00000000
0x00000000
0x00c86287
0x00c86289
0x00c8628a
0x00c8628b
0x00c8628d
0x00c8628e
0x00c8628f
0x00c86295
0x00c86297
0x00c86298
0x00c86299
0x00c8629a
0x00c8629b
0x00c8629d
0x00c8629e
0x00c862a0
0x00c862a1
0x00c862a2
0x00c862a4
0x00c862a5
0x00c862a7
0x00c862a8
0x00c862a9
0x00c862ab
0x00c862b6
0x00c8624f
0x00c8624f
0x00c86250
0x00000000
0x00000000
0x00c862be
0x00c862c1
0x00c862c3
0x00c862c6
0x00c862d8
0x00c862d8
0x00c862db
0x00c862e3
0x00c862e9
0x00c862c8
0x00c862c8
0x00c862cd
0x00c862d2
0x00000000
0x00c862d4
0x00c862d4
0x00c862d4
0x00c862d2
0x00c862ef
0x00c862f5
0x00c862f5
0x00c862fb
0x00c862fb
0x00000000
0x00000000
0x00c86223
0x00c86301
0x00c8630e
0x00c86312
0x00c86314
0x00000000
0x00c86314
0x00c861dc
0x00c861dc
0x00c861ed
0x00c861f7
0x00c86205
0x00c8620a
0x00c86319
0x00c86319
0x00c8631a
0x00c86320
0x00c86333

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00C861D2
GetLastError.KERNEL32 ref: 00C861DC

Strings

Failed to set variant value., xrefs: 00C86314
Failed to get OS info., xrefs: 00C8620A
variable.cpp, xrefs: 00C86200
)L, xrefs: 00C8618D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastVersion
String ID: Failed to get OS info.$Failed to set variant value.$variable.cpp$)L
API String ID: 305913169-2411482323
Opcode ID: 721d039fcc9b5f7044fa4dc8c5dd1557f499658f05ef4fda7ae1bfa4ed0cace8
Instruction ID: ea643fbe65f5c24994845a92348e192fe24df28493d4e9292f715db2ba756653
Opcode Fuzzy Hash: 721d039fcc9b5f7044fa4dc8c5dd1557f499658f05ef4fda7ae1bfa4ed0cace8
Instruction Fuzzy Hash: C9419A71E04228ABDB20EBAACC45FEF7BB8EB89714F1001DAF505E7150D6709E81CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00C860BA, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00C860BA(void* __ebx, void* __edx, intOrPtr _a8) {
				signed int _v8;
				short _v524;
				long _v528;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t8;
				void* _t20;
				void* _t25;
				intOrPtr _t26;
				void* _t27;
				signed int _t30;

				_t25 = __edx;
				_t20 = __ebx;
				_t8 =  *0xcea008; // 0x4c290ae8
				_v8 = _t8 ^ _t30;
				_t26 = _a8;
				_v528 = 0x101;
				if(GetUserNameW( &_v524,  &_v528) != 0) {
					L3:
					_t27 = E00CA02F4(_t26,  &_v524, 0);
					if(_t27 < 0) {
						_push("Failed to set variant value.");
						goto L5;
					}
				} else {
					_t27 =  <=  ? GetLastError() : _t18 & 0x0000ffff | 0x80070000;
					if(_t27 >= 0) {
						goto L3;
					} else {
						E00C837D3(_t18, "variable.cpp", 0x8e5, _t27);
						_push("Failed to get the user name.");
						L5:
						_push(_t27);
						E00CC012F();
					}
				}
				return E00CADE36(_t20, _v8 ^ _t30, _t25, _t26, _t27);
			}

0x00c860ba
0x00c860ba
0x00c860c3
0x00c860ca
0x00c860cf
0x00c860df
0x00c860f2
0x00c86123
0x00c86132
0x00c86136
0x00c86138
0x00000000
0x00c86138
0x00c860f4
0x00c86105
0x00c8610a
0x00000000
0x00c8610c
0x00c86117
0x00c8611c
0x00c8613d
0x00c8613d
0x00c8613e
0x00c86144
0x00c8610a
0x00c86156

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00C860EA
GetLastError.KERNEL32 ref: 00C860F4

Strings

Failed to set variant value., xrefs: 00C86138
Failed to get the user name., xrefs: 00C8611C
variable.cpp, xrefs: 00C86112
)L, xrefs: 00C860C3

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastNameUser
String ID: Failed to get the user name.$Failed to set variant value.$variable.cpp$)L
API String ID: 2054405381-772392620
Opcode ID: e18b80fa8f8c83d0511d33ebc25deaee92fc7a018e24b77e324fe6eeb6094841
Instruction ID: 260d0c0a69dc7d6e59747ab56149add511a770f847aab31a91859f45966f2c4d
Opcode Fuzzy Hash: e18b80fa8f8c83d0511d33ebc25deaee92fc7a018e24b77e324fe6eeb6094841
Instruction Fuzzy Hash: 2301F971A003296BD711EB65DC4DFAFB7A8EB00714F10416AFC05E7242EE749E4457D5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4315, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC4315(WCHAR* _a4, signed char* _a8) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				void* _t15;
				signed char _t19;
				signed char* _t20;
				void* _t23;
				void* _t24;
				signed int _t27;

				_t10 =  *0xcea008; // 0x4c290ae8
				_v8 = _t10 ^ _t27;
				_t20 = _a8;
				_t26 = _a4;
				_t24 = 0;
				E00CAF670(0,  &_v600, 0, 0x250);
				_t15 = FindFirstFileW(_a4,  &_v600);
				if(_t15 != 0xffffffff) {
					FindClose(_t15);
					_t19 = _v600.dwFileAttributes;
					if((_t19 & 0x00000010) == 0) {
						if(_t20 != 0) {
							 *_t20 = _t19;
						}
						_t24 = 1;
					}
				}
				return E00CADE36(_t20, _v8 ^ _t27, _t23, _t24, _t26);
			}

0x00cc431e
0x00cc4325
0x00cc4329
0x00cc4333
0x00cc433c
0x00cc4340
0x00cc4350
0x00cc4359
0x00cc435c
0x00cc4362
0x00cc436a
0x00cc436e
0x00cc4370
0x00cc4370
0x00cc4374
0x00cc4374
0x00cc436a
0x00cc4387

APIs

FindFirstFileW.KERNEL32(00CA8FFA,?,000002C0,00000000,00000000), ref: 00CC4350
FindClose.KERNEL32(00000000), ref: 00CC435C

Strings

)L, xrefs: 00CC431E

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: )L
API String ID: 2295610775-501487344
Opcode ID: 20f8f90dbc041d0296318253c2b5798116dcf07a3c171d51dd3cb8a06fe24d0c
Instruction ID: bb51c8cfcde59abfd3f1adc23bd701eea010bfd4df8f7360d0e2a2b8c7673120
Opcode Fuzzy Hash: 20f8f90dbc041d0296318253c2b5798116dcf07a3c171d51dd3cb8a06fe24d0c
Instruction Fuzzy Hash: C401F931600148ABDB10EFB9DD89FAEB3ACEBC6325F040169F919D7250D7305E4D8760

Uniqueness

Uniqueness Score: -1.00%

Function 00C8834D, Relevance: 59.8, APIs: 5, Strings: 29, Instructions: 331
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E00C8834D(struct _CRITICAL_SECTION* _a4, intOrPtr _a8) {
				char _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				void* _v24;
				int _v28;
				char _v32;
				char _v36;
				void _v60;
				intOrPtr* _t97;
				int _t148;
				struct _CRITICAL_SECTION* _t154;
				signed int _t155;
				intOrPtr* _t158;
				signed int _t159;
				int _t169;
				signed int _t170;
				void* _t171;
				signed int _t172;
				struct _CRITICAL_SECTION* _t174;
				void* _t176;
				int _t177;
				void* _t179;
				void* _t180;

				_t154 = _a4;
				_t155 = 6;
				_v24 = 0;
				_v16 = 0;
				memset( &_v60, 0, _t155 << 2);
				_t180 = _t179 + 0xc;
				_v32 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v36 = 0;
				_v28 = 0;
				EnterCriticalSection(_t154);
				if(E00CC3803(_a8, L"Variable",  &_v24) >= 0) {
					_t97 = _v24;
					_t166 =  &_v32;
					_t157 =  *_t97;
					_t176 =  *((intOrPtr*)( *_t97 + 0x20))(_t97,  &_v32);
					if(_t176 >= 0) {
						_t169 = 0;
						_a4 = 0;
						if(_v32 > 0) {
							while(1) {
								_t176 = E00CC3760(_t157, _v24,  &_v16, _t169);
								if(_t176 < 0) {
									break;
								}
								_t176 = E00CC31C7(_v16, L"Id",  &_v8);
								if(_t176 < 0) {
									_push("Failed to get @Id.");
									goto L57;
								} else {
									_t176 = E00CC33DB(_t157, _v16, L"Hidden",  &_v20);
									if(_t176 < 0) {
										_push("Failed to get @Hidden.");
										goto L57;
									} else {
										_t176 = E00CC33DB(_t157, _v16, L"Persisted",  &_v36);
										if(_t176 < 0) {
											_push("Failed to get @Persisted.");
											goto L57;
										} else {
											_t176 = E00CC31C7(_v16, L"Value",  &_v12);
											if(_t176 == 0x80070490) {
												_t177 = _t169;
												goto L25;
											} else {
												if(_t176 < 0) {
													_push("Failed to get @Value.");
													goto L57;
												} else {
													_t176 = E00CA02F4( &_v60, _v12, _t169);
													if(_t176 < 0) {
														_push("Failed to set variant value.");
														goto L57;
													} else {
														_t176 = E00CC31C7(_v16, L"Type",  &_v12);
														if(_t176 < 0) {
															_push("Failed to get @Type.");
															goto L57;
														} else {
															_t148 = CompareStringW(0x7f, _t169, _v12, 0xffffffff, L"numeric", 0xffffffff);
															_t177 = 2;
															if(_t148 != _t177) {
																if(CompareStringW(0x7f, _t169, _v12, 0xffffffff, L"string", 0xffffffff) != _t177) {
																	if(CompareStringW(0x7f, _t169, _v12, 0xffffffff, L"version", 0xffffffff) != _t177) {
																		_push(_v12);
																		_t171 = 0x80070057;
																		_t176 = 0x80070057;
																		_push("Invalid value for @Type: %ls");
																		goto L42;
																	} else {
																		if(_v20 == 0) {
																			_push(_v60);
																			E00CC061A(_t177, "Initializing version variable \'%ls\' to value \'%ls\'", _v8);
																			_t180 = _t180 + 0x10;
																		}
																		_t177 = 3;
																		goto L25;
																	}
																} else {
																	if(_v20 != 0) {
																		goto L26;
																	} else {
																		_push(_v60);
																		E00CC061A(_t177, "Initializing string variable \'%ls\' to value \'%ls\'", _v8);
																		_t180 = _t180 + 0x10;
																		goto L25;
																	}
																	goto L27;
																}
															} else {
																if(_v20 == 0) {
																	_push(_v60);
																	E00CC061A(_t177, "Initializing numeric variable \'%ls\' to value \'%ls\'", _v8);
																	_t180 = _t180 + 0x10;
																}
																_t177 = 1;
																L25:
																if(_v20 != 0) {
																	L26:
																	E00CC061A(2, "Initializing hidden variable \'%ls\'", _v8);
																	_t180 = _t180 + 0xc;
																}
																L27:
																_t176 = E00C9FEB7(_t166,  &_v60, _t177);
																if(_t176 < 0) {
																	_push("Failed to change variant type.");
																	goto L57;
																} else {
																	_t176 = E00C855B6(_t157, _t154, _v8,  &_v28);
																	if(_t176 < 0) {
																		_push(_v8);
																		_push("Failed to find variable value \'%ls\'.");
																		goto L51;
																	} else {
																		_t170 = _v28;
																		if(_t176 != 1) {
																			_t53 = _t154 + 0x20; // 0x85f08bff
																			_t124 =  *_t53;
																			if( *((intOrPtr*)(_t170 * 0x38 +  *_t53 + 0x2c)) > 0) {
																				_t171 = 0x80070057;
																				_t176 = 0x80070057;
																				E00C837D3(_t124, "variable.cpp", 0x18a, 0x80070057);
																				_push(_v8);
																				_push("Attempt to set built-in variable value: %ls");
																				L42:
																				_push(_t171);
																				goto L43;
																			} else {
																				goto L33;
																			}
																		} else {
																			_t176 = E00C86AC6(_t122, _t157, _t154, _v8, _t170);
																			if(_t176 >= 0) {
																				L33:
																				_t56 = _t154 + 0x20; // 0x85f08bff
																				_t172 = _t170 * 0x38;
																				 *((intOrPtr*)(_t172 +  *_t56 + 0x20)) = _v20;
																				_t60 = _t154 + 0x20; // 0x85f08bff
																				 *((intOrPtr*)(_t172 +  *_t60 + 0x28)) = _v36;
																				_t65 = _t154 + 0x20; // 0x85f08bff
																				_t176 = E00CA035B(_t166,  *_t65 + 8 + _t172,  &_v60);
																				if(_t176 < 0) {
																					_push(_v8);
																					_push("Failed to set value of variable: %ls");
																					goto L51;
																				} else {
																					_t66 = _t154 + 0x20; // 0x85f08bff
																					_t176 = E00CA0246( *_t66 + 8 + _t172, _v20);
																					if(_t176 < 0) {
																						_push("Failed to set variant encryption");
																						goto L57;
																					} else {
																						_t157 = _v16;
																						if(_t157 != 0) {
																							 *((intOrPtr*)( *_t157 + 8))(_t157);
																							_v16 = _v16 & 0x00000000;
																						}
																						E00CA0499( &_v60);
																						if(_v12 != 0) {
																							E00C82793(_v12);
																							_v12 = _v12 & 0x00000000;
																						}
																						_t174 = _a4 + 1;
																						_a4 = _t174;
																						if(_t174 < _v32) {
																							_t169 = 0;
																							continue;
																						}
																					}
																				}
																			} else {
																				_push(_v8);
																				_push("Failed to insert variable \'%ls\'.");
																				L51:
																				_push(_t176);
																				L43:
																				E00CC012F();
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
								goto L58;
							}
							_push("Failed to get next node.");
							goto L57;
						}
					} else {
						_push("Failed to get variable node count.");
						goto L57;
					}
				} else {
					_push("Failed to select variable nodes.");
					L57:
					_push(_t176);
					E00CC012F();
				}
				L58:
				LeaveCriticalSection(_t154);
				_t158 = _v24;
				if(_t158 != 0) {
					 *((intOrPtr*)( *_t158 + 8))(_t158);
				}
				_t159 = _v16;
				if(_t159 != 0) {
					 *((intOrPtr*)( *_t159 + 8))(_t159);
				}
				if(_v12 != 0) {
					E00CC54EF(_v12);
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				E00CA0499( &_v60);
				return _t176;
			}

0x00c88354
0x00c8835d
0x00c88360
0x00c88366
0x00c88369
0x00c88369
0x00c8836c
0x00c8836f
0x00c88372
0x00c88375
0x00c88378
0x00c8837b
0x00c8837e
0x00c88399
0x00c883a5
0x00c883a8
0x00c883ad
0x00c883b2
0x00c883b6
0x00c883c2
0x00c883c4
0x00c883ca
0x00c883d0
0x00c883dd
0x00c883e1
0x00000000
0x00000000
0x00c883f8
0x00c883fc
0x00c886c6
0x00000000
0x00c88402
0x00c88413
0x00c88417
0x00c886bf
0x00000000
0x00c8841d
0x00c8842e
0x00c88432
0x00c886b8
0x00000000
0x00c88438
0x00c88449
0x00c88451
0x00c8853d
0x00000000
0x00c88457
0x00c88459
0x00c8866d
0x00000000
0x00c8845f
0x00c8846c
0x00c88470
0x00c88666
0x00000000
0x00c88476
0x00c88487
0x00c8848b
0x00c8865f
0x00000000
0x00c88491
0x00c884a0
0x00c884a8
0x00c884ab
0x00c884e3
0x00c88518
0x00c88645
0x00c88648
0x00c8864d
0x00c8864f
0x00000000
0x00c8851e
0x00c88522
0x00c88524
0x00c88530
0x00c88535
0x00c88535
0x00c8853a
0x00000000
0x00c8853a
0x00c884e5
0x00c884e9
0x00000000
0x00c884eb
0x00c884eb
0x00c884f7
0x00c884fc
0x00000000
0x00c884fc
0x00000000
0x00c884e9
0x00c884ad
0x00c884b1
0x00c884b3
0x00c884bf
0x00c884c4
0x00c884c4
0x00c884c9
0x00c8853f
0x00c88543
0x00c88545
0x00c8854f
0x00c88554
0x00c88554
0x00c88557
0x00c88561
0x00c88565
0x00c886b1
0x00000000
0x00c8856b
0x00c88578
0x00c8857c
0x00c886a6
0x00c886a9
0x00000000
0x00c88582
0x00c88582
0x00c88588
0x00c885a7
0x00c885a7
0x00c885b2
0x00c88685
0x00c88695
0x00c88697
0x00c8869c
0x00c8869f
0x00c88654
0x00c88654
0x00000000
0x00000000
0x00000000
0x00000000
0x00c8858a
0x00c88594
0x00c88598
0x00c885b8
0x00c885b8
0x00c885be
0x00c885c1
0x00c885c5
0x00c885cb
0x00c885d3
0x00c885e1
0x00c885e5
0x00c8867b
0x00c8867e
0x00000000
0x00c885eb
0x00c885eb
0x00c885fc
0x00c88600
0x00c88674
0x00000000
0x00c88602
0x00c88602
0x00c88607
0x00c8860c
0x00c8860f
0x00c8860f
0x00c88617
0x00c88620
0x00c88625
0x00c8862a
0x00c8862a
0x00c88631
0x00c88632
0x00c88638
0x00c8863e
0x00000000
0x00c8863e
0x00c88638
0x00c88600
0x00c8859a
0x00c8859a
0x00c8859d
0x00c886ae
0x00c886ae
0x00c88655
0x00c88655
0x00c8865a
0x00c88598
0x00c88588
0x00c8857c
0x00c88565
0x00c884ab
0x00c8848b
0x00c88470
0x00c88459
0x00c88451
0x00c88432
0x00c88417
0x00000000
0x00c883fc
0x00c886cd
0x00000000
0x00c886cd
0x00c883b8
0x00c883b8
0x00000000
0x00c883b8
0x00c8839b
0x00c8839b
0x00c886d2
0x00c886d2
0x00c886d3
0x00c886d9
0x00c886da
0x00c886db
0x00c886e1
0x00c886e6
0x00c886eb
0x00c886eb
0x00c886ee
0x00c886f3
0x00c886f8
0x00c886f8
0x00c886ff
0x00c88704
0x00c88704
0x00c8870d
0x00c88712
0x00c88712
0x00c8871b
0x00c88728

APIs

EnterCriticalSection.KERNEL32(00C8533D,?,00000000,80070490,?,?,?,?,?,?,?,?,00CABF87,?,00C8533D,?), ref: 00C8837E
LeaveCriticalSection.KERNEL32(00C8533D,?,?,?,?,?,?,?,?,00CABF87,?,00C8533D,?,00C8533D,00C8533D,Chain), ref: 00C886DB

Strings

version, xrefs: 00C88503
variable.cpp, xrefs: 00C88690
Initializing hidden variable '%ls', xrefs: 00C88548
Initializing numeric variable '%ls' to value '%ls', xrefs: 00C884B9
Failed to find variable value '%ls'., xrefs: 00C886A9
Value, xrefs: 00C8843C
Failed to insert variable '%ls'., xrefs: 00C8859D
Attempt to set built-in variable value: %ls, xrefs: 00C8869F
string, xrefs: 00C884CE
Initializing string variable '%ls' to value '%ls', xrefs: 00C884F1
Failed to get variable node count., xrefs: 00C883B8
Failed to set variant value., xrefs: 00C88666
Failed to select variable nodes., xrefs: 00C8839B
Failed to get @Value., xrefs: 00C8866D
Hidden, xrefs: 00C88406
numeric, xrefs: 00C88493
Persisted, xrefs: 00C88421
Failed to get @Id., xrefs: 00C886C6
Initializing version variable '%ls' to value '%ls', xrefs: 00C8852A
Failed to set variant encryption, xrefs: 00C88674
Variable, xrefs: 00C88388
Failed to change variant type., xrefs: 00C886B1
Failed to get @Hidden., xrefs: 00C886BF
Failed to get next node., xrefs: 00C886CD
Failed to set value of variable: %ls, xrefs: 00C8867E
Failed to get @Type., xrefs: 00C8865F
Invalid value for @Type: %ls, xrefs: 00C8864F
Failed to get @Persisted., xrefs: 00C886B8
Type, xrefs: 00C8847A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Attempt to set built-in variable value: %ls$Failed to change variant type.$Failed to find variable value '%ls'.$Failed to get @Hidden.$Failed to get @Id.$Failed to get @Persisted.$Failed to get @Type.$Failed to get @Value.$Failed to get next node.$Failed to get variable node count.$Failed to insert variable '%ls'.$Failed to select variable nodes.$Failed to set value of variable: %ls$Failed to set variant encryption$Failed to set variant value.$Hidden$Initializing hidden variable '%ls'$Initializing numeric variable '%ls' to value '%ls'$Initializing string variable '%ls' to value '%ls'$Initializing version variable '%ls' to value '%ls'$Invalid value for @Type: %ls$Persisted$Type$Value$Variable$numeric$string$variable.cpp$version
API String ID: 3168844106-1614826165
Opcode ID: 1663853b484776f042ee9e9bd78a8ce7b5d8950f90a3ef673579bc85ca8d728d
Instruction ID: 402dfe145bdb1f45ffc4c514aceb5e1b8f54977675fcfd5db3740146d90b6d7e
Opcode Fuzzy Hash: 1663853b484776f042ee9e9bd78a8ce7b5d8950f90a3ef673579bc85ca8d728d
Instruction Fuzzy Hash: 55B13772D00219FBCF11EB94CC8AFAEBB75AF04714F504268F914B7690DB719E44AB88

Uniqueness

Uniqueness Score: -1.00%

Function 00CC72F4, Relevance: 45.8, APIs: 13, Strings: 13, Instructions: 340
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E00CC72F4(void* __ebx, void* __eflags, int _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				int _v20;
				int _v24;
				int _v28;
				void* __edi;
				int _t110;
				int _t111;
				int _t112;
				int _t114;
				int _t116;
				int _t117;
				int _t118;
				int _t119;
				int _t120;
				int _t121;
				int _t122;
				int _t123;
				int _t124;
				int _t125;
				int _t128;
				void* _t147;
				intOrPtr* _t150;
				void* _t151;
				signed int _t153;
				intOrPtr* _t154;
				intOrPtr _t160;
				int _t161;

				_t149 = __ebx;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t160 = E00C838D4(0x48, 1);
				if(_t160 != 0) {
					_t150 = _a4;
					 *((intOrPtr*)(_t160 + 0x40)) = _t150;
					 *((intOrPtr*)( *_t150 + 4))(_t150, __ebx);
					_t7 = _t160 + 0x20; // 0x20
					_t8 = _t160 + 0x24; // 0x24
					_t161 = E00CC64F4(_t8, _t150, L"author", _t8, _t7);
					__eflags = _t161;
					if(_t161 >= 0) {
						_t9 = _t160 + 0x28; // 0x28
						_t10 = _t160 + 0x2c; // 0x2c
						_t161 = E00CC658C(_t10, _t150, L"category", _t10, _t9);
						__eflags = _t161;
						if(_t161 >= 0) {
							_t11 = _t160 + 0x30; // 0x30
							_t12 = _t160 + 0x34; // 0x34
							_t161 = E00CC6624(_t12, _t150, L"entry", _t12, _t11);
							__eflags = _t161;
							if(_t161 >= 0) {
								_t13 = _t160 + 0x38; // 0x38
								_t14 = _t160 + 0x3c; // 0x3c
								_t161 = E00CC66BC(_t14, _t150, L"link", _t14, _t13);
								__eflags = _t161;
								if(_t161 >= 0) {
									_t158 =  &_v16;
									_t161 =  *((intOrPtr*)( *_t150 + 0x30))(_t150,  &_v16);
									__eflags = _t161;
									if(_t161 >= 0) {
										_t110 = E00CC3760( &_v16, _v16,  &_v12,  &_v8);
										_t161 = _t110;
										__eflags = _t161;
										if(_t161 != 0) {
											L45:
											_t111 =  *(_t160 + 8);
											__eflags = _t111;
											if(_t111 == 0) {
												L54:
												_t112 = 0x8007000d;
												_push(0x8007000d);
												_push(0x197);
												goto L55;
											} else {
												__eflags =  *_t111;
												if( *_t111 == 0) {
													goto L54;
												} else {
													_t114 =  *(_t160 + 0x14);
													__eflags = _t114;
													if(_t114 == 0) {
														L53:
														_t112 = 0x8007000d;
														_push(0x8007000d);
														_push(0x19c);
														goto L55;
													} else {
														__eflags =  *_t114;
														if( *_t114 == 0) {
															goto L53;
														} else {
															__eflags =  *(_t160 + 0x1c);
															if( *(_t160 + 0x1c) != 0) {
																L52:
																 *_a8 = _t160;
																_t160 = 0;
															} else {
																__eflags =  *(_t160 + 0x18);
																if( *(_t160 + 0x18) != 0) {
																	goto L52;
																} else {
																	_t112 = 0x8007000d;
																	_push(0x8007000d);
																	_push(0x1a1);
																	L55:
																	_push("atomutil.cpp");
																	_t161 = _t112;
																	E00C837D3(_t112);
																}
															}
														}
													}
												}
											}
										} else {
											_t151 = CompareStringW;
											_v28 = _t161;
											_v24 = _t110;
											_v20 = _t110;
											_a4 = _t110;
											while(1) {
												_t116 = CompareStringW(0x7f, _t110, _v8, 0xffffffff, L"generator", 0xffffffff);
												__eflags = _t116 - 2;
												if(_t116 != 2) {
													goto L13;
												}
												_push(_v12);
												_push(_t160);
												L12:
												_t128 = E00CC67C4(_t158);
												L39:
												_t161 = _t128;
												__eflags = _t161;
												if(_t161 >= 0) {
													L40:
													__eflags = _v8;
													if(_v8 != 0) {
														__imp__#6(_v8);
														_t68 =  &_v8;
														 *_t68 = _v8 & 0x00000000;
														__eflags =  *_t68;
													}
													_t158 = _v12;
													__eflags = _t158;
													if(_t158 != 0) {
														 *((intOrPtr*)( *_t158 + 8))(_t158);
														_t72 =  &_v12;
														 *_t72 = _v12 & 0x00000000;
														__eflags =  *_t72;
													}
													_t161 = E00CC3760(_t158, _v16,  &_v12,  &_v8);
													__eflags = _t161;
													if(_t161 == 0) {
														_t161 = _v28;
														_t110 = 0;
														__eflags = 0;
														continue;
													} else {
														goto L45;
													}
												}
												goto L56;
												L13:
												_t117 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"icon", 0xffffffff);
												__eflags = _t117 - 2;
												if(_t117 != 2) {
													_t118 = CompareStringW(0x7f, 0, _v8, 0xffffffff, 0xce3c78, 0xffffffff);
													__eflags = _t118 - 2;
													if(_t118 != 2) {
														_t119 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"logo", 0xffffffff);
														__eflags = _t119 - 2;
														if(_t119 != 2) {
															_t120 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"subtitle", 0xffffffff);
															__eflags = _t120 - 2;
															if(_t120 != 2) {
																_t121 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
																__eflags = _t121 - 2;
																if(_t121 != 2) {
																	_t122 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"updated", 0xffffffff);
																	__eflags = _t122 - 2;
																	if(_t122 != 2) {
																		_t123 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"author", 0xffffffff);
																		__eflags = _t123 - 2;
																		if(_t123 != 2) {
																			_t124 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"category", 0xffffffff);
																			__eflags = _t124 - 2;
																			if(_t124 != 2) {
																				_t125 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"entry", 0xffffffff);
																				__eflags = _t125 - 2;
																				if(_t125 != 2) {
																					__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"link", 0xffffffff) - 2;
																					if(__eflags != 0) {
																						_t64 = _t160 + 0x44; // 0x44
																						_t128 = E00CC79CC(_t151, __eflags, _v12, _t64);
																						goto L39;
																					} else {
																						_t161 = E00CC76A1(_v12,  *((intOrPtr*)(_t160 + 0x3c)) + _t161);
																						__eflags = _t161;
																						if(_t161 >= 0) {
																							_v28 = _v28 + 0x28;
																							goto L40;
																						}
																					}
																				} else {
																					_t161 = E00CC6FB7(_v12,  *((intOrPtr*)(_t160 + 0x34)) + _v24);
																					__eflags = _t161;
																					if(_t161 >= 0) {
																						_v24 = _v24 + 0x40;
																						goto L40;
																					}
																				}
																			} else {
																				_t161 = E00CC6BF6(_v12,  *((intOrPtr*)(_t160 + 0x2c)) + _v20);
																				__eflags = _t161;
																				if(_t161 >= 0) {
																					_v20 = _v20 + 0x10;
																					goto L40;
																				}
																			}
																		} else {
																			_t161 = E00CC6ACD(_v12,  *((intOrPtr*)(_t160 + 0x24)) + _a4);
																			__eflags = _t161;
																			if(_t161 >= 0) {
																				_a4 = _a4 + 0xc;
																				goto L40;
																			}
																		}
																	} else {
																		_t40 = _t160 + 0x18; // 0x18
																		_t128 = E00CC6754(_t158, _t40, _v12);
																		goto L39;
																	}
																} else {
																	_t37 = _t160 + 0x14; // 0x14
																	_t147 = _t37;
																	goto L15;
																}
															} else {
																_t35 = _t160 + 0x10; // 0x10
																_t147 = _t35;
																goto L15;
															}
														} else {
															_t33 = _t160 + 0xc; // 0xc
															_t147 = _t33;
															goto L15;
														}
													} else {
														_t31 = _t160 + 8; // 0x8
														_t147 = _t31;
														goto L15;
													}
												} else {
													_t28 = _t160 + 4; // 0x4
													_t147 = _t28;
													L15:
													_push(_v12);
													_push(_t147);
													goto L12;
												}
												goto L56;
											}
										}
									}
								}
							}
						}
					}
					L56:
					_pop(_t149);
				} else {
					_t161 = 0x8007000e;
					E00C837D3(_t89, "atomutil.cpp", 0x134, 0x8007000e);
				}
				if(_v8 != 0) {
					__imp__#6(_v8);
				}
				_t153 = _v12;
				if(_t153 != 0) {
					 *((intOrPtr*)( *_t153 + 8))(_t153);
				}
				_t154 = _v16;
				if(_t154 != 0) {
					 *((intOrPtr*)( *_t154 + 8))(_t154);
				}
				if(_t160 != 0) {
					E00CC7B68(_t149, _t160, _t160);
				}
				return _t161;
			}

0x00cc72f4
0x00cc7302
0x00cc7305
0x00cc7308
0x00cc7310
0x00cc7314
0x00cc7331
0x00cc7334
0x00cc733a
0x00cc733d
0x00cc7341
0x00cc7350
0x00cc7352
0x00cc7354
0x00cc735a
0x00cc735e
0x00cc736d
0x00cc736f
0x00cc7371
0x00cc7377
0x00cc737b
0x00cc738a
0x00cc738c
0x00cc738e
0x00cc7394
0x00cc7398
0x00cc73a7
0x00cc73a9
0x00cc73ab
0x00cc73b3
0x00cc73bb
0x00cc73bd
0x00cc73bf
0x00cc73d0
0x00cc73d5
0x00cc73d7
0x00cc73d9
0x00cc7605
0x00cc7605
0x00cc7608
0x00cc760a
0x00cc764c
0x00cc764c
0x00cc7651
0x00cc7652
0x00000000
0x00cc760c
0x00cc760e
0x00cc7611
0x00000000
0x00cc7613
0x00cc7613
0x00cc7616
0x00cc7618
0x00cc763f
0x00cc763f
0x00cc7644
0x00cc7645
0x00000000
0x00cc761a
0x00cc761a
0x00cc761d
0x00000000
0x00cc761f
0x00cc761f
0x00cc7622
0x00cc7636
0x00cc7639
0x00cc763b
0x00cc7624
0x00cc7624
0x00cc7627
0x00000000
0x00cc7629
0x00cc7629
0x00cc762e
0x00cc762f
0x00cc7657
0x00cc7657
0x00cc765c
0x00cc765e
0x00cc765e
0x00cc7627
0x00cc7622
0x00cc761d
0x00cc7618
0x00cc7611
0x00cc73df
0x00cc73df
0x00cc73e5
0x00cc73e8
0x00cc73eb
0x00cc73ee
0x00cc73f8
0x00cc7407
0x00cc7409
0x00cc740c
0x00000000
0x00000000
0x00cc740e
0x00cc7411
0x00cc7412
0x00cc7412
0x00cc75bd
0x00cc75bd
0x00cc75bf
0x00cc75c1
0x00cc75c7
0x00cc75c7
0x00cc75cb
0x00cc75d0
0x00cc75d6
0x00cc75d6
0x00cc75d6
0x00cc75d6
0x00cc75da
0x00cc75dd
0x00cc75df
0x00cc75e4
0x00cc75e7
0x00cc75e7
0x00cc75e7
0x00cc75e7
0x00cc75fb
0x00cc75fd
0x00cc75ff
0x00cc73f3
0x00cc73f6
0x00cc73f6
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc75ff
0x00000000
0x00cc741c
0x00cc742c
0x00cc742e
0x00cc7431
0x00cc744c
0x00cc744e
0x00cc7451
0x00cc7468
0x00cc746a
0x00cc746d
0x00cc7484
0x00cc7486
0x00cc7489
0x00cc74a0
0x00cc74a2
0x00cc74a5
0x00cc74bc
0x00cc74be
0x00cc74c1
0x00cc74e4
0x00cc74e6
0x00cc74e9
0x00cc751d
0x00cc751f
0x00cc7522
0x00cc7556
0x00cc7558
0x00cc755b
0x00cc758e
0x00cc7591
0x00cc75b1
0x00cc75b8
0x00000000
0x00cc7593
0x00cc75a1
0x00cc75a3
0x00cc75a5
0x00cc75ab
0x00000000
0x00cc75ab
0x00cc75a5
0x00cc755d
0x00cc756c
0x00cc756e
0x00cc7570
0x00cc7576
0x00000000
0x00cc7576
0x00cc7570
0x00cc7524
0x00cc7533
0x00cc7535
0x00cc7537
0x00cc753d
0x00000000
0x00cc753d
0x00cc7537
0x00cc74eb
0x00cc74fa
0x00cc74fc
0x00cc74fe
0x00cc7504
0x00000000
0x00cc7504
0x00cc74fe
0x00cc74c3
0x00cc74c6
0x00cc74ca
0x00000000
0x00cc74ca
0x00cc74a7
0x00cc74a7
0x00cc74a7
0x00000000
0x00cc74a7
0x00cc748b
0x00cc748b
0x00cc748b
0x00000000
0x00cc748b
0x00cc746f
0x00cc746f
0x00cc746f
0x00000000
0x00cc746f
0x00cc7453
0x00cc7453
0x00cc7453
0x00000000
0x00cc7453
0x00cc7433
0x00cc7433
0x00cc7433
0x00cc7436
0x00cc7436
0x00cc7439
0x00000000
0x00cc7439
0x00000000
0x00cc7431
0x00cc73f8
0x00cc73d9
0x00cc73bf
0x00cc73ab
0x00cc738e
0x00cc7371
0x00cc7663
0x00cc7663
0x00cc7316
0x00cc7316
0x00cc7326
0x00cc7326
0x00cc7668
0x00cc766d
0x00cc766d
0x00cc7673
0x00cc7678
0x00cc767d
0x00cc767d
0x00cc7680
0x00cc7685
0x00cc768a
0x00cc768a
0x00cc768f
0x00cc7692
0x00cc7692
0x00cc769e

APIs

Part of subcall function 00C838D4: GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
Part of subcall function 00C838D4: RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,generator,000000FF,?,?,?), ref: 00CC7407
SysFreeString.OLEAUT32(00000000), ref: 00CC75D0
SysFreeString.OLEAUT32(00000000), ref: 00CC766D

Strings

logo, xrefs: 00CC745A
updated, xrefs: 00CC74AE
author, xrefs: 00CC7345, 00CC74D6
(, xrefs: 00CC75AB
atomutil.cpp, xrefs: 00CC7321, 00CC7657
category, xrefs: 00CC7362, 00CC750F
subtitle, xrefs: 00CC7476
title, xrefs: 00CC7492
generator, xrefs: 00CC73FA
entry, xrefs: 00CC737F, 00CC7548
link, xrefs: 00CC739C, 00CC757E
icon, xrefs: 00CC741E
@, xrefs: 00CC7576

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: String$FreeHeap$AllocateCompareProcess
String ID: ($@$atomutil.cpp$author$category$entry$generator$icon$link$logo$subtitle$title$updated
API String ID: 1555028553-2592408802
Opcode ID: d84558f4b94a37b0ca687aa9058af26aad9fca4b2ddce5fecf2765c88e24d005
Instruction ID: b2622f5a25c08b6ecc7489427b165907dfb145116e790f2296fd68849616ff77
Opcode Fuzzy Hash: d84558f4b94a37b0ca687aa9058af26aad9fca4b2ddce5fecf2765c88e24d005
Instruction Fuzzy Hash: 4CB19E71948616BBCB21DBA9CC41FAEBA74EB14720F200369F521A76D1DB70EE40DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00CAD22C, Relevance: 45.8, APIs: 10, Strings: 16, Instructions: 276
processCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00CAD22C(void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, DWORD* _a20) {
				signed int _v8;
				char _v88;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				struct _SECURITY_ATTRIBUTES* _v120;
				signed short _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				struct _PROCESS_INFORMATION _v148;
				intOrPtr _v152;
				WCHAR* _v156;
				DWORD* _v160;
				intOrPtr _v164;
				void* _v168;
				signed int _v172;
				signed short _v176;
				signed int _v180;
				char _v184;
				struct _STARTUPINFOW _v252;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed int _t84;
				signed short _t86;
				signed short _t89;
				signed short _t100;
				signed short _t104;
				signed short _t105;
				long _t119;
				signed short _t123;
				signed short _t124;
				signed short _t127;
				void* _t134;
				DWORD* _t139;
				signed short _t140;
				void* _t143;
				void* _t147;
				signed short _t156;
				signed short _t159;
				signed short _t162;
				signed int _t163;

				_t143 = __edx;
				_t73 =  *0xcea008; // 0x4c290ae8
				_v8 = _t73 ^ _t163;
				_v156 = _a4;
				_v152 = _a8;
				_v132 = _a12;
				_v128 = _a16;
				_v160 = _a20;
				asm("stosd");
				_t133 = 0;
				_v116 = 0;
				asm("stosd");
				_v112 = 0;
				_v120 = 0;
				_v108 = 0;
				asm("stosd");
				asm("stosd");
				E00CAF670( &_v104,  &_v252, 0, 0x44);
				_v124 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t84 =  &_v104;
				__imp__UuidCreate(_t84);
				if((_t84 | 0x00000001) >= 0) {
					_t86 =  &_v104;
					__imp__StringFromGUID2(_t86,  &_v88, 0x27);
					__eflags = _t86;
					if(_t86 != 0) {
						_t89 = E00C81F20( &_v112, L"NetFxSection.%ls",  &_v88);
						__eflags = _t89;
						if(_t89 >= 0) {
							__eflags = E00C81F20( &_v116, L"NetFxEvent.%ls",  &_v88);
							if(__eflags >= 0) {
								_t153 = E00CACC24(0, _t134, __eflags, _v112, _v116,  &_v108);
								__eflags = _t153;
								if(_t153 >= 0) {
									_push(_v112);
									_t153 = E00C81F62( &_v120, L"%ls /pipe %ls", _v152);
									__eflags = _t153;
									if(_t153 >= 0) {
										_t146 = _v156;
										_v252.cb = 0x44;
										_t100 = CreateProcessW(_v156, _v120, 0, 0, 0, 0x8000000, 0, 0,  &_v252,  &_v148);
										__eflags = _t100;
										if(_t100 != 0) {
											_t133 = _v108;
											_t146 = WaitForMultipleObjects;
											_v168 = _v148.hProcess;
											_v164 =  *((intOrPtr*)(_v108 + 4));
											while(1) {
												_t104 = WaitForMultipleObjects(2,  &_v168, 0, 0x64);
												__eflags = _t104;
												if(_t104 == 0) {
													break;
												}
												__eflags = _t104 - 1;
												if(_t104 != 1) {
													__eflags = _t104 - 0xffffffff;
													if(_t104 == 0xffffffff) {
														_t105 = GetLastError();
														__eflags = _t105;
														_t156 =  <=  ? _t105 : _t105 & 0x0000ffff | 0x80070000;
														__eflags = _t156;
														_t153 =  >=  ? 0x80004005 : _t156;
														E00C837D3(0x80004005, "NetFxChainer.cpp", 0x19e, _t153);
														_push("Failed to wait for netfx chainer process to complete");
														L2:
														_push(_t153);
														E00CC012F();
														L29:
														if(_v112 != 0) {
															E00CC54EF(_v112);
														}
														if(_v116 != 0) {
															E00CC54EF(_v116);
														}
														E00C82793(_v120);
														E00CACEF5(_t133, _t146, _t133);
														_t147 = CloseHandle;
														if(_v148.hThread != 0) {
															CloseHandle(_v148.hThread);
															_v148.hThread = _v148.hThread & 0x00000000;
														}
														if(_v148.hProcess != 0) {
															CloseHandle(_v148.hProcess);
														}
														return E00CADE36(_t133, _v8 ^ _t163, _t143, _t147, _t153);
													}
													continue;
												}
												_t153 = E00CAD12C(_t133, _v132, _v128);
												__eflags = _t153;
												if(_t153 >= 0) {
													continue;
												}
												_push("Failed to process netfx chainer message.");
												goto L2;
											}
											_t119 = E00CACFFC(_t133,  &_v124);
											_t139 = _v160;
											 *_t139 = _t119;
											__eflags = _t119 - 0x8000000a;
											if(_t119 != 0x8000000a) {
												_t140 = _v124;
												__eflags = _t140;
												if(_t140 < 0) {
													_t146 =  &_v184;
													asm("stosd");
													asm("stosd");
													asm("stosd");
													asm("stosd");
													_v180 = _v180 & 0x00000000;
													_t56 =  &_v172;
													 *_t56 = _v172 & 0x00000000;
													__eflags =  *_t56;
													_v184 = 1;
													_v176 = _t140;
													_v132( &_v184, _v128);
												}
												goto L29;
											}
											_t123 = GetExitCodeProcess(_v148, _t139);
											__eflags = _t123;
											if(_t123 != 0) {
												goto L29;
											}
											_t124 = GetLastError();
											__eflags = _t124;
											_t159 =  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
											__eflags = _t159;
											_t153 =  >=  ? 0x80004005 : _t159;
											E00C837D3(0x80004005, "NetFxChainer.cpp", 0x18a, _t153);
											_push("Failed to get netfx return code.");
											goto L2;
										}
										_t127 = GetLastError();
										__eflags = _t127;
										_t162 =  <=  ? _t127 : _t127 & 0x0000ffff | 0x80070000;
										__eflags = _t162;
										_t153 =  >=  ? 0x80004005 : _t162;
										E00C837D3(0x80004005, "NetFxChainer.cpp", 0x17a,  >=  ? 0x80004005 : _t162);
										E00CC012F( >=  ? 0x80004005 : _t162, "Failed to CreateProcess on path: %ls", _t146);
										L12:
										_t133 = _v108;
										goto L29;
									}
									_push("Failed to allocate netfx chainer arguments.");
									L11:
									_push(_t153);
									E00CC012F();
									goto L12;
								}
								_push("Failed to create netfx chainer.");
								goto L11;
							}
							_push("Failed to allocate event name.");
							goto L2;
						}
						_push("Failed to allocate section name.");
						goto L2;
					}
					_t153 = 0x8007000e;
					E00C837D3(_t86, "NetFxChainer.cpp", 0x168, 0x8007000e);
					_push("Failed to convert netfx chainer guid into string.");
					goto L2;
				}
				_push("Failed to create netfx chainer guid.");
				goto L2;
			}

0x00cad22c
0x00cad235
0x00cad23c
0x00cad242
0x00cad24b
0x00cad254
0x00cad25b
0x00cad263
0x00cad270
0x00cad271
0x00cad276
0x00cad279
0x00cad27a
0x00cad27d
0x00cad280
0x00cad283
0x00cad284
0x00cad28c
0x00cad293
0x00cad29f
0x00cad2a0
0x00cad2a1
0x00cad2a2
0x00cad2a3
0x00cad2a7
0x00cad2b2
0x00cad2cc
0x00cad2d0
0x00cad2d6
0x00cad2d8
0x00cad303
0x00cad30d
0x00cad30f
0x00cad32f
0x00cad331
0x00cad34c
0x00cad34e
0x00cad350
0x00cad367
0x00cad37e
0x00cad383
0x00cad385
0x00cad38e
0x00cad3a1
0x00cad3bc
0x00cad3c2
0x00cad3c4
0x00cad408
0x00cad411
0x00cad417
0x00cad420
0x00cad44e
0x00cad45b
0x00cad45d
0x00cad45f
0x00000000
0x00000000
0x00cad428
0x00cad42b
0x00cad449
0x00cad44c
0x00cad4cb
0x00cad4da
0x00cad4dc
0x00cad4e4
0x00cad4e6
0x00cad4f4
0x00cad4f9
0x00cad2b9
0x00cad2b9
0x00cad2ba
0x00cad541
0x00cad545
0x00cad54a
0x00cad54a
0x00cad553
0x00cad558
0x00cad558
0x00cad560
0x00cad566
0x00cad572
0x00cad578
0x00cad580
0x00cad582
0x00cad582
0x00cad590
0x00cad598
0x00cad598
0x00cad5ac
0x00cad5ac
0x00000000
0x00cad44c
0x00cad439
0x00cad43b
0x00cad43d
0x00000000
0x00000000
0x00cad43f
0x00000000
0x00cad43f
0x00cad466
0x00cad46b
0x00cad471
0x00cad473
0x00cad478
0x00cad503
0x00cad506
0x00cad508
0x00cad50f
0x00cad515
0x00cad516
0x00cad517
0x00cad518
0x00cad51f
0x00cad526
0x00cad526
0x00cad526
0x00cad52e
0x00cad538
0x00cad53e
0x00cad53e
0x00000000
0x00cad508
0x00cad485
0x00cad48b
0x00cad48d
0x00000000
0x00000000
0x00cad493
0x00cad4a2
0x00cad4a4
0x00cad4ac
0x00cad4ae
0x00cad4bc
0x00cad4c1
0x00000000
0x00cad4c1
0x00cad3c6
0x00cad3d5
0x00cad3d7
0x00cad3df
0x00cad3e1
0x00cad3ef
0x00cad3fb
0x00cad35f
0x00cad35f
0x00000000
0x00cad35f
0x00cad387
0x00cad357
0x00cad357
0x00cad358
0x00000000
0x00cad35e
0x00cad352
0x00000000
0x00cad352
0x00cad333
0x00000000
0x00cad333
0x00cad311
0x00000000
0x00cad311
0x00cad2da
0x00cad2ea
0x00cad2ef
0x00000000
0x00cad2ef
0x00cad2b4
0x00000000

APIs

UuidCreate.RPCRT4(?), ref: 00CAD2A7
StringFromGUID2.OLE32(?,?,00000027), ref: 00CAD2D0
CreateProcessW.KERNEL32 ref: 00CAD3BC
GetLastError.KERNEL32(?,?,?,?), ref: 00CAD3C6
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,00000064,?,?,?,?), ref: 00CAD45B
GetExitCodeProcess.KERNEL32 ref: 00CAD485
GetLastError.KERNEL32(?,?,?,?), ref: 00CAD493
GetLastError.KERNEL32(?,?,?,?), ref: 00CAD4CB

Part of subcall function 00CAD12C: WaitForSingleObject.KERNEL32(?,000000FF,74B5F730,00000000,?,?,?,?,00CAD439,?), ref: 00CAD145
Part of subcall function 00CAD12C: ReleaseMutex.KERNEL32(?,?,?,?,00CAD439,?), ref: 00CAD161
Part of subcall function 00CAD12C: WaitForSingleObject.KERNEL32(?,000000FF), ref: 00CAD1A4
Part of subcall function 00CAD12C: ReleaseMutex.KERNEL32(?), ref: 00CAD1BB
Part of subcall function 00CAD12C: SetEvent.KERNEL32(?), ref: 00CAD1C4

CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 00CAD580
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?), ref: 00CAD598

Strings

NetFxChainer.cpp, xrefs: 00CAD2E5, 00CAD3EA, 00CAD4B7, 00CAD4EF
Failed to allocate event name., xrefs: 00CAD333
Failed to process netfx chainer message., xrefs: 00CAD43F
NetFxEvent.%ls, xrefs: 00CAD31F
Failed to wait for netfx chainer process to complete, xrefs: 00CAD4F9
Failed to create netfx chainer guid., xrefs: 00CAD2B4
Failed to CreateProcess on path: %ls, xrefs: 00CAD3F5
Failed to allocate netfx chainer arguments., xrefs: 00CAD387
Failed to create netfx chainer., xrefs: 00CAD352
D, xrefs: 00CAD3A1
Failed to convert netfx chainer guid into string., xrefs: 00CAD2EF
NetFxSection.%ls, xrefs: 00CAD2FD
Failed to allocate section name., xrefs: 00CAD311
)L, xrefs: 00CAD235
%ls /pipe %ls, xrefs: 00CAD373
Failed to get netfx return code., xrefs: 00CAD4C1

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastWait$CloseCreateHandleMutexObjectProcessReleaseSingle$CodeEventExitFromMultipleObjectsStringUuid
String ID: %ls /pipe %ls$D$Failed to CreateProcess on path: %ls$Failed to allocate event name.$Failed to allocate netfx chainer arguments.$Failed to allocate section name.$Failed to convert netfx chainer guid into string.$Failed to create netfx chainer guid.$Failed to create netfx chainer.$Failed to get netfx return code.$Failed to process netfx chainer message.$Failed to wait for netfx chainer process to complete$NetFxChainer.cpp$NetFxEvent.%ls$NetFxSection.%ls$)L
API String ID: 2531618940-1381165691
Opcode ID: 39009ba38fe3d8bd825b3c3f407944f362656dbfc7b4e6fb8a1f33e979ac78d3
Instruction ID: 2e1945e395ebe09329feacffa36f64ff4ed9d19df5970822a3bee797f810b32e
Opcode Fuzzy Hash: 39009ba38fe3d8bd825b3c3f407944f362656dbfc7b4e6fb8a1f33e979ac78d3
Instruction Fuzzy Hash: D5A1BF72E40329AFEB209BA5CC45FAEB7B8AF09714F100169F90AF7151D7709E809F91

Uniqueness

Uniqueness Score: -1.00%

Function 00C952E3, Relevance: 45.7, APIs: 17, Strings: 9, Instructions: 222
filepipesleepCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E00C952E3(long _a4) {
				long _v8;
				signed int _v12;
				void _v16;
				signed int _v20;
				void* _v24;
				void _v28;
				void _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				WCHAR* _t40;
				long _t43;
				signed int _t44;
				signed short _t48;
				signed short _t56;
				signed short _t62;
				signed short _t67;
				signed short _t73;
				signed short _t79;
				void* _t83;
				long _t84;
				signed int _t88;
				void* _t109;

				_t84 = _a4;
				_t88 = 0;
				_v40 =  *((intOrPtr*)(_t84 + 0x10));
				_v36 =  *((intOrPtr*)(_t84 + 0x14));
				_t40 =  *(_t84 + 4);
				_v24 = _t40;
				_v16 = lstrlenW(_t40) + _t41;
				_t43 = GetCurrentProcessId();
				_v32 = _v32 & 0;
				_a4 = _a4 & 0;
				_v28 = _t43;
				_t44 = 0;
				_v20 = 0;
				while(1) {
					L1:
					_t83 =  *(_t109 + _t44 * 4 - 0x24);
					if(_t83 == 0xffffffff) {
						break;
					}
					_v8 = 1;
					if(SetNamedPipeHandleState(_t83,  &_v8, 0, 0) == 0) {
						_t48 = GetLastError();
						_t91 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						_t88 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "pipe.cpp", 0x1ce, _t88);
						_push("Failed to set pipe to non-blocking.");
						goto L28;
					} else {
						_v12 = _v12 & 0x00000000;
						do {
							if(ConnectNamedPipe(_t83, 0) != 0) {
								goto L9;
							} else {
								_t52 = GetLastError();
								if(_t52 == 0x217) {
									_t88 = 0;
									L11:
									_v8 = _v8 & 0x00000000;
									if(SetNamedPipeHandleState(_t83,  &_v8, 0, 0) == 0) {
										_t56 = GetLastError();
										_t94 =  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t56 : _t56 & 0x0000ffff | 0x80070000;
										E00C837D3(0x80004005, "pipe.cpp", 0x1f9, _t88);
										_push("Failed to reset pipe to blocking.");
										goto L28;
									} else {
										if(WriteFile(_t83,  &_v16, 4,  &_a4, 0) == 0) {
											_t62 = GetLastError();
											_t97 =  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t62 : _t62 & 0x0000ffff | 0x80070000;
											E00C837D3(0x80004005, "pipe.cpp", 0x1ff, _t88);
											_push("Failed to write secret length to pipe.");
											goto L28;
										} else {
											if(WriteFile(_t83, _v24, _v16,  &_a4, 0) == 0) {
												_t67 = GetLastError();
												_t100 =  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												_t88 =  >=  ? 0x80004005 :  <=  ? _t67 : _t67 & 0x0000ffff | 0x80070000;
												E00C837D3(0x80004005, "pipe.cpp", 0x204, _t88);
												_push("Failed to write secret to pipe.");
												goto L28;
											} else {
												if(WriteFile(_t83,  &_v28, 4,  &_a4, 0) == 0) {
													_t73 = GetLastError();
													_t103 =  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													_t88 =  >=  ? 0x80004005 :  <=  ? _t73 : _t73 & 0x0000ffff | 0x80070000;
													E00C837D3(0x80004005, "pipe.cpp", 0x209, _t88);
													_push("Failed to write our process id to pipe.");
													goto L28;
												} else {
													if(ReadFile(_t83,  &_v32, 4,  &_a4, 0) == 0) {
														_t79 = GetLastError();
														_t106 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														_t88 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
														E00C837D3(0x80004005, "pipe.cpp", 0x20f, _t88);
														_push("Failed to read ACK from pipe.");
														goto L28;
													} else {
														_t44 = _v20 + 1;
														_v20 = _t44;
														if(_t44 < 2) {
															goto L1;
														} else {
														}
													}
												}
											}
										}
									}
								} else {
									if(_t52 != 0x218) {
										_t88 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
										break;
									} else {
										_t52 = _v12;
										if(_t52 >= 0x708) {
											_t88 = 0x800705b4;
											L21:
											E00C837D3(_t52, "pipe.cpp", 0x1f3, _t88);
											_push("Failed to wait for child to connect to pipe.");
											L28:
											_push(_t88);
											E00CC012F();
										} else {
											_t52 = _t52 + 1;
											_t88 = 0x80070218;
											_v12 = _t52;
											Sleep(0x64);
											goto L9;
										}
									}
								}
							}
							goto L29;
							L9:
						} while (_t88 == 0x80070218);
						if(_t88 < 0) {
							goto L21;
						} else {
							goto L11;
						}
					}
					break;
				}
				L29:
				return _t88;
			}

0x00c952e9
0x00c952f2
0x00c952f4
0x00c952fa
0x00c952fd
0x00c95301
0x00c9530c
0x00c9530f
0x00c95315
0x00c95318
0x00c95321
0x00c95324
0x00c95326
0x00c95329
0x00c95329
0x00c95329
0x00c95330
0x00000000
0x00000000
0x00c9533d
0x00c9534e
0x00c9557b
0x00c95588
0x00c95592
0x00c955a0
0x00c955a5
0x00000000
0x00c95354
0x00c95354
0x00c95358
0x00c95363
0x00000000
0x00c95365
0x00c95365
0x00c9536c
0x00c95457
0x00c953ac
0x00c953ac
0x00c953c1
0x00c9554a
0x00c95557
0x00c95561
0x00c9556f
0x00c95574
0x00000000
0x00c953c7
0x00c953dc
0x00c95519
0x00c95526
0x00c95530
0x00c9553e
0x00c95543
0x00000000
0x00c953e2
0x00c953f7
0x00c954e5
0x00c954f2
0x00c954fc
0x00c9550a
0x00c9550f
0x00000000
0x00c953fd
0x00c95412
0x00c954b1
0x00c954be
0x00c954c8
0x00c954d6
0x00c954db
0x00000000
0x00c95418
0x00c9542d
0x00c9547d
0x00c9548a
0x00c95494
0x00c954a2
0x00c954a7
0x00000000
0x00c9542f
0x00c95432
0x00c95433
0x00c95439
0x00000000
0x00000000
0x00c9543f
0x00c95439
0x00c9542d
0x00c95412
0x00c953f7
0x00c953dc
0x00c95372
0x00c95377
0x00c9544f
0x00000000
0x00c9537d
0x00c9537d
0x00c95385
0x00c9545e
0x00c95463
0x00c9546e
0x00c95473
0x00c955aa
0x00c955aa
0x00c955ab
0x00c9538b
0x00c9538b
0x00c9538c
0x00c95393
0x00c95396
0x00000000
0x00c95396
0x00c95385
0x00c95377
0x00c9536c
0x00000000
0x00c9539c
0x00c9539c
0x00c953a6
0x00000000
0x00000000
0x00000000
0x00000000
0x00c953a6
0x00000000
0x00c9534e
0x00c955b3
0x00c955ba

APIs

lstrlenW.KERNEL32(?,?,00000000,?,00CCB4F0,?,00000000,?,00C8442A,?,00CCB4F0), ref: 00C95304
GetCurrentProcessId.KERNEL32(?,00C8442A,?,00CCB4F0), ref: 00C9530F
SetNamedPipeHandleState.KERNEL32(?,000000FF,00000000,00000000,?,00C8442A,?,00CCB4F0), ref: 00C95346
ConnectNamedPipe.KERNEL32(?,00000000,?,00C8442A,?,00CCB4F0), ref: 00C9535B
GetLastError.KERNEL32(?,00C8442A,?,00CCB4F0), ref: 00C95365
Sleep.KERNEL32(00000064,?,00C8442A,?,00CCB4F0), ref: 00C95396
SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000,?,00C8442A,?,00CCB4F0), ref: 00C953B9
WriteFile.KERNEL32(?,crypt32.dll,00000004,00000000,00000000,?,00C8442A,?,00CCB4F0), ref: 00C953D4
WriteFile.KERNEL32(?,00C8442A,00CCB4F0,00000000,00000000,?,00C8442A,?,00CCB4F0), ref: 00C953EF
WriteFile.KERNEL32(?,?,00000004,00000000,00000000,?,00C8442A,?,00CCB4F0), ref: 00C9540A
ReadFile.KERNEL32(?,00000000,00000004,00000000,00000000,?,00C8442A,?,00CCB4F0), ref: 00C95425
GetLastError.KERNEL32(?,00C8442A,?,00CCB4F0), ref: 00C9547D
GetLastError.KERNEL32(?,00C8442A,?,00CCB4F0), ref: 00C954B1
GetLastError.KERNEL32(?,00C8442A,?,00CCB4F0), ref: 00C954E5
GetLastError.KERNEL32(?,00C8442A,?,00CCB4F0), ref: 00C9557B

Strings

Failed to write secret to pipe., xrefs: 00C9550F
pipe.cpp, xrefs: 00C95469, 00C9549D, 00C954D1, 00C95505, 00C95539, 00C9556A, 00C9559B
Failed to set pipe to non-blocking., xrefs: 00C955A5
Failed to write secret length to pipe., xrefs: 00C95543
Failed to wait for child to connect to pipe., xrefs: 00C95473
Failed to reset pipe to blocking., xrefs: 00C95574
Failed to write our process id to pipe., xrefs: 00C954DB
Failed to read ACK from pipe., xrefs: 00C954A7
crypt32.dll, xrefs: 00C953D2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$File$NamedPipeWrite$HandleState$ConnectCurrentProcessReadSleeplstrlen
String ID: Failed to read ACK from pipe.$Failed to reset pipe to blocking.$Failed to set pipe to non-blocking.$Failed to wait for child to connect to pipe.$Failed to write our process id to pipe.$Failed to write secret length to pipe.$Failed to write secret to pipe.$crypt32.dll$pipe.cpp
API String ID: 2944378912-2047837012
Opcode ID: 8597ca62c30a57c2849795d07ce7d0506cab5d3f79fa403c26229f6bf43ceb24
Instruction ID: f5f3849d8a2d2a8679189562088c4f3f6d64596acc91409e22df5587e20ac1ad
Opcode Fuzzy Hash: 8597ca62c30a57c2849795d07ce7d0506cab5d3f79fa403c26229f6bf43ceb24
Instruction Fuzzy Hash: D961C4B2E40725ABEB11ABB9CD49BAEB6E8EF04741F114125FE05E7190D774CE0087E5

Uniqueness

Uniqueness Score: -1.00%

Function 00C8A311, Relevance: 44.0, APIs: 8, Strings: 17, Instructions: 299
registryCOMMON

Download Yara Rule

C-Code - Quality: 66%

			E00C8A311(long _a4, intOrPtr _a8) {
				int _v8;
				char _v12;
				int _v16;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				signed short _t79;
				signed short _t85;
				void* _t87;
				void* _t89;
				void* _t103;
				long _t106;
				signed short _t110;
				void* _t114;
				WCHAR* _t131;
				signed int _t132;
				long _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t158;
				void* _t159;

				_t132 = 6;
				memset( &_v48, 0, _t132 << 2);
				_t159 = _t158 + 0xc;
				_t143 = _a4;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t131 = 0;
				_t72 =  ==  ? 1 : 0x101;
				_v24 = 0;
				_a4 =  ==  ? 1 : 0x101;
				_v8 = 0;
				if(E00C871CF(_a8,  *((intOrPtr*)(_t143 + 0x1c)),  &_v12, 0) >= 0) {
					if( *((intOrPtr*)(_t143 + 0x20)) == 0) {
						L5:
						_t145 = E00CC0E3F( *((intOrPtr*)(_t143 + 0x18)), _v12, _a4,  &_v16);
						if(_t145 != 0x80070002) {
							if(_t145 >= 0) {
								_t79 = RegQueryValueExW(_v16, _v20, 0,  &_v24, 0,  &_v8);
								if(_t79 != 2) {
									if(_t79 == 0) {
										_t131 = E00C838D4(_v8 + 2, 1);
										if(_t131 != 0) {
											_t85 = RegQueryValueExW(_v16, _v20, 0,  &_v24, _t131,  &_v8);
											if(_t85 == 0) {
												_t87 = _v24 - 1;
												if(_t87 == 0) {
													L38:
													_t89 = E00CA02F4( &_v48, _t131, 0);
													goto L39;
												} else {
													_t103 = _t87 - 1;
													if(_t103 == 0) {
														if( *((intOrPtr*)(_t143 + 0x28)) == 0) {
															goto L38;
														} else {
															_t147 = E00C81EDE( &_v48, _v8);
															if(_t147 >= 0) {
																_v32 = 2;
																_t106 = ExpandEnvironmentStringsW(_t131, _v48, _v8);
																_a4 = _t106;
																if(_t106 <= _v8) {
																	goto L40;
																} else {
																	_t148 = E00C81EDE( &_v48, _t106);
																	if(_t148 < 0) {
																		goto L33;
																	} else {
																		if(_a4 == ExpandEnvironmentStringsW(_t131, _v48, _a4)) {
																			goto L40;
																		} else {
																			_t110 = GetLastError();
																			_t151 =  <=  ? _t110 : _t110 & 0x0000ffff | 0x80070000;
																			_t148 =  >=  ? 0x80004005 :  <=  ? _t110 : _t110 & 0x0000ffff | 0x80070000;
																			E00C837D3(0x80004005, "search.cpp", 0x396, _t148);
																			_push("Failed to get expand environment string.");
																			goto L46;
																		}
																	}
																}
															} else {
																L33:
																_push("Failed to allocate string buffer.");
																goto L46;
															}
														}
													} else {
														_t114 = _t103;
														if(_t114 == 0) {
															if(_v8 != 4) {
																goto L26;
															} else {
																asm("cdq");
																_push(0);
																_push( *_t131);
																goto L28;
															}
														} else {
															if(_t114 == 7) {
																if(_v8 == 8) {
																	_push(_t131[2]);
																	_push( *_t131);
																	L28:
																	_push( &_v48);
																	_t89 = E00CA02B0();
																	L39:
																	_t147 = _t89;
																	L40:
																	if(_t147 >= 0) {
																		_t148 = E00C9FEB7(0,  &_v48,  *((intOrPtr*)(_t143 + 0x14)));
																		if(_t148 >= 0) {
																			_t148 = E00C88137(_a8,  *((intOrPtr*)(_t143 + 4)),  &_v48);
																			if(_t148 < 0) {
																				_push("Failed to set variable.");
																				goto L46;
																			}
																		} else {
																			_push("Failed to change value type.");
																			goto L46;
																		}
																	} else {
																		_push("Failed to read registry value.");
																		goto L46;
																	}
																} else {
																	L26:
																	_t148 = 0x8000ffff;
																	goto L47;
																}
															} else {
																_t148 = 0x80004001;
																E00CC012F(0x80004001, "Unsupported registry key value type. Type = \'%u\'", _v24);
																_t159 = _t159 + 0xc;
																goto L47;
															}
														}
													}
												}
											} else {
												_t154 =  <=  ? _t85 : _t85 & 0x0000ffff | 0x80070000;
												_t148 =  >=  ? 0x80004005 :  <=  ? _t85 : _t85 & 0x0000ffff | 0x80070000;
												E00C837D3(0x80004005, "search.cpp", 0x375, _t148);
												_push("Failed to query registry key value.");
												goto L46;
											}
										} else {
											_t148 = 0x8007000e;
											E00C837D3(_t82, "search.cpp", 0x372, 0x8007000e);
											_push("Failed to allocate memory registry value.");
											_push(0x8007000e);
											E00CC012F();
											goto L47;
										}
									} else {
										_t157 =  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
										_t148 =  >=  ? 0x80004005 :  <=  ? _t79 : _t79 & 0x0000ffff | 0x80070000;
										E00C837D3(0x80004005, "search.cpp", 0x36f, _t148);
										_push("Failed to query registry key value size.");
										goto L46;
									}
								} else {
									_push(_v20);
									E00CC061A(_t79, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v12);
									_t159 = _t159 + 0x10;
									goto L7;
								}
							} else {
								_push("Failed to open registry key.");
								goto L46;
							}
						} else {
							E00CC061A(2, "Registry key not found. Key = \'%ls\'", _v12);
							_t159 = _t159 + 0xc;
							L7:
							_t148 = E00C88137(_a8,  *((intOrPtr*)(_t143 + 4)),  &_v48);
							if(_t148 >= 0) {
								_t148 = 0;
							} else {
								_push("Failed to clear variable.");
								goto L46;
							}
						}
					} else {
						_t148 = E00C871CF(_a8,  *((intOrPtr*)(_t143 + 0x20)),  &_v20, 0);
						if(_t148 >= 0) {
							goto L5;
						} else {
							_push("Failed to format value string.");
							goto L46;
						}
					}
				} else {
					_push("Failed to format key string.");
					L46:
					_push(_t148);
					E00CC012F();
					if(_t148 < 0) {
						L47:
						_push(_t148);
						E00CC061A(2, "RegistrySearchValue failed: ID \'%ls\', HRESULT 0x%x", _v12);
					}
				}
				E00C82793(_v12);
				E00C82793(_v20);
				if(_v16 != 0) {
					RegCloseKey(_v16);
					_v16 = _v16 & 0x00000000;
				}
				if(_t131 != 0) {
					E00C83999(_t131);
				}
				E00CA0499( &_v48);
				return _t148;
			}

0x00c8a31c
0x00c8a322
0x00c8a322
0x00c8a324
0x00c8a32b
0x00c8a32f
0x00c8a337
0x00c8a33d
0x00c8a340
0x00c8a343
0x00c8a346
0x00c8a350
0x00c8a35f
0x00c8a36e
0x00c8a391
0x00c8a3a3
0x00c8a3ab
0x00c8a3e7
0x00c8a40b
0x00c8a410
0x00c8a42a
0x00c8a46c
0x00c8a470
0x00c8a4aa
0x00c8a4ae
0x00c8a4e5
0x00c8a4e8
0x00c8a5e2
0x00c8a5e9
0x00000000
0x00c8a4ee
0x00c8a4ee
0x00c8a4f1
0x00c8a54d
0x00000000
0x00c8a553
0x00c8a55f
0x00c8a563
0x00c8a572
0x00c8a57d
0x00c8a583
0x00c8a589
0x00000000
0x00c8a58b
0x00c8a595
0x00c8a599
0x00000000
0x00c8a59b
0x00c8a5ab
0x00000000
0x00c8a5ad
0x00c8a5ad
0x00c8a5be
0x00c8a5c8
0x00c8a5d6
0x00c8a5db
0x00000000
0x00c8a5db
0x00c8a5ab
0x00c8a599
0x00c8a565
0x00c8a565
0x00c8a565
0x00000000
0x00c8a565
0x00c8a563
0x00c8a4f3
0x00c8a4f4
0x00c8a4f7
0x00c8a540
0x00000000
0x00c8a542
0x00c8a544
0x00c8a545
0x00c8a546
0x00000000
0x00c8a546
0x00c8a4f9
0x00c8a4fc
0x00c8a51d
0x00c8a529
0x00c8a52c
0x00c8a52e
0x00c8a531
0x00c8a532
0x00c8a5ee
0x00c8a5ee
0x00c8a5f0
0x00c8a5f2
0x00c8a607
0x00c8a60b
0x00c8a623
0x00c8a627
0x00c8a629
0x00000000
0x00c8a629
0x00c8a60d
0x00c8a60d
0x00000000
0x00c8a60d
0x00c8a5f4
0x00c8a5f4
0x00000000
0x00c8a5f4
0x00c8a51f
0x00c8a51f
0x00c8a51f
0x00000000
0x00c8a51f
0x00c8a4fe
0x00c8a501
0x00c8a50c
0x00c8a511
0x00000000
0x00c8a511
0x00c8a4fc
0x00c8a4f7
0x00c8a4f1
0x00c8a4b0
0x00c8a4bb
0x00c8a4c5
0x00c8a4d3
0x00c8a4d8
0x00000000
0x00c8a4d8
0x00c8a472
0x00c8a472
0x00c8a482
0x00c8a487
0x00c8a48c
0x00c8a48d
0x00000000
0x00c8a493
0x00c8a42c
0x00c8a437
0x00c8a441
0x00c8a44f
0x00c8a454
0x00000000
0x00c8a454
0x00c8a412
0x00c8a412
0x00c8a41e
0x00c8a423
0x00000000
0x00c8a423
0x00c8a3e9
0x00c8a3e9
0x00000000
0x00c8a3e9
0x00c8a3ad
0x00c8a3b7
0x00c8a3bc
0x00c8a3bf
0x00c8a3ce
0x00c8a3d2
0x00c8a3de
0x00c8a3d4
0x00c8a3d4
0x00000000
0x00c8a3d4
0x00c8a3d2
0x00c8a370
0x00c8a381
0x00c8a385
0x00000000
0x00c8a387
0x00c8a387
0x00000000
0x00c8a387
0x00c8a385
0x00c8a361
0x00c8a361
0x00c8a62e
0x00c8a62e
0x00c8a62f
0x00c8a638
0x00c8a63a
0x00c8a63a
0x00c8a645
0x00c8a64a
0x00c8a638
0x00c8a650
0x00c8a658
0x00c8a661
0x00c8a666
0x00c8a66c
0x00c8a66c
0x00c8a672
0x00c8a675
0x00c8a675
0x00c8a67e
0x00c8a68b

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 00C8A356
_MREFOpen@16.MSPDB140-MSVCRT ref: 00C8A37C
RegCloseKey.ADVAPI32(00000000,?,00000000,?,?,?,?,?), ref: 00C8A666

Strings

Failed to format key string., xrefs: 00C8A361
Failed to allocate memory registry value., xrefs: 00C8A487
Failed to format value string., xrefs: 00C8A387
Unsupported registry key value type. Type = '%u', xrefs: 00C8A506
Failed to allocate string buffer., xrefs: 00C8A565
Failed to change value type., xrefs: 00C8A60D
Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00C8A418
Failed to read registry value., xrefs: 00C8A5F4
Failed to open registry key., xrefs: 00C8A3E9
Failed to get expand environment string., xrefs: 00C8A5DB
Failed to clear variable., xrefs: 00C8A3D4
Registry key not found. Key = '%ls', xrefs: 00C8A3B0
RegistrySearchValue failed: ID '%ls', HRESULT 0x%x, xrefs: 00C8A63E
Failed to query registry key value., xrefs: 00C8A4D8
Failed to query registry key value size., xrefs: 00C8A454
Failed to set variable., xrefs: 00C8A629
search.cpp, xrefs: 00C8A44A, 00C8A47D, 00C8A4CE, 00C8A5D1

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Open@16$Close
String ID: Failed to allocate memory registry value.$Failed to allocate string buffer.$Failed to change value type.$Failed to clear variable.$Failed to format key string.$Failed to format value string.$Failed to get expand environment string.$Failed to open registry key.$Failed to query registry key value size.$Failed to query registry key value.$Failed to read registry value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchValue failed: ID '%ls', HRESULT 0x%x$Unsupported registry key value type. Type = '%u'$search.cpp
API String ID: 2348241696-3124384294
Opcode ID: 2dcfaf62dbf8e877d4cc9123ac5fe12a7e4674e562c60756e61215924a9be7ca
Instruction ID: b5fea406562e56a42059a2489b31181be217d17ff24f405aa928e1e0fa07841f
Opcode Fuzzy Hash: 2dcfaf62dbf8e877d4cc9123ac5fe12a7e4674e562c60756e61215924a9be7ca
Instruction Fuzzy Hash: 13A10872D40629FBEF12BAA5CC05FEE7AA9AF04314F14413AF904B6150E771CE50E79A

Uniqueness

Uniqueness Score: -1.00%

Function 00CC15CB, Relevance: 40.6, APIs: 21, Strings: 2, Instructions: 320
COMMON

Download Yara Rule

C-Code - Quality: 26%

			E00CC15CB(void* __edx) {
				signed int _v8;
				char* _v12;
				int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				char* _v108;
				int _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				void* _v140;
				int _v160;
				intOrPtr _v164;
				char _v168;
				void _v240;
				char _v312;
				char _v384;
				char _v456;
				char _v528;
				char _v532;
				int _v536;
				struct _SECURITY_DESCRIPTOR _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t65;
				signed short _t103;
				struct _SECURITY_DESCRIPTOR* _t112;
				signed short _t116;
				void* _t117;
				signed short _t119;
				signed short _t120;
				signed short _t121;
				signed short _t122;
				signed short _t123;
				signed short _t124;
				signed short _t125;
				signed short _t126;
				intOrPtr _t128;
				void* _t131;
				char _t133;
				intOrPtr* _t134;
				intOrPtr _t135;
				signed int _t167;

				_t131 = __edx;
				_t65 =  *0xcea008; // 0x4c290ae8
				_v8 = _t65 ^ _t167;
				_v556.Revision = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				asm("stosb");
				E00CAF670( &(_v556.Sbz1),  &_v168, 0, 0xa0);
				_t133 = 0x48;
				_v536 = 0;
				E00CAF670(_t133,  &_v240, 0, _t133);
				E00CAF670(_t133,  &_v312, 0, _t133);
				E00CAF670(_t133,  &_v384, 0, _t133);
				E00CAF670(_t133,  &_v456, 0, _t133);
				E00CAF670(_t133,  &_v528, 0, _t133);
				_v532 = 0;
				if(InitializeSecurityDescriptor( &_v556, 1) != 0) {
					_t134 = __imp__CreateWellKnownSid;
					_push( &_v532);
					_v532 = _t133;
					_push( &_v240);
					_push(0);
					_push(0x1a);
					if( *_t134() != 0) {
						_v532 = _t133;
						_push( &_v532);
						_push( &_v312);
						_push(0);
						_push(0x17);
						if( *_t134() != 0) {
							_v532 = _t133;
							_push( &_v532);
							_push( &_v384);
							_push(0);
							_push(0x18);
							if( *_t134() != 0) {
								_v532 = _t133;
								_push( &_v532);
								_push( &_v456);
								_push(0);
								_push(0x10);
								if( *_t134() != 0) {
									_v532 = _t133;
									_push( &_v532);
									_push( &_v528);
									_push(0);
									_push(0x16);
									if( *_t134() != 0) {
										asm("movaps xmm0, [0xce6480]");
										_v140 =  &_v240;
										_v108 =  &_v312;
										_t128 = 3;
										_v76 =  &_v384;
										_t135 = 2;
										asm("movups [ebp-0x98], xmm0");
										_v44 =  &_v456;
										asm("movaps xmm0, [0xce6480]");
										asm("movups [ebp-0x78], xmm0");
										_v12 =  &_v528;
										asm("movaps xmm0, [0xce6480]");
										asm("movups [ebp-0x58], xmm0");
										_t103 =  &_v168;
										_v168 = _t128;
										asm("movaps xmm0, [0xce6480]");
										asm("movups [ebp-0x38], xmm0");
										asm("movaps xmm0, [0xce6480]");
										_v164 = _t135;
										_v160 = 0;
										_v136 = _t128;
										_v132 = _t135;
										_v128 = 0;
										_v104 = _t128;
										_v100 = _t135;
										_v96 = 0;
										_v72 = _t128;
										_v68 = _t135;
										_v64 = 0;
										_v40 = _t128;
										_v36 = _t135;
										_v32 = 0;
										asm("movups [ebp-0x18], xmm0");
										__imp__SetEntriesInAclA(5, _t103, 0,  &_v536);
										if(_t103 == 0) {
											if(SetSecurityDescriptorOwner( &_v556,  &_v240, 0) != 0) {
												if(SetSecurityDescriptorGroup( &_v556,  &_v240, 0) != 0) {
													if(SetSecurityDescriptorDacl( &_v556, 1, _v536, 0) != 0) {
														_t112 =  &_v556;
														__imp__CoInitializeSecurity(_t112, 0xffffffff, 0, 0, 6, _t135, 0, 0x3000, 0);
														_t136 = _t112;
													} else {
														_t116 = GetLastError();
														_t139 =  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
														_t117 = 0x80004005;
														_t136 =  >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000;
														_push( >=  ? 0x80004005 :  <=  ? _t116 : _t116 & 0x0000ffff | 0x80070000);
														_push(0xdf);
														goto L2;
													}
												} else {
													_t119 = GetLastError();
													_t142 =  <=  ? _t119 : _t119 & 0x0000ffff | 0x80070000;
													_t117 = 0x80004005;
													_t136 =  >=  ? 0x80004005 :  <=  ? _t119 : _t119 & 0x0000ffff | 0x80070000;
													_push( >=  ? 0x80004005 :  <=  ? _t119 : _t119 & 0x0000ffff | 0x80070000);
													_push(0xd9);
													goto L2;
												}
											} else {
												_t120 = GetLastError();
												_t145 =  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000;
												_t117 = 0x80004005;
												_t136 =  >=  ? 0x80004005 :  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000;
												_push( >=  ? 0x80004005 :  <=  ? _t120 : _t120 & 0x0000ffff | 0x80070000);
												_push(0xd3);
												goto L2;
											}
										} else {
											_t148 =  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000;
											_t117 = 0x80004005;
											_t136 =  >=  ? 0x80004005 :  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000;
											_push( >=  ? 0x80004005 :  <=  ? _t103 : _t103 & 0x0000ffff | 0x80070000);
											_push(0xce);
											goto L2;
										}
									} else {
										_t121 = GetLastError();
										_t151 =  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
										_t117 = 0x80004005;
										_t136 =  >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000;
										_push( >=  ? 0x80004005 :  <=  ? _t121 : _t121 & 0x0000ffff | 0x80070000);
										_push(0x9a);
										goto L2;
									}
								} else {
									_t122 = GetLastError();
									_t154 =  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000;
									_t117 = 0x80004005;
									_t136 =  >=  ? 0x80004005 :  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000;
									_push( >=  ? 0x80004005 :  <=  ? _t122 : _t122 & 0x0000ffff | 0x80070000);
									_push(0x93);
									goto L2;
								}
							} else {
								_t123 = GetLastError();
								_t157 =  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
								_t117 = 0x80004005;
								_t136 =  >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000;
								_push( >=  ? 0x80004005 :  <=  ? _t123 : _t123 & 0x0000ffff | 0x80070000);
								_push(0x8c);
								goto L2;
							}
						} else {
							_t124 = GetLastError();
							_t160 =  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
							_t117 = 0x80004005;
							_t136 =  >=  ? 0x80004005 :  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000;
							_push( >=  ? 0x80004005 :  <=  ? _t124 : _t124 & 0x0000ffff | 0x80070000);
							_push(0x85);
							goto L2;
						}
					} else {
						_t125 = GetLastError();
						_t163 =  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000;
						_t117 = 0x80004005;
						_t136 =  >=  ? 0x80004005 :  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000;
						_push( >=  ? 0x80004005 :  <=  ? _t125 : _t125 & 0x0000ffff | 0x80070000);
						_push(0x7e);
						goto L2;
					}
				} else {
					_t126 = GetLastError();
					_t166 =  <=  ? _t126 : _t126 & 0x0000ffff | 0x80070000;
					_t117 = 0x80004005;
					_t136 =  >=  ? 0x80004005 :  <=  ? _t126 : _t126 & 0x0000ffff | 0x80070000;
					_push( >=  ? 0x80004005 :  <=  ? _t126 : _t126 & 0x0000ffff | 0x80070000);
					_push(0x77);
					L2:
					_push("srputil.cpp");
					E00C837D3(_t117);
				}
				if(_v536 != 0) {
					LocalFree(_v536);
				}
				return E00CADE36(0, _v8 ^ _t167, _t131, _t133, _t136);
			}

0x00cc15cb
0x00cc15d4
0x00cc15db
0x00cc15eb
0x00cc15f1
0x00cc15f8
0x00cc15f9
0x00cc15fa
0x00cc15fb
0x00cc15fd
0x00cc1605
0x00cc160c
0x00cc1614
0x00cc161c
0x00cc162a
0x00cc1638
0x00cc1646
0x00cc1654
0x00cc165c
0x00cc1673
0x00cc16a5
0x00cc16b1
0x00cc16b8
0x00cc16be
0x00cc16bf
0x00cc16c0
0x00cc16c6
0x00cc16f1
0x00cc16f7
0x00cc16fe
0x00cc16ff
0x00cc1700
0x00cc1706
0x00cc1737
0x00cc173d
0x00cc1744
0x00cc1745
0x00cc1746
0x00cc174c
0x00cc177d
0x00cc1783
0x00cc178a
0x00cc178b
0x00cc178c
0x00cc1792
0x00cc17c3
0x00cc17c9
0x00cc17d0
0x00cc17d1
0x00cc17d2
0x00cc17d8
0x00cc1803
0x00cc1810
0x00cc181c
0x00cc1827
0x00cc1828
0x00cc1833
0x00cc1834
0x00cc183b
0x00cc1844
0x00cc184b
0x00cc184f
0x00cc1858
0x00cc1860
0x00cc1864
0x00cc186a
0x00cc1870
0x00cc1878
0x00cc187d
0x00cc1886
0x00cc188c
0x00cc1892
0x00cc1898
0x00cc189b
0x00cc189e
0x00cc18a1
0x00cc18a4
0x00cc18a7
0x00cc18aa
0x00cc18ad
0x00cc18b0
0x00cc18b3
0x00cc18b6
0x00cc18b9
0x00cc18bd
0x00cc18c5
0x00cc1901
0x00cc1943
0x00cc1986
0x00cc19bf
0x00cc19c6
0x00cc19cc
0x00cc1988
0x00cc1988
0x00cc1999
0x00cc199c
0x00cc19a3
0x00cc19a6
0x00cc19a7
0x00000000
0x00cc19a7
0x00cc1945
0x00cc1945
0x00cc1956
0x00cc1959
0x00cc1960
0x00cc1963
0x00cc1964
0x00000000
0x00cc1964
0x00cc1903
0x00cc1903
0x00cc1914
0x00cc1917
0x00cc191e
0x00cc1921
0x00cc1922
0x00000000
0x00cc1922
0x00cc18c7
0x00cc18d2
0x00cc18d5
0x00cc18dc
0x00cc18df
0x00cc18e0
0x00000000
0x00cc18e0
0x00cc17da
0x00cc17da
0x00cc17eb
0x00cc17ee
0x00cc17f5
0x00cc17f8
0x00cc17f9
0x00000000
0x00cc17f9
0x00cc1794
0x00cc1794
0x00cc17a5
0x00cc17a8
0x00cc17af
0x00cc17b2
0x00cc17b3
0x00000000
0x00cc17b3
0x00cc174e
0x00cc174e
0x00cc175f
0x00cc1762
0x00cc1769
0x00cc176c
0x00cc176d
0x00000000
0x00cc176d
0x00cc1708
0x00cc1708
0x00cc1719
0x00cc171c
0x00cc1723
0x00cc1726
0x00cc1727
0x00000000
0x00cc1727
0x00cc16c8
0x00cc16c8
0x00cc16d9
0x00cc16dc
0x00cc16e3
0x00cc16e6
0x00cc16e7
0x00000000
0x00cc16e7
0x00cc1675
0x00cc1675
0x00cc1686
0x00cc1689
0x00cc1690
0x00cc1693
0x00cc1694
0x00cc1696
0x00cc1696
0x00cc169b
0x00cc169b
0x00cc19d4
0x00cc19dc
0x00cc19dc
0x00cc19f4

APIs

InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 00CC166B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC1675
CreateWellKnownSid.ADVAPI32(0000001A,00000000,?,?), ref: 00CC16C2
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC16C8
CreateWellKnownSid.ADVAPI32(00000017,00000000,?,?), ref: 00CC1702
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC1708
CreateWellKnownSid.ADVAPI32(00000018,00000000,?,?), ref: 00CC1748
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC174E
CreateWellKnownSid.ADVAPI32(00000010,00000000,?,?), ref: 00CC178E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC1794
CreateWellKnownSid.ADVAPI32(00000016,00000000,?,?), ref: 00CC17D4
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CC17DA
SetEntriesInAclA.ADVAPI32(00000005,?,00000000,?), ref: 00CC18BD
LocalFree.KERNEL32(?), ref: 00CC19DC

Strings

srputil.cpp, xrefs: 00CC1696
)L, xrefs: 00CC15D4

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$CreateKnownWell$DescriptorEntriesFreeInitializeLocalSecurity
String ID: srputil.cpp$)L
API String ID: 3627156773-1814045111
Opcode ID: 7ca2a63a94ae2fae63b3a342647299511fae7cd062982b037b52a95d23e9095a
Instruction ID: 927ba5ab927f6b3f1c8680d03d0293dbb9c83bc9701732e056bd1810d485b33c
Opcode Fuzzy Hash: 7ca2a63a94ae2fae63b3a342647299511fae7cd062982b037b52a95d23e9095a
Instruction Fuzzy Hash: 49B168B2D40329AAEB209BA5CD45FDB76FCEF09740F01416AFD09F7150E7709E858AA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C944E7, Relevance: 36.9, APIs: 10, Strings: 11, Instructions: 181
fileCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00C944E7(void* _a4, short* _a8, intOrPtr* _a12) {
				struct _OVERLAPPED* _v8;
				void _v12;
				long _v16;
				void _v20;
				long _v24;
				void _v28;
				long _t26;
				intOrPtr _t41;
				intOrPtr* _t66;
				void* _t69;
				void* _t70;
				void* _t71;

				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v16 = 0;
				_t26 = GetCurrentProcessId();
				_t69 = _a4;
				_v28 = _t26;
				_v24 = 0;
				if(ReadFile(_t69,  &_v12, 4,  &_v16, 0) != 0) {
					_t31 = _v12 >> 1;
					if(_v12 >> 1 <= 0xff) {
						_t71 = E00C81EDE( &_v8, _t31 + 1);
						if(_t71 >= 0) {
							if(ReadFile(_t69, _v8, _v12,  &_v16, 0) != 0) {
								if(CompareStringW(0, 0, _v8, 0xffffffff, _a8, 0xffffffff) == 2) {
									if(ReadFile(_t69,  &_v20, 4,  &_v16, 0) != 0) {
										_t66 = _a12;
										_t41 =  *_t66;
										if(_t41 != 0) {
											if(_t41 == _v20) {
												goto L15;
											} else {
												_t70 = 0x8007000d;
												_t71 = 0x8007000d;
												E00C837D3(_t41, "pipe.cpp", 0x36d, 0x8007000d);
												_push("Verification process id from parent does not match.");
												goto L4;
											}
										} else {
											 *_t66 = _v20;
											L15:
											if(WriteFile(_t69,  &_v28, 4,  &_v24, 0) == 0) {
												_t74 =  <=  ? GetLastError() : _t47 & 0x0000ffff | 0x80070000;
												_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t47 & 0x0000ffff | 0x80070000;
												E00C837D3(0x80004005, "pipe.cpp", 0x373, _t71);
												_push("Failed to inform parent process that child is running.");
												goto L17;
											}
										}
									} else {
										_t77 =  <=  ? GetLastError() : _t53 & 0x0000ffff | 0x80070000;
										_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t53 & 0x0000ffff | 0x80070000;
										E00C837D3(0x80004005, "pipe.cpp", 0x362, _t71);
										_push("Failed to read verification process id from parent pipe.");
										goto L17;
									}
								} else {
									_t70 = 0x8007000d;
									_t71 = 0x8007000d;
									E00C837D3(_t37, "pipe.cpp", 0x35c, 0x8007000d);
									_push("Verification secret from parent does not match.");
									goto L4;
								}
							} else {
								_t80 =  <=  ? GetLastError() : _t57 & 0x0000ffff | 0x80070000;
								_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t57 & 0x0000ffff | 0x80070000;
								E00C837D3(0x80004005, "pipe.cpp", 0x355, _t71);
								_push("Failed to read verification secret from parent pipe.");
								goto L17;
							}
						} else {
							_push("Failed to allocate buffer for verification secret.");
							goto L17;
						}
					} else {
						_t70 = 0x8007000d;
						_t71 = 0x8007000d;
						E00C837D3(_t31, "pipe.cpp", 0x34d, 0x8007000d);
						_push("Verification secret from parent is too big.");
						L4:
						_push(_t70);
						goto L18;
					}
				} else {
					_t83 =  <=  ? GetLastError() : _t61 & 0x0000ffff | 0x80070000;
					_t71 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t61 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "pipe.cpp", 0x347, _t71);
					_push("Failed to read size of verification secret from parent pipe.");
					L17:
					_push(_t71);
					L18:
					E00CC012F();
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t71;
			}

0x00c944f2
0x00c944f5
0x00c944f8
0x00c944fb
0x00c944fe
0x00c94504
0x00c94508
0x00c94514
0x00c94523
0x00c94560
0x00c94567
0x00c94596
0x00c9459a
0x00c945b7
0x00c94608
0x00c9463c
0x00c94673
0x00c94676
0x00c9467a
0x00c946ef
0x00000000
0x00c946f1
0x00c946f1
0x00c94701
0x00c94703
0x00c94708
0x00000000
0x00c94708
0x00c9467c
0x00c9467f
0x00c94681
0x00c94696
0x00c946a9
0x00c946b3
0x00c946c1
0x00c946c6
0x00000000
0x00c946c6
0x00c94696
0x00c9463e
0x00c9464f
0x00c94659
0x00c94667
0x00c9466c
0x00000000
0x00c9466c
0x00c9460a
0x00c9460a
0x00c9461a
0x00c9461c
0x00c94621
0x00000000
0x00c94621
0x00c945b9
0x00c945ca
0x00c945d4
0x00c945e2
0x00c945e7
0x00000000
0x00c945e7
0x00c9459c
0x00c9459c
0x00000000
0x00c9459c
0x00c94569
0x00c94569
0x00c94579
0x00c9457b
0x00c94580
0x00c94585
0x00c94585
0x00000000
0x00c94585
0x00c94525
0x00c94536
0x00c94540
0x00c9454e
0x00c94553
0x00c946cb
0x00c946cb
0x00c946cc
0x00c946cc
0x00c946d2
0x00c946d7
0x00c946dc
0x00c946dc
0x00c946e9

APIs

GetCurrentProcessId.KERNEL32(?,8000FFFF,feclient.dll,?,00C949FE,00CCB4D8,?,feclient.dll,00000000,?,?), ref: 00C944FE
ReadFile.KERNEL32(feclient.dll,feclient.dll,00000004,?,00000000,?,00C949FE,00CCB4D8,?,feclient.dll,00000000,?,?), ref: 00C9451F
GetLastError.KERNEL32(?,00C949FE,00CCB4D8,?,feclient.dll,00000000,?,?), ref: 00C94525
WriteFile.KERNEL32(feclient.dll,?,00000004,00C949FE,00000000,?,00C949FE,00CCB4D8,?,feclient.dll,00000000,?,?), ref: 00C9468E
GetLastError.KERNEL32(?,00C949FE,00CCB4D8,?,feclient.dll,00000000,?,?), ref: 00C94698

Strings

Verification process id from parent does not match., xrefs: 00C94708
Failed to read verification secret from parent pipe., xrefs: 00C945E7
Failed to read size of verification secret from parent pipe., xrefs: 00C94553
Failed to allocate buffer for verification secret., xrefs: 00C9459C
feclient.dll, xrefs: 00C944ED, 00C9451D, 00C9451E, 00C945B2, 00C94637, 00C9468D
Failed to inform parent process that child is running., xrefs: 00C946C6
pipe.cpp, xrefs: 00C94549, 00C94574, 00C945DD, 00C94615, 00C94662, 00C946BC, 00C946FC
msasn1.dll, xrefs: 00C94636
Failed to read verification process id from parent pipe., xrefs: 00C9466C
Verification secret from parent does not match., xrefs: 00C94621
Verification secret from parent is too big., xrefs: 00C94580

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLast$CurrentProcessReadWrite
String ID: Failed to allocate buffer for verification secret.$Failed to inform parent process that child is running.$Failed to read size of verification secret from parent pipe.$Failed to read verification process id from parent pipe.$Failed to read verification secret from parent pipe.$Verification process id from parent does not match.$Verification secret from parent does not match.$Verification secret from parent is too big.$feclient.dll$msasn1.dll$pipe.cpp
API String ID: 3008747291-452622383
Opcode ID: 1443c6e24d9a6073a2cbf8a0995142c5277a1d51ca929b6cef926e5090ab9899
Instruction ID: 5ddd1af1d3ba15896d163a44233a36bb6335092d581951d39eb26798653ec822
Opcode Fuzzy Hash: 1443c6e24d9a6073a2cbf8a0995142c5277a1d51ca929b6cef926e5090ab9899
Instruction Fuzzy Hash: EC51C3B2A40315BBEB119BE58C86FBFB6E8EB05B11F114126FF11E7290D7708E0196E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CA25AF, Relevance: 36.9, APIs: 3, Strings: 18, Instructions: 145
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E00CA25AF(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ebx;
				int _t39;
				signed int _t48;
				intOrPtr _t50;
				void* _t57;
				void* _t58;
				void* _t59;

				_t45 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t43 = _a4;
				_t50 = _a8;
				if(E00CC31C7(_a4, L"DetectCondition", _t50 + 0x90) >= 0) {
					if(E00CC31C7(_t43, L"InstallArguments", _t50 + 0x94) >= 0) {
						if(E00CC31C7(_t43, L"UninstallArguments", _t50 + 0x9c) >= 0) {
							if(E00CC31C7(_t43, L"RepairArguments", _t50 + 0x98) >= 0) {
								_t57 = E00CC33DB(_t45, _t43, L"Repairable", _t50 + 0xac);
								if(_t57 == 0x80070490 || _t57 >= 0) {
									_t58 = E00CC31C7(_t43, L"Protocol",  &_v8);
									if(_t58 < 0) {
										if(_t58 == 0x80070490) {
											goto L14;
										} else {
											_push("Failed to get @Protocol.");
											goto L25;
										}
									} else {
										if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"burn", 0xffffffff) != 2) {
											_t39 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"netfx4", 0xffffffff);
											_t48 = 2;
											if(_t39 != _t48) {
												if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"none", 0xffffffff) != 2) {
													_t59 = 0x8000ffff;
													E00CC012F(0x8000ffff, "Invalid protocol type: %ls", _v8);
												} else {
													 *(_t50 + 0xb0) =  *(_t50 + 0xb0) & 0x00000000;
													goto L14;
												}
											} else {
												 *(_t50 + 0xb0) = _t48;
												goto L14;
											}
										} else {
											 *(_t50 + 0xb0) = 1;
											L14:
											_t59 = E00CA1970(_t43, _t43, _t50);
											if(_t59 >= 0) {
												_t59 = E00CA17C4(_t43, _t50);
												if(_t59 < 0) {
													_push("Failed to parse command lines.");
													goto L25;
												}
											} else {
												_push("Failed to parse exit codes.");
												goto L25;
											}
										}
									}
								} else {
									_push("Failed to get @Repairable.");
									goto L25;
								}
							} else {
								_push("Failed to get @RepairArguments.");
								goto L25;
							}
						} else {
							_push("Failed to get @UninstallArguments.");
							goto L25;
						}
					} else {
						_push("Failed to get @InstallArguments.");
						goto L25;
					}
				} else {
					_push("Failed to get @DetectCondition.");
					L25:
					_push(_t59);
					E00CC012F();
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t59;
			}

0x00ca25af
0x00ca25b2
0x00ca25b3
0x00ca25b8
0x00ca25bd
0x00ca25d6
0x00ca25f8
0x00ca261a
0x00ca263c
0x00ca265a
0x00ca2662
0x00ca2681
0x00ca2685
0x00ca2725
0x00000000
0x00ca2727
0x00ca2727
0x00000000
0x00ca2727
0x00ca268b
0x00ca26a6
0x00ca26d6
0x00ca26da
0x00ca26dd
0x00ca26fc
0x00ca270a
0x00ca2715
0x00ca26fe
0x00ca26fe
0x00000000
0x00ca26fe
0x00ca26df
0x00ca26df
0x00000000
0x00ca26df
0x00ca26a8
0x00ca26a8
0x00ca26b2
0x00ca26b9
0x00ca26bd
0x00ca2735
0x00ca2739
0x00ca273b
0x00000000
0x00ca273b
0x00ca26bf
0x00ca26bf
0x00000000
0x00ca26bf
0x00ca26bd
0x00ca26a6
0x00ca2668
0x00ca2668
0x00000000
0x00ca2668
0x00ca263e
0x00ca263e
0x00000000
0x00ca263e
0x00ca261c
0x00ca261c
0x00000000
0x00ca261c
0x00ca25fa
0x00ca25fa
0x00000000
0x00ca25fa
0x00ca25d8
0x00ca25d8
0x00ca2740
0x00ca2740
0x00ca2741
0x00ca2747
0x00ca274c
0x00ca2751
0x00ca2751
0x00ca275e

Strings

DetectCondition, xrefs: 00CA25C7
Repairable, xrefs: 00CA264F
InstallArguments, xrefs: 00CA25E9
UninstallArguments, xrefs: 00CA260B
Failed to get @RepairArguments., xrefs: 00CA263E
burn, xrefs: 00CA2693
Failed to get @InstallArguments., xrefs: 00CA25FA
Protocol, xrefs: 00CA2676
Invalid protocol type: %ls, xrefs: 00CA270F
Failed to parse exit codes., xrefs: 00CA26BF
Failed to get @Repairable., xrefs: 00CA2668
Failed to get @UninstallArguments., xrefs: 00CA261C
RepairArguments, xrefs: 00CA262D
Failed to parse command lines., xrefs: 00CA273B
Failed to get @Protocol., xrefs: 00CA2727
Failed to get @DetectCondition., xrefs: 00CA25D8
none, xrefs: 00CA26E9
netfx4, xrefs: 00CA26C8

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: StringVariant$AllocClearFreeInit
String ID: DetectCondition$Failed to get @DetectCondition.$Failed to get @InstallArguments.$Failed to get @Protocol.$Failed to get @RepairArguments.$Failed to get @Repairable.$Failed to get @UninstallArguments.$Failed to parse command lines.$Failed to parse exit codes.$InstallArguments$Invalid protocol type: %ls$Protocol$RepairArguments$Repairable$UninstallArguments$burn$netfx4$none
API String ID: 760788290-1911311241
Opcode ID: 130d9c3b8216a865822e79a6223ce7c62baa6a6763ef2da395eba16d7ea9a738
Instruction ID: 3654be8c934309579d789d3ad69c41ccf2a99fcc948bc10d81eb3ff84487bb9c
Opcode Fuzzy Hash: 130d9c3b8216a865822e79a6223ce7c62baa6a6763ef2da395eba16d7ea9a738
Instruction Fuzzy Hash: 47414B32E84773BAC7255168CC42FAEB65C5B12B38F200326FE20F67D0C760AE009292

Uniqueness

Uniqueness Score: -1.00%

Function 00C8F09D, Relevance: 33.4, APIs: 3, Strings: 16, Instructions: 180
registryCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E00C8F09D(void* __edx, void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				char _v12;
				char _v16;
				char _v20;
				signed short _t54;
				signed short _t59;
				void* _t70;
				void* _t71;
				void* _t76;
				intOrPtr _t77;
				void* _t79;

				_t76 = __edx;
				_t77 = _a4;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				_push(E00C93C30( *((intOrPtr*)(_t77 + 8))));
				_push(E00C93C30(_a16));
				_push(E00C94257(_a12));
				E00C8550F(2, 0x20000173,  *((intOrPtr*)(_t77 + 0x50)));
				E00CC39CD( &_v16,  &_v20);
				_t70 = _a8;
				_t47 =  >=  ? L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" : L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				_a4 =  >=  ? L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce" : L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run";
				if(_t70 == 0) {
					L6:
					if(_a12 == 1) {
						goto L8;
					} else {
						goto L7;
					}
				} else {
					_t79 = E00CC1344(_t70, L"Resume", _a12);
					if(_t79 >= 0) {
						if(_a12 != 3) {
							goto L6;
						} else {
							_t79 = E00CC1344(_t70, L"Installed", 1);
							if(_t79 >= 0) {
								L7:
								if(_a16 == 0) {
									L17:
									_t79 = E00CC0E3F( *((intOrPtr*)(_t77 + 0x4c)), _a4, 0x20006,  &_v8);
									if(_t79 == 0x80070002 || _t79 == 0x80070003) {
										_t79 = 0;
										goto L22;
									} else {
										_t59 =  ==  ? 0 : RegDeleteValueW(_v8,  *(_t77 + 0x10));
										if(_t59 == 0) {
											L22:
											if(_t70 != 0) {
												_t54 =  ==  ? 0 : RegDeleteValueW(_t70, L"BundleResumeCommandLine");
												if(_t54 != 0) {
													_t82 =  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
													_t79 =  >=  ? 0x80004005 :  <=  ? _t54 : _t54 & 0x0000ffff | 0x80070000;
													E00C837D3(0x80004005, "registration.cpp", 0x4e1, _t79);
													_push("Failed to delete resume command line value.");
													goto L25;
												}
											}
										} else {
											_t85 =  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
											_t79 =  >=  ? 0x80004005 :  <=  ? _t59 : _t59 & 0x0000ffff | 0x80070000;
											E00C837D3(0x80004005, "registration.cpp", 0x4d7, _t79);
											_push("Failed to delete run key value.");
											goto L25;
										}
									}
								} else {
									L8:
									if( *((intOrPtr*)(_t77 + 8)) != 0) {
										goto L17;
									} else {
										_push(L"burn.runonce");
										_t79 = E00C81F20( &_v12, L"\"%ls\" /%ls",  *((intOrPtr*)(_t77 + 0x54)));
										if(_t79 >= 0) {
											_t79 = E00CC0A88( *((intOrPtr*)(_t77 + 0x4c)), _a4, 0x20006,  &_v8);
											if(_t79 >= 0) {
												_t79 = E00CC1392(_t71, _t76, _v8,  *(_t77 + 0x10), _v12);
												if(_t79 >= 0) {
													_t79 = E00CC1392(_t71, _t76, _t70, L"BundleResumeCommandLine",  *((intOrPtr*)(_t77 + 0x58)));
													if(_t79 < 0) {
														_push("Failed to write resume command line value.");
														goto L25;
													}
												} else {
													_push("Failed to write run key value.");
													goto L25;
												}
											} else {
												_push("Failed to create run key.");
												goto L25;
											}
										} else {
											_push("Failed to format resume command line for RunOnce.");
											goto L25;
										}
									}
								}
							} else {
								_push("Failed to write Installed value.");
								goto L25;
							}
						}
					} else {
						_push("Failed to write Resume value.");
						L25:
						_push(_t79);
						E00CC012F();
					}
				}
				if(_v12 != 0) {
					E00CC54EF(_v12);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t79;
			}

0x00c8f09d
0x00c8f0a6
0x00c8f0ab
0x00c8f0b3
0x00c8f0b6
0x00c8f0bc
0x00c8f0c4
0x00c8f0cd
0x00c8f0d6
0x00c8f0e1
0x00c8f0f1
0x00c8f0ff
0x00c8f102
0x00c8f105
0x00c8f10a
0x00c8f14d
0x00c8f151
0x00000000
0x00000000
0x00000000
0x00000000
0x00c8f10c
0x00c8f11a
0x00c8f11e
0x00c8f12e
0x00000000
0x00c8f130
0x00c8f13d
0x00c8f141
0x00c8f153
0x00c8f157
0x00c8f1f4
0x00c8f208
0x00c8f210
0x00c8f261
0x00000000
0x00c8f21a
0x00c8f22b
0x00c8f230
0x00c8f263
0x00c8f265
0x00c8f278
0x00c8f27d
0x00c8f28a
0x00c8f294
0x00c8f2a2
0x00c8f2a7
0x00000000
0x00c8f2a7
0x00c8f27d
0x00c8f232
0x00c8f23d
0x00c8f247
0x00c8f255
0x00c8f25a
0x00000000
0x00c8f25a
0x00c8f230
0x00c8f15d
0x00c8f15d
0x00c8f161
0x00000000
0x00c8f167
0x00c8f167
0x00c8f17d
0x00c8f184
0x00c8f1a4
0x00c8f1a8
0x00c8f1c2
0x00c8f1c6
0x00c8f1e0
0x00c8f1e4
0x00c8f1ea
0x00000000
0x00c8f1ea
0x00c8f1c8
0x00c8f1c8
0x00000000
0x00c8f1c8
0x00c8f1aa
0x00c8f1aa
0x00000000
0x00c8f1aa
0x00c8f186
0x00c8f186
0x00000000
0x00c8f186
0x00c8f184
0x00c8f161
0x00c8f143
0x00c8f143
0x00000000
0x00c8f143
0x00c8f141
0x00c8f120
0x00c8f120
0x00c8f2ac
0x00c8f2ac
0x00c8f2ad
0x00c8f2b3
0x00c8f11e
0x00c8f2b8
0x00c8f2bd
0x00c8f2bd
0x00c8f2c6
0x00c8f2cb
0x00c8f2cb
0x00c8f2d9

APIs

Part of subcall function 00CC39CD: GetVersionExW.KERNEL32(?,?,00000000,?), ref: 00CC3A1A

RegCloseKey.ADVAPI32(00000000,?,00020006,00020006,00000000,?,?,00000002,00000000,?,00000000,00000001,00000002), ref: 00C8F2CB

Part of subcall function 00CC1344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,00C8F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00CC1359

Strings

Failed to create run key., xrefs: 00C8F1AA
Failed to format resume command line for RunOnce., xrefs: 00C8F186
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00C8F0AE
Failed to delete resume command line value., xrefs: 00C8F2A7
burn.runonce, xrefs: 00C8F167
Failed to write Resume value., xrefs: 00C8F120
BundleResumeCommandLine, xrefs: 00C8F1D5, 00C8F267
Failed to delete run key value., xrefs: 00C8F25A
Failed to write run key value., xrefs: 00C8F1C8
Installed, xrefs: 00C8F132
Resume, xrefs: 00C8F10F
registration.cpp, xrefs: 00C8F250, 00C8F29D
Failed to write Installed value., xrefs: 00C8F143
Failed to write resume command line value., xrefs: 00C8F1EA
"%ls" /%ls, xrefs: 00C8F172
SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 00C8F0FA

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseValueVersion
String ID: "%ls" /%ls$BundleResumeCommandLine$Failed to create run key.$Failed to delete resume command line value.$Failed to delete run key value.$Failed to format resume command line for RunOnce.$Failed to write Installed value.$Failed to write Resume value.$Failed to write resume command line value.$Failed to write run key value.$Installed$Resume$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$burn.runonce$registration.cpp
API String ID: 2348918689-3140388177
Opcode ID: 31d52dfc4c50a57ddbe1b5aaf0d4b3d5847dc66dcd5772f98fea6d39efc936dc
Instruction ID: d1c4c6c259a8ee1797268b277d07009f849b17b9fd303d5aa0c67759efbab81b
Opcode Fuzzy Hash: 31d52dfc4c50a57ddbe1b5aaf0d4b3d5847dc66dcd5772f98fea6d39efc936dc
Instruction Fuzzy Hash: D851D172A40625FBDF21BAA4CC46BAE7AA5AF04708F15013AFE00F6251D771DE51A7C8

Uniqueness

Uniqueness Score: -1.00%

Function 00CC76A1, Relevance: 31.7, APIs: 8, Strings: 10, Instructions: 210
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CC76A1(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v20;
				void* __ebx;
				void* _t79;
				void* _t87;
				int _t95;
				int _t96;
				int _t97;
				void* _t100;
				void* _t106;
				intOrPtr* _t110;
				void* _t111;
				intOrPtr* _t113;
				intOrPtr* _t114;
				intOrPtr* _t115;
				intOrPtr _t118;
				void* _t120;
				void* _t122;
				void* _t131;
				void* _t139;

				_t110 = _a4;
				_t112 =  &_v20;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t120 =  *((intOrPtr*)( *_t110 + 0x44))(_t110,  &_v20);
				if(_t120 < 0) {
					L37:
					if(_v8 != 0) {
						__imp__#6(_v8);
					}
					_t113 = _v12;
					if(_t113 != 0) {
						 *((intOrPtr*)( *_t113 + 8))(_t113);
					}
					_t114 = _v16;
					if(_t114 != 0) {
						 *((intOrPtr*)( *_t114 + 8))(_t114);
					}
					_t115 = _v20;
					if(_t115 != 0) {
						 *((intOrPtr*)( *_t115 + 8))(_t115);
					}
					return _t120;
				}
				_t79 = E00CC36D7( &_v20, _v20,  &_v12,  &_v8);
				_t118 = _a8;
				_t120 = _t79;
				if(_t120 != 0) {
					L24:
					if(_t131 < 0) {
						L36:
						goto L37;
					}
					_t116 =  &_v16;
					_t120 =  *((intOrPtr*)( *_t110 + 0x30))(_t110,  &_v16);
					if(_t120 < 0) {
						goto L36;
					}
					_t120 = E00CC3760( &_v16, _v16,  &_v12,  &_v8);
					_t133 = _t120;
					if(_t120 != 0) {
						L34:
						if(_t139 >= 0) {
							_t120 = E00CC67C4(_t116, _t118 + 0x10, _t110);
						}
						goto L36;
					}
					_t87 = _t118 + 0x24;
					while(1) {
						_t120 = E00CC79CC(_t110, _t133, _v12, _t87);
						if(_t120 < 0) {
							goto L36;
						}
						if(_v8 != 0) {
							__imp__#6(_v8);
							_v8 = _v8 & 0x00000000;
						}
						_t116 = _v12;
						if(_t116 != 0) {
							 *((intOrPtr*)( *_t116 + 8))(_t116);
							_v12 = _v12 & 0x00000000;
						}
						_t120 = E00CC3760(_t116, _v16,  &_v12,  &_v8);
						_t87 = _t118 + 0x24;
						_t139 = _t120;
						if(_t139 == 0) {
							continue;
						} else {
							goto L34;
						}
					}
					goto L36;
				}
				_t111 = CompareStringW;
				do {
					if(CompareStringW(0x7f, 0, _v8, 0xffffffff, L"rel", 0xffffffff) != 2) {
						_t95 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"href", 0xffffffff);
						__eflags = _t95 - 2;
						if(_t95 != 2) {
							_t96 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"length", 0xffffffff);
							__eflags = _t96 - 2;
							if(_t96 != 2) {
								_t97 = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"title", 0xffffffff);
								__eflags = _t97 - 2;
								if(_t97 != 2) {
									__eflags = CompareStringW(0x7f, 0, _v8, 0xffffffff, L"type", 0xffffffff) - 2;
									if(__eflags != 0) {
										_t100 = E00CC78C5(_t111, __eflags, _v12, _t118 + 0x20);
										L16:
										_t120 = _t100;
										L17:
										if(_t120 < 0) {
											goto L36;
										}
										goto L18;
									}
									_t106 = _t118 + 8;
									L8:
									_push(_v12);
									_push(_t106);
									L5:
									_t100 = E00CC67C4(_t112);
									goto L16;
								}
								_t106 = _t118 + 4;
								goto L8;
							}
							_t122 = E00CC329B(_a4, _v8, _t118 + 0x18);
							__eflags = _t122 - 0x80070057;
							_t120 =  ==  ? 0x8007000d : _t122;
							goto L17;
						}
						_t106 = _t118 + 0xc;
						goto L8;
					}
					_push(_v12);
					_push(_t118);
					goto L5;
					L18:
					if(_v8 != 0) {
						__imp__#6(_v8);
						_v8 = _v8 & 0x00000000;
					}
					_t112 = _v12;
					if(_t112 != 0) {
						 *((intOrPtr*)( *_t112 + 8))(_t112);
						_v12 = _v12 & 0x00000000;
					}
					_t120 = E00CC36D7(_t112, _v20,  &_v12,  &_v8);
					_t131 = _t120;
				} while (_t131 == 0);
				_t110 = _a4;
				goto L24;
			}

0x00cc76a8
0x00cc76ab
0x00cc76b1
0x00cc76b4
0x00cc76b7
0x00cc76ba
0x00cc76c4
0x00cc76c8
0x00cc7885
0x00cc7889
0x00cc788e
0x00cc788e
0x00cc7894
0x00cc7899
0x00cc789e
0x00cc789e
0x00cc78a1
0x00cc78a6
0x00cc78ab
0x00cc78ab
0x00cc78ae
0x00cc78b3
0x00cc78b8
0x00cc78b8
0x00cc78c2
0x00cc78c2
0x00cc76da
0x00cc76df
0x00cc76e2
0x00cc76e6
0x00cc77fb
0x00cc77fb
0x00cc7884
0x00000000
0x00cc7884
0x00cc7803
0x00cc780b
0x00cc780f
0x00000000
0x00000000
0x00cc7821
0x00cc7823
0x00cc7825
0x00cc7876
0x00cc7876
0x00cc7882
0x00cc7882
0x00000000
0x00cc7876
0x00cc7827
0x00cc782a
0x00cc7833
0x00cc7837
0x00000000
0x00000000
0x00cc783d
0x00cc7842
0x00cc7848
0x00cc7848
0x00cc784c
0x00cc7851
0x00cc7856
0x00cc7859
0x00cc7859
0x00cc786d
0x00cc786f
0x00cc7872
0x00cc7874
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc7874
0x00000000
0x00cc782a
0x00cc76ec
0x00cc76f2
0x00cc7708
0x00cc7727
0x00cc7729
0x00cc772c
0x00cc7746
0x00cc7748
0x00cc774b
0x00cc777d
0x00cc777f
0x00cc7782
0x00cc779a
0x00cc779d
0x00cc77ab
0x00cc77b0
0x00cc77b0
0x00cc77b2
0x00cc77b4
0x00000000
0x00000000
0x00000000
0x00cc77b4
0x00cc779f
0x00cc7731
0x00cc7731
0x00cc7734
0x00cc770e
0x00cc770e
0x00000000
0x00cc770e
0x00cc7784
0x00000000
0x00cc7784
0x00cc775c
0x00cc7763
0x00cc7769
0x00000000
0x00cc7769
0x00cc772e
0x00000000
0x00cc772e
0x00cc770a
0x00cc770d
0x00000000
0x00cc77ba
0x00cc77be
0x00cc77c3
0x00cc77c9
0x00cc77c9
0x00cc77cd
0x00cc77d2
0x00cc77d7
0x00cc77da
0x00cc77da
0x00cc77ee
0x00cc77f0
0x00cc77f0
0x00cc77f8
0x00000000

APIs

CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,rel,000000FF,?,?,?,00000000), ref: 00CC7703
CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,href,000000FF), ref: 00CC7727
CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,length,000000FF), ref: 00CC7746
CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,title,000000FF), ref: 00CC777D
CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,type,000000FF), ref: 00CC7798
SysFreeString.OLEAUT32(00000000), ref: 00CC77C3
SysFreeString.OLEAUT32(00000000), ref: 00CC7842
SysFreeString.OLEAUT32(00000000), ref: 00CC788E

Strings

rel, xrefs: 00CC76F4
feclient.dll, xrefs: 00CC7734
href, xrefs: 00CC771A
length, xrefs: 00CC7739
version.dll, xrefs: 00CC77A7
msasn1.dll, xrefs: 00CC787C
msi.dll, xrefs: 00CC782A
title, xrefs: 00CC7770
type, xrefs: 00CC778B
comres.dll, xrefs: 00CC7750

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: String$Compare$Free
String ID: comres.dll$feclient.dll$href$length$msasn1.dll$msi.dll$rel$title$type$version.dll
API String ID: 318886736-3944986760
Opcode ID: d636fcb3acc994eade885f9dd467d8a3e734cc7a1b4b2eddad88b9e63686042c
Instruction ID: 42f354f236f1cac22e9433f07251adaf852eada8d2c052ce61cbaeda44d576c4
Opcode Fuzzy Hash: d636fcb3acc994eade885f9dd467d8a3e734cc7a1b4b2eddad88b9e63686042c
Instruction Fuzzy Hash: 53712C35D04219BBCF15DBA4CC89FAEBBB8EF04720F2443A8E525B61A1D7319E54DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00C9E177, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 144
registryCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E00C9E177(void* __eflags, void** _a4) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				void _v24;
				struct tagMSG _v52;
				struct _WNDCLASSW _v92;
				int _t47;
				signed short _t58;
				signed short _t61;
				struct HWND__* _t67;
				signed int _t69;
				void** _t82;
				void* _t83;

				asm("stosd");
				_t69 = 0xa;
				_push(7);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				memset( &_v52, memset( &_v92, 0, _t69 << 2), 0 << 2);
				_t82 = _a4;
				_t83 = E00C9E05E(_t82[1],  &_v24);
				if(_t83 >= 0) {
					_v92.lpfnWndProc = E00C9E31B;
					_v92.hInstance = _t82[1];
					_v92.hCursor = LoadCursorW(0, 0x7f00);
					_v92.lpszClassName = L"WixBurnSplashScreen";
					if(RegisterClassW( &_v92) != 0) {
						_t67 = CreateWindowExW(0x80, _v92.lpszClassName, _t82[2], 0x90000000, _v20, _v16, _v12, _v8, 0, 0, _t82[1],  &_v24);
						if(_t67 != 0) {
							 *(_t82[3]) = _t67;
							SetEvent( *_t82);
							while(1) {
								_t47 = GetMessageW( &_v52, 0, 0, 0);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t83 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L13:
									_push(_t83);
									E00CC012F();
									L14:
									L15:
									UnregisterClassW(L"WixBurnSplashScreen", _t82[1]);
									if(_v24 != 0) {
										DeleteObject(_v24);
									}
									return _t83;
								}
								if(IsDialogMessageW(_t67,  &_v52) == 0) {
									TranslateMessage( &_v52);
									DispatchMessageW( &_v52);
								}
							}
							goto L14;
						}
						_t58 = GetLastError();
						_t86 =  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
						_t83 =  >=  ? 0x80004005 :  <=  ? _t58 : _t58 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "splashscreen.cpp", 0x8b, _t83);
						_push("Failed to create window.");
						goto L13;
					}
					_t61 = GetLastError();
					_t89 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
					_t83 =  >=  ? 0x80004005 :  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "splashscreen.cpp", 0x85, _t83);
					_push("Failed to register window.");
					goto L13;
				}
				_push("Failed to load splash screen.");
				_push(_t83);
				E00CC012F();
				goto L15;
			}

0x00c9e184
0x00c9e187
0x00c9e188
0x00c9e18a
0x00c9e18b
0x00c9e18c
0x00c9e18d
0x00c9e199
0x00c9e19b
0x00c9e1aa
0x00c9e1ae
0x00c9e1cd
0x00c9e1d5
0x00c9e1de
0x00c9e1e5
0x00c9e1f5
0x00c9e25a
0x00c9e25e
0x00c9e298
0x00c9e29c
0x00c9e2cc
0x00c9e2d5
0x00c9e2dd
0x00000000
0x00000000
0x00c9e2a7
0x00c9e2e1
0x00c9e2e6
0x00c9e2eb
0x00c9e2eb
0x00c9e2ec
0x00c9e2f3
0x00c9e2f4
0x00c9e2fc
0x00c9e306
0x00c9e30b
0x00c9e30b
0x00c9e318
0x00c9e318
0x00c9e2b6
0x00c9e2bc
0x00c9e2c6
0x00c9e2c6
0x00c9e2b6
0x00000000
0x00c9e2df
0x00c9e260
0x00c9e271
0x00c9e27b
0x00c9e289
0x00c9e28e
0x00000000
0x00c9e28e
0x00c9e1f7
0x00c9e208
0x00c9e212
0x00c9e220
0x00c9e225
0x00000000
0x00c9e225
0x00c9e1b0
0x00c9e1b5
0x00c9e1b6
0x00000000

APIs

Part of subcall function 00C9E05E: LoadBitmapW.USER32(?,00000001), ref: 00C9E094
Part of subcall function 00C9E05E: GetLastError.KERNEL32 ref: 00C9E0A0

LoadCursorW.USER32(00000000,00007F00), ref: 00C9E1D8
RegisterClassW.USER32 ref: 00C9E1EC
GetLastError.KERNEL32 ref: 00C9E1F7
UnregisterClassW.USER32 ref: 00C9E2FC
DeleteObject.GDI32(00000000), ref: 00C9E30B

Strings

splashscreen.cpp, xrefs: 00C9E21B, 00C9E284
Failed to register window., xrefs: 00C9E225
Unexpected return value from message pump., xrefs: 00C9E2E6
Failed to load splash screen., xrefs: 00C9E1B0
Failed to create window., xrefs: 00C9E28E
WixBurnSplashScreen, xrefs: 00C9E1E5, 00C9E2F7

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ClassErrorLastLoad$BitmapCursorDeleteObjectRegisterUnregister
String ID: Failed to create window.$Failed to load splash screen.$Failed to register window.$Unexpected return value from message pump.$WixBurnSplashScreen$splashscreen.cpp
API String ID: 164797020-2188509422
Opcode ID: 36f0dbb87fb0ffed9a50be94680818a125d617d768d3b04eb45cf83fecf29d79
Instruction ID: b4c36c3b1c33ab04e1d495ccceb28613919b9c665e797862dd8e1373e4772cf0
Opcode Fuzzy Hash: 36f0dbb87fb0ffed9a50be94680818a125d617d768d3b04eb45cf83fecf29d79
Instruction Fuzzy Hash: 36418F76A00659BFEF119BE4DD49FAEB7B9FF04300F100126FA05E6160DB709D109791

Uniqueness

Uniqueness Score: -1.00%

Function 00C8F410, Relevance: 28.2, APIs: 1, Strings: 15, Instructions: 152
registryCOMMON

Download Yara Rule

C-Code - Quality: 56%

			E00C8F410(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _t59;
				char* _t60;
				void* _t64;
				void* _t72;

				_t57 = __edx;
				_t54 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t59 = _a4;
				_t64 = E00C8E7CD(__ecx, _t59,  &_v12);
				if(_t64 >= 0) {
					_t64 = E00CC0A88( *((intOrPtr*)(_t59 + 0x4c)), _v12, 0x20006,  &_v8);
					if(_t64 >= 0) {
						if(E00CC1392(__ecx, __edx, _v8, L"ThisVersionInstalled", "Y") >= 0) {
							if(E00CC1392(__ecx, __edx, _v8, L"PackageName",  *((intOrPtr*)(_t59 + 0x60))) >= 0) {
								if(E00CC1392(_t54, __edx, _v8, L"PackageVersion",  *((intOrPtr*)(_t59 + 0x64))) >= 0) {
									if(E00CC1392(_t54, __edx, _v8, L"Publisher",  *((intOrPtr*)(_t59 + 0x68))) >= 0) {
										_t40 =  *((intOrPtr*)(_t59 + 0xa4));
										if( *((intOrPtr*)(_t59 + 0xa4)) == 0) {
											L16:
											_t60 = L"ReleaseType";
											if(E00CC1392(_t54, _t57, _v8, _t60,  *((intOrPtr*)(_t59 + 0xb0))) >= 0) {
												_t61 = _a8;
												if(E00C8EDB1(_t54, _t57, _v8, _a8, L"LogonUser", L"InstalledBy") >= 0) {
													if(E00C8EDB1(_t54, _t57, _v8, _t61, L"Date", L"InstalledDate") >= 0) {
														_t72 = E00C8EDB1(_t54, _t57, _v8, _t61, L"InstallerName", L"InstallerName");
														if(_t72 >= 0) {
															_t72 = E00C8EDB1(_t54, _t57, _v8, _t61, L"InstallerVersion", L"InstallerVersion");
															if(_t72 < 0) {
																_push(L"InstallerVersion");
																goto L26;
															}
														} else {
															_push(L"InstallerName");
															goto L26;
														}
													} else {
														_push(L"InstalledDate");
														goto L26;
													}
												} else {
													_push(L"InstalledBy");
													goto L26;
												}
											} else {
												_push(_t60);
												goto L26;
											}
										} else {
											_t72 = E00CC1392(_t54, _t57, _v8, L"PublishingGroup", _t40);
											if(_t72 >= 0) {
												goto L16;
											} else {
												_push(L"PublishingGroup");
												goto L26;
											}
										}
									} else {
										_push(L"Publisher");
										goto L26;
									}
								} else {
									_push(L"PackageVersion");
									goto L26;
								}
							} else {
								_push(L"PackageName");
								goto L26;
							}
						} else {
							_push(L"ThisVersionInstalled");
							L26:
							_push("Failed to write %ls value.");
							_push(_t72);
							E00CC012F();
						}
					} else {
						_push("Failed to create the key for update registration.");
						goto L2;
					}
				} else {
					_push("Failed to get the formatted key path for update registration.");
					L2:
					_push(_t64);
					E00CC012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					E00CC54EF(_v12);
				}
				return _t72;
			}

0x00c8f410
0x00c8f410
0x00c8f413
0x00c8f414
0x00c8f415
0x00c8f41c
0x00c8f422
0x00c8f42c
0x00c8f430
0x00c8f458
0x00c8f45c
0x00c8f47b
0x00c8f49b
0x00c8f4bb
0x00c8f4db
0x00c8f4e7
0x00c8f4ef
0x00c8f50f
0x00c8f515
0x00c8f527
0x00c8f52c
0x00c8f546
0x00c8f566
0x00c8f57f
0x00c8f583
0x00c8f59c
0x00c8f5a0
0x00c8f5a2
0x00000000
0x00c8f5a2
0x00c8f585
0x00c8f585
0x00000000
0x00c8f585
0x00c8f568
0x00c8f568
0x00000000
0x00c8f568
0x00c8f548
0x00c8f548
0x00000000
0x00c8f548
0x00c8f529
0x00c8f529
0x00000000
0x00c8f529
0x00c8f4f1
0x00c8f4ff
0x00c8f503
0x00000000
0x00c8f505
0x00c8f505
0x00000000
0x00c8f505
0x00c8f503
0x00c8f4dd
0x00c8f4dd
0x00000000
0x00c8f4dd
0x00c8f4bd
0x00c8f4bd
0x00000000
0x00c8f4bd
0x00c8f49d
0x00c8f49d
0x00000000
0x00c8f49d
0x00c8f47d
0x00c8f47d
0x00c8f5a7
0x00c8f5a7
0x00c8f5ac
0x00c8f5ad
0x00c8f5b2
0x00c8f45e
0x00c8f45e
0x00000000
0x00c8f45e
0x00c8f432
0x00c8f432
0x00c8f437
0x00c8f437
0x00c8f438
0x00c8f43e
0x00c8f5b9
0x00c8f5be
0x00c8f5c4
0x00c8f5c4
0x00c8f5cc
0x00c8f5d1
0x00c8f5d1
0x00c8f5dd

APIs

RegCloseKey.ADVAPI32(00000000,00000000,00C90348,InstallerVersion,InstallerVersion,00000000,00C90348,InstallerName,InstallerName,00000000,00C90348,Date,InstalledDate,00000000,00C90348,LogonUser), ref: 00C8F5BE

Part of subcall function 00CC1392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,00C8F1C2,00000000,?,00020006), ref: 00CC13C5

Strings

ThisVersionInstalled, xrefs: 00C8F46A, 00C8F47D
ReleaseType, xrefs: 00C8F515, 00C8F51A, 00C8F529
Failed to get the formatted key path for update registration., xrefs: 00C8F432
LogonUser, xrefs: 00C8F534
PackageVersion, xrefs: 00C8F4AA, 00C8F4BD
Failed to write %ls value., xrefs: 00C8F5A7
InstallerVersion, xrefs: 00C8F58C, 00C8F591, 00C8F592, 00C8F5A2
PublishingGroup, xrefs: 00C8F4F2, 00C8F505
InstalledDate, xrefs: 00C8F54F, 00C8F568
Date, xrefs: 00C8F554
InstalledBy, xrefs: 00C8F52F, 00C8F548
Publisher, xrefs: 00C8F4CA, 00C8F4DD
PackageName, xrefs: 00C8F48A, 00C8F49D
InstallerName, xrefs: 00C8F56F, 00C8F574, 00C8F575, 00C8F585
Failed to create the key for update registration., xrefs: 00C8F45E

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseValue
String ID: Date$Failed to create the key for update registration.$Failed to get the formatted key path for update registration.$Failed to write %ls value.$InstalledBy$InstalledDate$InstallerName$InstallerVersion$LogonUser$PackageName$PackageVersion$Publisher$PublishingGroup$ReleaseType$ThisVersionInstalled
API String ID: 3132538880-2703781546
Opcode ID: 00ae29813503e6e3bda3bb7b60ce00221a5e2fa9783457056d03dee42f15f9b0
Instruction ID: ea6010ba2110ee923eda5cc9af61714016541904c87e5a4da748d94c4c1bdc3c
Opcode Fuzzy Hash: 00ae29813503e6e3bda3bb7b60ce00221a5e2fa9783457056d03dee42f15f9b0
Instruction Fuzzy Hash: 6B41E432A80625BBCB227A51CC06F6E7A25AB50B28F25417EFD00B7351D770AE11B798

Uniqueness

Uniqueness Score: -1.00%

Function 00C9E563, Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 135
registryCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E00C9E563(signed int _a4) {
				int _v8;
				void _v12;
				struct tagMSG _v40;
				struct _WNDCLASSW _v80;
				int _t35;
				intOrPtr _t37;
				struct HWND__* _t44;
				int _t47;
				signed short _t57;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t77;
				struct HWND__* _t79;

				_t64 = _a4;
				_t65 = 0xa;
				_t79 = 0;
				_t35 = memset( &_v80, 0, _t65 << 2);
				_push(7);
				_v12 = 0;
				memset( &_v40, _t35, 0 << 2);
				_t77 = _t64[2];
				_v8 = 0;
				_t37 =  *((intOrPtr*)(_t77 + 0x490));
				_a4 = 0 | _t37 == 0x00000002;
				if(_t37 != 2 || TlsSetValue( *(_t77 + 0x498),  *(_t77 + 0x4b0)) != 0) {
					_v80.hInstance = _t64[1];
					_v80.lpfnWndProc = E00C9E705;
					_v80.lpszClassName = L"WixBurnMessageWindow";
					if(RegisterClassW( &_v80) != 0) {
						_v12 = _a4;
						_v8 = _t77 + 0xb8;
						_t44 = CreateWindowExW(0x80, _v80.lpszClassName, _t79, 0x90000000, 0x80000000, 8, _t79, _t79, _t79, _t79, _t64[1],  &_v12);
						if(_t44 != 0) {
							 *(_t77 + 0x3e0) = _t44;
							SetEvent( *_t64);
							while(1) {
								_t47 = GetMessageW( &_v40, _t79, _t79, _t79);
								if(_t47 == 0) {
									break;
								}
								if(_t47 == 0xffffffff) {
									_t79 = 0x8000ffff;
									_push("Unexpected return value from message pump.");
									L14:
									_push(_t79);
									E00CC012F();
									goto L15;
								}
								if(IsDialogMessageW(_v40,  &_v40) == 0) {
									TranslateMessage( &_v40);
									DispatchMessageW( &_v40);
								}
							}
							goto L15;
						}
						_t57 = GetLastError();
						_t82 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						_t79 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "uithread.cpp", 0x8a, _t79);
						_push("Failed to create window.");
						goto L14;
					}
					_t60 = GetLastError();
					_t85 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t79 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "uithread.cpp", 0x80, _t79);
					_push("Failed to register window.");
					goto L14;
				} else {
					_t79 = 0x8007139f;
					L15:
					UnregisterClassW(L"WixBurnMessageWindow", _t64[1]);
					return _t79;
				}
			}

0x00c9e56a
0x00c9e573
0x00c9e577
0x00c9e579
0x00c9e57b
0x00c9e581
0x00c9e584
0x00c9e586
0x00c9e58b
0x00c9e58e
0x00c9e59a
0x00c9e5a0
0x00c9e5c5
0x00c9e5cc
0x00c9e5d3
0x00c9e5e3
0x00c9e620
0x00c9e629
0x00c9e64c
0x00c9e654
0x00c9e68b
0x00c9e693
0x00c9e6cb
0x00c9e6d2
0x00c9e6d6
0x00000000
0x00000000
0x00c9e6a4
0x00c9e6da
0x00c9e6df
0x00c9e6e4
0x00c9e6e4
0x00c9e6e5
0x00000000
0x00c9e6eb
0x00c9e6b5
0x00c9e6bb
0x00c9e6c5
0x00c9e6c5
0x00c9e6b5
0x00000000
0x00c9e6d8
0x00c9e656
0x00c9e667
0x00c9e671
0x00c9e67f
0x00c9e684
0x00000000
0x00c9e684
0x00c9e5e5
0x00c9e5f6
0x00c9e600
0x00c9e60e
0x00c9e613
0x00000000
0x00c9e5b8
0x00c9e5b8
0x00c9e6ec
0x00c9e6f4
0x00c9e702
0x00c9e702

APIs

TlsSetValue.KERNEL32(?,?), ref: 00C9E5AE
RegisterClassW.USER32 ref: 00C9E5DA
GetLastError.KERNEL32 ref: 00C9E5E5
CreateWindowExW.USER32 ref: 00C9E64C
GetLastError.KERNEL32 ref: 00C9E656
UnregisterClassW.USER32 ref: 00C9E6F4

Strings

WixBurnMessageWindow, xrefs: 00C9E5D3, 00C9E6EF
Failed to register window., xrefs: 00C9E613
Unexpected return value from message pump., xrefs: 00C9E6DF
uithread.cpp, xrefs: 00C9E609, 00C9E67A
Failed to create window., xrefs: 00C9E684

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ClassErrorLast$CreateRegisterUnregisterValueWindow
String ID: Failed to create window.$Failed to register window.$Unexpected return value from message pump.$WixBurnMessageWindow$uithread.cpp
API String ID: 213125376-288575659
Opcode ID: 88eea1a85719d7462bebf446c9771b6c5ded07874fe11b5e3d577198049a38d6
Instruction ID: 2756623dba11605d83e74e01e607697a5b43771125627e438d94c3bd6f9bc607
Opcode Fuzzy Hash: 88eea1a85719d7462bebf446c9771b6c5ded07874fe11b5e3d577198049a38d6
Instruction Fuzzy Hash: 8B417F76A00218ABDF10DBA5DC49FDEBBE8EF18750F104126F909E6290DB309D50CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CAC517, Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 272
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E00CAC517(intOrPtr __ecx, void* __eflags, signed int _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr* _a24) {
				signed int _v8;
				intOrPtr _t121;
				intOrPtr _t176;
				intOrPtr* _t190;
				intOrPtr* _t197;
				intOrPtr _t198;
				intOrPtr _t203;
				signed int _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				void* _t214;
				void* _t220;
				signed int _t223;
				intOrPtr* _t224;
				void* _t225;

				_t193 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t190 = _a24;
				_t121 = E00C838D4( *(_t190 + 0x80) << 3, 1);
				_t212 = _a4;
				 *((intOrPtr*)(_t212 + 0x7c)) = _t121;
				if(_t121 != 0) {
					_t206 = 0;
					 *(_t212 + 0x80) =  *(_t190 + 0x80);
					_a4 = 0;
					if( *(_t190 + 0x80) <= 0) {
						L16:
						 *(_t212 + 0x14) =  *(_t212 + 0x14) & 0x00000000;
						 *((intOrPtr*)(_t212 + 0xa8)) = 1;
						 *((intOrPtr*)(_t212 + 0x8c)) =  *((intOrPtr*)(_t190 + 0x8c));
						 *((intOrPtr*)(_t212 + 0x40)) =  *((intOrPtr*)(_t190 + 0x40));
						 *((intOrPtr*)(_t212 + 0x44)) =  *((intOrPtr*)(_t190 + 0x44));
						 *((intOrPtr*)(_t212 + 0x28)) =  *((intOrPtr*)(_t190 + 0x28));
						 *((intOrPtr*)(_t212 + 0x2c)) =  *((intOrPtr*)(_t190 + 0x2c));
						 *((intOrPtr*)(_t212 + 0x30)) =  *((intOrPtr*)(_t190 + 0x30));
						 *((intOrPtr*)(_t212 + 0x34)) =  *((intOrPtr*)(_t190 + 0x34));
						 *((intOrPtr*)(_t212 + 0x1c)) =  *((intOrPtr*)(_t190 + 0x1c));
						if(E00C821A5(_t212,  *_t190, 0) >= 0) {
							_t97 = _t212 + 0x24; // 0x124
							if(E00C821A5(_t97,  *((intOrPtr*)(_t190 + 0x24)), 0) >= 0) {
								 *((intOrPtr*)(_t212 + 0xb0)) =  *((intOrPtr*)(_t190 + 0xb0));
								if(E00C97C29(_t193,  &_v8,  *_a8,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(_a8 + 8)),  *((intOrPtr*)(_a8 + 0x1c)), 1, _a16, _a20, _a12,  *((intOrPtr*)(_t135 + 0xc))) >= 0) {
									_t109 = _t212 + 0x94; // 0x194
									if(E00C821A5(_t109, _v8, 0) >= 0) {
										_t112 = _t212 + 0x98; // 0x198
										_t220 = E00C821A5(_t112, _v8, 0);
										if(_t220 >= 0) {
											_t114 = _t212 + 0x9c; // 0x19c
											 *((intOrPtr*)(_t212 + 0xac)) = 1;
											_t220 = E00C821A5(_t114, _v8, 0);
											if(_t220 >= 0) {
												 *((intOrPtr*)(_t212 + 0x18)) = 1;
											} else {
												_push("Failed to copy uninstall arguments for passthrough bundle package");
												goto L23;
											}
										} else {
											_push("Failed to copy related arguments for passthrough bundle package");
											goto L23;
										}
									} else {
										_push("Failed to copy install arguments for passthrough bundle package");
										goto L23;
									}
								} else {
									_push("Failed to recreate command-line arguments.");
									goto L23;
								}
							} else {
								_push("Failed to copy cache id for passthrough pseudo bundle.");
								goto L23;
							}
						} else {
							_push("Failed to copy key for passthrough pseudo bundle.");
							goto L23;
						}
					} else {
						while(1) {
							_t223 = _t206 << 3;
							_a24 =  *((intOrPtr*)(_t190 + 0x7c)) + _t223;
							 *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))) = E00C838D4(0x58, 1);
							_t150 =  *((intOrPtr*)(_t212 + 0x7c));
							_t207 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							if(_t207 == 0) {
								break;
							}
							_t197 = _a24;
							 *((intOrPtr*)(_t207 + 4)) =  *((intOrPtr*)( *_t197 + 4));
							_t198 =  *_t197;
							_t208 =  *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c))));
							 *((intOrPtr*)(_t208 + 0x10)) =  *((intOrPtr*)(_t198 + 0x10));
							 *((intOrPtr*)(_t208 + 0x14)) =  *((intOrPtr*)(_t198 + 0x14));
							_t220 = E00C821A5( *((intOrPtr*)(_t223 +  *((intOrPtr*)(_t212 + 0x7c)))),  *((intOrPtr*)( *_a24)), 0);
							if(_t220 < 0) {
								_push("Failed to copy key for passthrough pseudo bundle payload.");
								goto L23;
							} else {
								_t220 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x18,  *((intOrPtr*)( *_a24 + 0x18)), 0);
								if(_t220 < 0) {
									_push("Failed to copy filename for passthrough pseudo bundle.");
									goto L23;
								} else {
									_t220 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x38,  *((intOrPtr*)( *_a24 + 0x38)), 0);
									if(_t220 < 0) {
										_push("Failed to copy local source path for passthrough pseudo bundle.");
										goto L23;
									} else {
										_t224 = _a24;
										_t173 =  *_t224;
										if( *((intOrPtr*)( *_t224 + 0x40)) == 0) {
											L12:
											_t174 =  *_t224;
											if( *((intOrPtr*)( *_t224 + 0x30)) == 0) {
												L15:
												_t209 = _a4;
												_t193 =  *((intOrPtr*)(_t212 + 0x7c));
												 *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + 4 + _t209 * 8)) =  *((intOrPtr*)(_t224 + 4));
												_t206 = _t209 + 1;
												_a4 = _t206;
												if(_t206 <  *(_t190 + 0x80)) {
													continue;
												} else {
													goto L16;
												}
											} else {
												_t176 = E00C838D4( *((intOrPtr*)(_t174 + 0x34)), 0);
												_t210 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)) = _t176;
												_t177 =  *((intOrPtr*)(_t212 + 0x7c));
												_t203 =  *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8));
												if( *((intOrPtr*)(_t203 + 0x30)) == 0) {
													_t214 = 0x8007000e;
													_t220 = 0x8007000e;
													E00C837D3(_t177, "pseudobundle.cpp", 0xc9, 0x8007000e);
													_push("Failed to allocate memory for pseudo bundle payload hash.");
													goto L2;
												} else {
													 *((intOrPtr*)(_t203 + 0x34)) =  *((intOrPtr*)( *_t224 + 0x34));
													E00CA1664( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _t210 * 8)) + 0x34)),  *((intOrPtr*)( *_t224 + 0x30)),  *((intOrPtr*)( *_t224 + 0x34)));
													_t225 = _t225 + 0x10;
													goto L15;
												}
											}
										} else {
											_t220 = E00C821A5( *((intOrPtr*)( *((intOrPtr*)(_t212 + 0x7c)) + _a4 * 8)) + 0x40,  *((intOrPtr*)(_t173 + 0x40)), 0);
											if(_t220 < 0) {
												_push("Failed to copy download source for passthrough pseudo bundle.");
												L23:
												_push(_t220);
												goto L3;
											} else {
												_t224 = _a24;
												goto L12;
											}
										}
									}
								}
							}
							goto L36;
						}
						_t214 = 0x8007000e;
						_t220 = 0x8007000e;
						E00C837D3(_t150, "pseudobundle.cpp", 0xb3, 0x8007000e);
						_push("Failed to allocate space for burn payload inside of related bundle struct");
						goto L2;
					}
				} else {
					_t214 = 0x8007000e;
					_t220 = 0x8007000e;
					E00C837D3(_t121, "pseudobundle.cpp", 0xab, 0x8007000e);
					_push("Failed to allocate space for burn package payload inside of passthrough bundle.");
					L2:
					_push(_t214);
					L3:
					E00CC012F();
				}
				L36:
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t220;
			}

0x00cac517
0x00cac51a
0x00cac51b
0x00cac520
0x00cac531
0x00cac536
0x00cac539
0x00cac53e
0x00cac56f
0x00cac571
0x00cac577
0x00cac580
0x00cac6d7
0x00cac6d7
0x00cac6db
0x00cac6eb
0x00cac6f4
0x00cac6fa
0x00cac700
0x00cac706
0x00cac70c
0x00cac712
0x00cac71a
0x00cac729
0x00cac799
0x00cac7a6
0x00cac7b5
0x00cac7e4
0x00cac7ef
0x00cac803
0x00cac813
0x00cac81f
0x00cac823
0x00cac833
0x00cac839
0x00cac849
0x00cac84d
0x00cac859
0x00cac84f
0x00cac84f
0x00000000
0x00cac84f
0x00cac825
0x00cac825
0x00000000
0x00cac825
0x00cac805
0x00cac805
0x00000000
0x00cac805
0x00cac7e6
0x00cac7e6
0x00000000
0x00cac7e6
0x00cac7a8
0x00cac7a8
0x00000000
0x00cac7a8
0x00cac72b
0x00cac72b
0x00000000
0x00cac72b
0x00cac586
0x00cac586
0x00cac58b
0x00cac594
0x00cac59f
0x00cac5a2
0x00cac5a5
0x00cac5aa
0x00000000
0x00000000
0x00cac5b0
0x00cac5ba
0x00cac5c0
0x00cac5c2
0x00cac5c8
0x00cac5ce
0x00cac5e3
0x00cac5e7
0x00cac768
0x00000000
0x00cac5ed
0x00cac609
0x00cac60d
0x00cac761
0x00000000
0x00cac613
0x00cac62f
0x00cac633
0x00cac75a
0x00000000
0x00cac639
0x00cac639
0x00cac63c
0x00cac642
0x00cac668
0x00cac668
0x00cac66e
0x00cac6ba
0x00cac6ba
0x00cac6bd
0x00cac6c3
0x00cac6c7
0x00cac6c8
0x00cac6d1
0x00000000
0x00000000
0x00000000
0x00000000
0x00cac670
0x00cac675
0x00cac67d
0x00cac683
0x00cac686
0x00cac689
0x00cac690
0x00cac739
0x00cac749
0x00cac74b
0x00cac750
0x00000000
0x00cac696
0x00cac69b
0x00cac6b2
0x00cac6b7
0x00000000
0x00cac6b7
0x00cac690
0x00cac644
0x00cac65b
0x00cac65f
0x00cac732
0x00cac76d
0x00cac76d
0x00000000
0x00cac665
0x00cac665
0x00000000
0x00cac665
0x00cac65f
0x00cac642
0x00cac633
0x00cac60d
0x00000000
0x00cac5e7
0x00cac773
0x00cac783
0x00cac785
0x00cac78a
0x00000000
0x00cac78a
0x00cac540
0x00cac540
0x00cac550
0x00cac552
0x00cac557
0x00cac55c
0x00cac55c
0x00cac55d
0x00cac55d
0x00cac563
0x00cac860
0x00cac864
0x00cac869
0x00cac869
0x00cac876

Strings

Failed to copy filename for passthrough pseudo bundle., xrefs: 00CAC761
Failed to copy install arguments for passthrough bundle package, xrefs: 00CAC805
pseudobundle.cpp, xrefs: 00CAC54B, 00CAC744, 00CAC77E
Failed to allocate space for burn package payload inside of passthrough bundle., xrefs: 00CAC557
Failed to copy related arguments for passthrough bundle package, xrefs: 00CAC825
Failed to copy key for passthrough pseudo bundle., xrefs: 00CAC72B
Failed to allocate memory for pseudo bundle payload hash., xrefs: 00CAC750
Failed to recreate command-line arguments., xrefs: 00CAC7E6
Failed to copy cache id for passthrough pseudo bundle., xrefs: 00CAC7A8
Failed to copy key for passthrough pseudo bundle payload., xrefs: 00CAC768
Failed to copy download source for passthrough pseudo bundle., xrefs: 00CAC732
Failed to copy local source path for passthrough pseudo bundle., xrefs: 00CAC75A
Failed to copy uninstall arguments for passthrough bundle package, xrefs: 00CAC84F
Failed to allocate space for burn payload inside of related bundle struct, xrefs: 00CAC78A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID: Failed to allocate memory for pseudo bundle payload hash.$Failed to allocate space for burn package payload inside of passthrough bundle.$Failed to allocate space for burn payload inside of related bundle struct$Failed to copy cache id for passthrough pseudo bundle.$Failed to copy download source for passthrough pseudo bundle.$Failed to copy filename for passthrough pseudo bundle.$Failed to copy install arguments for passthrough bundle package$Failed to copy key for passthrough pseudo bundle payload.$Failed to copy key for passthrough pseudo bundle.$Failed to copy local source path for passthrough pseudo bundle.$Failed to copy related arguments for passthrough bundle package$Failed to copy uninstall arguments for passthrough bundle package$Failed to recreate command-line arguments.$pseudobundle.cpp
API String ID: 1357844191-115096447
Opcode ID: 81cab52a2099459291244a4c9366212ad1cfe63ca7a08d990fe6d2f3f66f765f
Instruction ID: 952d9e7943836aecc2142fe42d21cbef90be99b6c6df0b4d6b3c5968868f2544
Opcode Fuzzy Hash: 81cab52a2099459291244a4c9366212ad1cfe63ca7a08d990fe6d2f3f66f765f
Instruction Fuzzy Hash: 27B17975A00616EFDB11DF68C884F99BBA1BF09B04F10816AFE15AB361C731E851EF90

Uniqueness

Uniqueness Score: -1.00%

Function 00C8B106, Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 136
COMMON

Download Yara Rule

C-Code - Quality: 23%

			E00C8B106(intOrPtr _a4) {
				void* _t35;
				signed short _t40;
				intOrPtr* _t45;
				void* _t47;
				intOrPtr _t49;
				signed int _t50;
				signed int _t53;
				intOrPtr _t56;
				signed int _t57;
				intOrPtr* _t61;
				signed int _t62;
				signed int _t63;
				signed int _t64;

				_t57 = 0;
				_t61 = GetModuleHandleW(0);
				if(_t61 != 0) {
					if(0x5a4d ==  *_t61) {
						_t49 =  *((intOrPtr*)(_t61 + 0x3c));
						if( *((intOrPtr*)(_t49 + _t61)) == 0x4550) {
							_t5 = _t61 + 0x18; // 0x18
							_t45 = _t5 + ( *(_t49 + _t61 + 0x14) & 0x0000ffff) + _t49;
							if(E00CAF919(_t45, ".wixburn", 8) == 0) {
								L13:
								if( *((intOrPtr*)(_t45 + 0x10)) >= 0x34) {
									_t47 =  *((intOrPtr*)(_t45 + 0xc)) + _t61;
									if( *((intOrPtr*)(_t47 + 4)) == 2) {
										_t56 = _a4;
										_t50 = _t57;
										while(1) {
											_t26 =  *((intOrPtr*)(_t56 + _t50 * 4));
											if( *((intOrPtr*)(_t56 + _t50 * 4)) !=  *((intOrPtr*)(_t47 + 8 + _t50 * 4))) {
												break;
											}
											_t50 = _t50 + 1;
											if(_t50 != 4) {
												continue;
											} else {
											}
											goto L25;
										}
										_t62 = 0x8007000d;
										_t57 = 0x8007000d;
										E00C837D3(_t26, "section.cpp", 0x18a, 0x8007000d);
										_push("Bundle guid didn\'t match the guid in the PE Header in memory.");
										goto L24;
									} else {
										_t63 = 0x8007000d;
										_t57 = 0x8007000d;
										E00C837D3(_t25, "section.cpp", 0x184, 0x8007000d);
										_push( *((intOrPtr*)(_t47 + 4)));
										_push("Failed to read section info, unsupported version: %08x");
										goto L18;
									}
								} else {
									_t63 = 0x8007000d;
									_t57 = 0x8007000d;
									E00C837D3(_t25, "section.cpp", 0x17a, 0x8007000d);
									_push( *((intOrPtr*)(_t45 + 0x10)));
									_push("Failed to read section info, data to short: %u");
									L18:
									_push(_t63);
									E00CC012F();
								}
							} else {
								_t53 =  *( *((intOrPtr*)(_t61 + 0x3c)) + _t61 + 6) & 0x0000ffff;
								_t35 = 1;
								while(_t35 < _t53) {
									_t45 = _t45 + 0x28;
									_t35 = _t35 + 1;
									if( *_t45 != 0x7869772e ||  *((intOrPtr*)(_t45 + 4)) != 0x6e727562) {
										continue;
									} else {
										goto L13;
									}
									goto L25;
								}
								_t62 = 0x8007000d;
								_t57 = 0x8007000d;
								E00C837D3(_t35, "section.cpp", 0x16e, 0x8007000d);
								_push("Failed to find Burn section.");
								L24:
								_push(_t62);
								E00CC012F();
							}
							L25:
						} else {
							_t64 = 0x8007000d;
							_t57 = 0x8007000d;
							E00C837D3(0x5a4d, "section.cpp", 0x155, 0x8007000d);
							_push("Failed to find valid NT image header in buffer.");
							goto L5;
						}
					} else {
						_t64 = 0x8007000d;
						_t57 = 0x8007000d;
						E00C837D3(0x5a4d, "section.cpp", 0x14a, 0x8007000d);
						_push("Failed to find valid DOS image header in buffer.");
						L5:
						_push(_t64);
						goto L2;
					}
				} else {
					_t40 = GetLastError();
					_t60 =  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
					_t57 =  >=  ? 0x80004005 :  <=  ? _t40 : _t40 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "section.cpp", 0x140, _t57);
					_push("Failed to get module handle to process.");
					_push(_t57);
					L2:
					E00CC012F();
				}
				return _t57;
			}

0x00c8b10b
0x00c8b114
0x00c8b118
0x00c8b162
0x00c8b183
0x00c8b18d
0x00c8b1b5
0x00c8b1ba
0x00c8b1cc
0x00c8b1f2
0x00c8b1f6
0x00c8b23a
0x00c8b240
0x00c8b26c
0x00c8b26f
0x00c8b271
0x00c8b271
0x00c8b278
0x00000000
0x00000000
0x00c8b27a
0x00c8b27e
0x00000000
0x00000000
0x00c8b280
0x00000000
0x00c8b27e
0x00c8b282
0x00c8b292
0x00c8b294
0x00c8b299
0x00000000
0x00c8b242
0x00c8b242
0x00c8b252
0x00c8b254
0x00c8b259
0x00c8b25c
0x00000000
0x00c8b25c
0x00c8b1f8
0x00c8b1f8
0x00c8b208
0x00c8b20a
0x00c8b20f
0x00c8b212
0x00c8b261
0x00c8b261
0x00c8b262
0x00c8b267
0x00c8b1ce
0x00c8b1d1
0x00c8b1d8
0x00c8b1d9
0x00c8b1dd
0x00c8b1e0
0x00c8b1e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00c8b1e7
0x00c8b219
0x00c8b229
0x00c8b22b
0x00c8b230
0x00c8b29e
0x00c8b29e
0x00c8b29f
0x00c8b2a5
0x00c8b2a6
0x00c8b18f
0x00c8b18f
0x00c8b19f
0x00c8b1a1
0x00c8b1a6
0x00000000
0x00c8b1a6
0x00c8b164
0x00c8b164
0x00c8b174
0x00c8b176
0x00c8b17b
0x00c8b180
0x00c8b180
0x00000000
0x00c8b180
0x00c8b11a
0x00c8b11a
0x00c8b12b
0x00c8b135
0x00c8b143
0x00c8b148
0x00c8b14d
0x00c8b14e
0x00c8b14e
0x00c8b154
0x00c8b2ac

APIs

GetModuleHandleW.KERNEL32(00000000,00000000,00000000,?,00C8B9F7,00000008,?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B10E
GetLastError.KERNEL32(?,00C8B9F7,00000008,?,00000000,00000000,?,?,?,00000000,77E49EB0,00000000), ref: 00C8B11A
_memcmp.LIBVCRUNTIME ref: 00C8B1C2

Strings

burn, xrefs: 00C8B1E9
.wixburn, xrefs: 00C8B1BC
Failed to find valid NT image header in buffer., xrefs: 00C8B1A6
section.cpp, xrefs: 00C8B13E, 00C8B16F, 00C8B19A, 00C8B203, 00C8B224, 00C8B24D, 00C8B28D
Failed to read section info, unsupported version: %08x, xrefs: 00C8B25C
Bundle guid didn't match the guid in the PE Header in memory., xrefs: 00C8B299
Failed to read section info, data to short: %u, xrefs: 00C8B212
Failed to get module handle to process., xrefs: 00C8B148
Failed to find valid DOS image header in buffer., xrefs: 00C8B17B
Failed to find Burn section., xrefs: 00C8B230
.wix, xrefs: 00C8B1E1

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorHandleLastModule_memcmp
String ID: .wix$.wixburn$Bundle guid didn't match the guid in the PE Header in memory.$Failed to find Burn section.$Failed to find valid DOS image header in buffer.$Failed to find valid NT image header in buffer.$Failed to get module handle to process.$Failed to read section info, data to short: %u$Failed to read section info, unsupported version: %08x$burn$section.cpp
API String ID: 3888311042-926796631
Opcode ID: 6326cac233193855b2b3a2adad2bc905bdd1730e03381f5c2325e9293f761498
Instruction ID: d8e6a396ecf44448d9819aee69721d30ccc9181ee70a921f56e75849ae538087
Opcode Fuzzy Hash: 6326cac233193855b2b3a2adad2bc905bdd1730e03381f5c2325e9293f761498
Instruction Fuzzy Hash: 18411772380360A7EB217651DC46F6F2296AB41F6AF25403DF9065F581D764CE0293AE

Uniqueness

Uniqueness Score: -1.00%

Function 00C8A17D, Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 138
registryCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00C8A17D(intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				int _v12;
				int _v16;
				int _v20;
				signed short _t51;
				intOrPtr _t55;
				signed short _t60;
				void* _t64;
				void* _t66;
				void* _t70;

				_t55 = _a4;
				_a4 =  *((intOrPtr*)(_t55 + 0x24));
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				if(E00C871CF(_a8,  *((intOrPtr*)(_t55 + 0x1c)),  &_v8, 0) >= 0) {
					_t64 = 1;
					_t37 =  ==  ? 1 : 0x101;
					_t66 = E00CC0E3F( *((intOrPtr*)(_t55 + 0x18)), _v8,  ==  ? 1 : 0x101,  &_v16);
					if(_t66 < 0) {
						_push(_v8);
						if(_t66 != 0x80070002) {
							_push("Failed to open registry key. Key = \'%ls\'");
							_push(_t66);
							E00CC012F();
							_t70 = _t70 + 0xc;
							L18:
							if(_t66 < 0) {
								_push(_t66);
								E00CC061A(2, "RegistrySearchExists failed: ID \'%ls\', HRESULT 0x%x", _v8);
							}
							L20:
							E00C82793(_v8);
							E00C82793(_v12);
							if(_v16 != 0) {
								RegCloseKey(_v16);
							}
							return _t66;
						}
						_push("Registry key not found. Key = \'%ls\'");
						_push(2);
						E00CC061A();
						_t70 = _t70 + 0xc;
						L14:
						_t64 = 0;
						L15:
						_t66 = E00C88152(_a8,  *((intOrPtr*)(_t55 + 4)), _t64, 0, 0);
						if(_t66 >= 0) {
							goto L20;
						}
						_push("Failed to set variable.");
						L2:
						_push(_t66);
						E00CC012F();
						goto L18;
					}
					if( *((intOrPtr*)(_t55 + 0x20)) == 0) {
						goto L15;
					}
					_t66 = E00C871CF(_a8,  *((intOrPtr*)(_t55 + 0x20)),  &_v12, 0);
					if(_t66 >= 0) {
						_t51 = RegQueryValueExW(_v16, _v12, 0,  &_v20, 0, 0);
						_t60 = _t51;
						if(_t60 == 0) {
							goto L15;
						}
						if(_t60 == 0) {
							_push(_v12);
							E00CC061A(2, "Registry value not found. Key = \'%ls\', Value = \'%ls\'", _v8);
							_t70 = _t70 + 0x10;
							goto L14;
						}
						if(_t51 == 0) {
							goto L15;
						}
						_t69 =  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
						_t66 =  >=  ? 0x80004005 :  <=  ? _t51 : _t51 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "search.cpp", 0x322, _t66);
						_push("Failed to query registry key value.");
						goto L2;
					}
					_push("Failed to format value string.");
					goto L2;
				}
				_push("Failed to format key string.");
				goto L2;
			}

0x00c8a184
0x00c8a18f
0x00c8a199
0x00c8a19f
0x00c8a1a2
0x00c8a1a5
0x00c8a1b1
0x00c8a1cb
0x00c8a1d5
0x00c8a1e4
0x00c8a1e8
0x00c8a286
0x00c8a28f
0x00c8a2c2
0x00c8a2c7
0x00c8a2c8
0x00c8a2cd
0x00c8a2d0
0x00c8a2d2
0x00c8a2d4
0x00c8a2df
0x00c8a2e4
0x00c8a2e7
0x00c8a2ea
0x00c8a2f2
0x00c8a2fb
0x00c8a300
0x00c8a300
0x00c8a30e
0x00c8a30e
0x00c8a291
0x00c8a296
0x00c8a298
0x00c8a29d
0x00c8a2a0
0x00c8a2a0
0x00c8a2a2
0x00c8a2b2
0x00c8a2b6
0x00000000
0x00000000
0x00c8a2b8
0x00c8a1b8
0x00c8a1b8
0x00c8a1b9
0x00000000
0x00c8a1bf
0x00c8a1f2
0x00000000
0x00000000
0x00c8a209
0x00c8a20d
0x00c8a226
0x00c8a22e
0x00c8a231
0x00000000
0x00000000
0x00c8a237
0x00c8a26f
0x00c8a27c
0x00c8a281
0x00000000
0x00c8a281
0x00c8a23b
0x00000000
0x00000000
0x00c8a248
0x00c8a252
0x00c8a260
0x00c8a265
0x00000000
0x00c8a265
0x00c8a20f
0x00000000
0x00c8a20f
0x00c8a1b3
0x00000000

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 00C8A1A8
_MREFOpen@16.MSPDB140-MSVCRT ref: 00C8A204
RegQueryValueExW.ADVAPI32(000002C0,00000000,00000000,000002C0,00000000,00000000,000002C0,?,00000000,00000000,?,00000000,00000101,000002C0,000002C0,?), ref: 00C8A226
RegCloseKey.ADVAPI32(00000000,00000000,00000000,000002C0,00000100,00000000,000002C0), ref: 00C8A300

Strings

Failed to format key string., xrefs: 00C8A1B3
Failed to format value string., xrefs: 00C8A20F
Registry key not found. Key = '%ls', xrefs: 00C8A291
RegistrySearchExists failed: ID '%ls', HRESULT 0x%x, xrefs: 00C8A2D8
Failed to query registry key value., xrefs: 00C8A265
Registry value not found. Key = '%ls', Value = '%ls', xrefs: 00C8A275
Failed to open registry key. Key = '%ls', xrefs: 00C8A2C2
Failed to set variable., xrefs: 00C8A2B8
search.cpp, xrefs: 00C8A25B

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Open@16$CloseQueryValue
String ID: Failed to format key string.$Failed to format value string.$Failed to open registry key. Key = '%ls'$Failed to query registry key value.$Failed to set variable.$Registry key not found. Key = '%ls'$Registry value not found. Key = '%ls', Value = '%ls'$RegistrySearchExists failed: ID '%ls', HRESULT 0x%x$search.cpp
API String ID: 2702208347-46557908
Opcode ID: 33d51187a9e0702a58de83ab60722dc1f40be5804f6b6af370dcc406d33833e9
Instruction ID: a61c124f9392212c5fe027247eee28f8c151438116191722f0a4453fbfdce34d
Opcode Fuzzy Hash: 33d51187a9e0702a58de83ab60722dc1f40be5804f6b6af370dcc406d33833e9
Instruction Fuzzy Hash: 8841F772E40214FBEF217F95CC0AFAD7A65EB04704F11416AFD08B5191D7719E10A796

Uniqueness

Uniqueness Score: -1.00%

Function 00C995AC, Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 122
fileCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E00C995AC(void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t15;
				intOrPtr _t26;
				signed short _t27;
				intOrPtr _t32;
				void* _t34;
				void* _t36;
				WCHAR* _t37;
				intOrPtr _t39;
				intOrPtr _t40;

				_t36 = __edx;
				_t37 = _a12;
				_t34 = CreateFileW(_t37, 0x80000000, 5, 0, 3, 0x8000000, 0);
				_a12 = _t34;
				if(_t34 != 0xffffffff) {
					_t15 = _a4;
					__eflags =  *((intOrPtr*)(_t15 + 0x20));
					if( *((intOrPtr*)(_t15 + 0x20)) == 0) {
						__eflags =  *((intOrPtr*)(_t15 + 0x1c));
						if( *((intOrPtr*)(_t15 + 0x1c)) == 0) {
							__eflags =  *((intOrPtr*)(_t15 + 0x30));
							if(__eflags == 0) {
								goto L12;
							} else {
								_t40 = E00C98F8E(_t36, __eflags,  *((intOrPtr*)(_t15 + 0x30)),  *((intOrPtr*)(_t15 + 0x34)), _t37, _t34);
								__eflags = _t40;
								if(_t40 >= 0) {
									goto L12;
								} else {
									_push(_a8);
									_push("Failed to verify payload hash: %ls");
									goto L6;
								}
							}
						} else {
							_t26 = E00C991F7(_t36, _t15, _t37, _t34);
							goto L4;
						}
					} else {
						_t26 = E00C9A998(_t36, _t15, _t37, _t34);
						L4:
						_t40 = _t26;
						__eflags = _t40;
						if(_t40 >= 0) {
							L12:
							_t39 = _a16;
							_t32 = _a8;
							__eflags = _t39;
							_push(_t32);
							_push(_t37);
							_t17 =  ==  ? L"Copying" : L"Moving";
							E00CC061A(2, "%ls payload from working path \'%ls\' to path \'%ls\'",  ==  ? L"Copying" : L"Moving");
							_push(0x7d0);
							_push(3);
							_push(1);
							__eflags = _t39;
							if(_t39 == 0) {
								_push(_t32);
								_push(_t37);
								_t40 = E00CC3FE7();
								__eflags = _t40;
								if(_t40 < 0) {
									_push(_t32);
									_push(_t37);
									_push("Failed to copy %ls to %ls");
									goto L17;
								}
							} else {
								_push(1);
								_push(_t32);
								_push(_t37);
								_t40 = E00CC41D1();
								__eflags = _t40;
								if(_t40 < 0) {
									_push(_t32);
									_push(_t37);
									_push("Failed to move %ls to %ls");
									L17:
									_push(_t40);
									E00CC012F();
								}
							}
						} else {
							_push(_a8);
							_push("Failed to verify payload signature: %ls");
							L6:
							_push(_t40);
							E00CC012F();
						}
					}
					CloseHandle(_a12);
				} else {
					_t27 = GetLastError();
					_t43 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					_t40 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "cache.cpp", 0x56b, _t40);
					E00CC012F(_t40, "Failed to open payload in working path: %ls", _t37);
				}
				return _t40;
			}

0x00c995ac
0x00c995b1
0x00c995cd
0x00c995cf
0x00c995d5
0x00c99619
0x00c9961c
0x00c9961f
0x00c99645
0x00c99648
0x00c99654
0x00c99657
0x00000000
0x00c99659
0x00c99666
0x00c99668
0x00c9966a
0x00000000
0x00c9966c
0x00c9966c
0x00c9966f
0x00000000
0x00c9966f
0x00c9966a
0x00c9964a
0x00c9964d
0x00000000
0x00c9964d
0x00c99621
0x00c99624
0x00c99629
0x00c99629
0x00c9962b
0x00c9962d
0x00c99676
0x00c99676
0x00c9967f
0x00c99682
0x00c99684
0x00c99685
0x00c9968b
0x00c99696
0x00c9969e
0x00c996a3
0x00c996a5
0x00c996a7
0x00c996a9
0x00c996c3
0x00c996c4
0x00c996ca
0x00c996cc
0x00c996ce
0x00c996d0
0x00c996d1
0x00c996d2
0x00000000
0x00c996d2
0x00c996ab
0x00c996ab
0x00c996ad
0x00c996ae
0x00c996b4
0x00c996b6
0x00c996b8
0x00c996ba
0x00c996bb
0x00c996bc
0x00c996d7
0x00c996d7
0x00c996d8
0x00c996dd
0x00c996b8
0x00c9962f
0x00c9962f
0x00c99632
0x00c99637
0x00c99637
0x00c99638
0x00c9963d
0x00c9962d
0x00c996e4
0x00c995d7
0x00c995d7
0x00c995e8
0x00c995f2
0x00c99600
0x00c9960c
0x00c99611
0x00c996ef

APIs

CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00C9A63D,?,00000000,?,?,00CAB049), ref: 00C995C7
GetLastError.KERNEL32(?,00C9A63D,?,00000000,?,?,00CAB049,?,00000000,?,00000000,?,?,00CAB049,?), ref: 00C995D7
CloseHandle.KERNEL32(?,00CAB049,00000001,00000003,000007D0,?,?,00CAB049,?), ref: 00C996E4

Strings

Moving, xrefs: 00C99686, 00C9968E
Failed to verify payload hash: %ls, xrefs: 00C9966F
Failed to copy %ls to %ls, xrefs: 00C996D2
%ls payload from working path '%ls' to path '%ls', xrefs: 00C9968F
cache.cpp, xrefs: 00C995FB
Failed to verify payload signature: %ls, xrefs: 00C99632
Copying, xrefs: 00C99679
Failed to move %ls to %ls, xrefs: 00C996BC
Failed to open payload in working path: %ls, xrefs: 00C99606

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLast
String ID: %ls payload from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open payload in working path: %ls$Failed to verify payload hash: %ls$Failed to verify payload signature: %ls$Moving$cache.cpp
API String ID: 2528220319-1604654059
Opcode ID: a6df0b6d72d5c2b1307ab34533d00dabc657645fe582bdbba54968b54b55aa42
Instruction ID: 23b523031774c9212e035c98cc67230ed0cfe7d56298eb36dc49060f8bcefa0d
Opcode Fuzzy Hash: a6df0b6d72d5c2b1307ab34533d00dabc657645fe582bdbba54968b54b55aa42
Instruction Fuzzy Hash: 1D31D6B1A40774BBEF622A698C0EF6F296CDF41F50F01022EFD05AB391E6709D1096E5

Uniqueness

Uniqueness Score: -1.00%

Function 00C99496, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,08000000,00000000,?,00000000,?,00C9A5CE,?,00000000,?,?,00CAB041), ref: 00C994B1
GetLastError.KERNEL32(?,00C9A5CE,?,00000000,?,?,00CAB041,?,00000000,?,00000000,?,?,00CAB041,?), ref: 00C994BF
CloseHandle.KERNEL32(?,00CAB041,00000001,00000003,000007D0,?,?,00CAB041,?), ref: 00C9959E

Strings

Moving, xrefs: 00C99540, 00C99548
Failed to copy %ls to %ls, xrefs: 00C9958C
%ls container from working path '%ls' to path '%ls', xrefs: 00C99549
cache.cpp, xrefs: 00C994E3
Failed to verify container hash: %ls, xrefs: 00C99520
Copying, xrefs: 00C99533
Failed to move %ls to %ls, xrefs: 00C99576
Failed to open container in working path: %ls, xrefs: 00C994EE

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLast
String ID: %ls container from working path '%ls' to path '%ls'$Copying$Failed to copy %ls to %ls$Failed to move %ls to %ls$Failed to open container in working path: %ls$Failed to verify container hash: %ls$Moving$cache.cpp
API String ID: 2528220319-1187406825
Opcode ID: ad68fde3de908dccb552f5499c90393d3052300c361cbc1fa9d06b226e055a8b
Instruction ID: 5010e27a58d6fde55141cd1d560cd01f56f322516566d33b7607bdb334b69736
Opcode Fuzzy Hash: ad68fde3de908dccb552f5499c90393d3052300c361cbc1fa9d06b226e055a8b
Instruction Fuzzy Hash: 47212871A803347BEB222A698C4AF6F366CDF51B10F11032DFE09BA3C1E2B19D1095E0

Uniqueness

Uniqueness Score: -1.00%

Function 00C991F7, Relevance: 18.2, APIs: 2, Strings: 10, Instructions: 223
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00C991F7(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _v28;
				void* _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _v52;
				intOrPtr _v64;
				void* _v68;
				intOrPtr _v72;
				intOrPtr _v80;
				char _v92;
				signed int _v100;
				void* _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				void _v128;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t64;
				void* _t69;
				short* _t72;
				signed short _t74;
				char* _t88;
				signed short _t90;
				signed short _t100;
				void* _t104;
				void* _t106;
				signed int* _t107;
				signed short _t108;
				intOrPtr _t109;
				signed int _t111;
				void* _t118;
				void* _t119;
				void* _t122;
				signed int _t141;

				_t118 = __edx;
				_t64 =  *0xcea008; // 0x4c290ae8
				_v8 = _t64 ^ _t141;
				_t109 = _a12;
				_v44 = _a8;
				_v40 = _t109;
				E00CAF670(_t119,  &_v92, 0, 0x30);
				_v24 = 0xaac56b;
				_v20 = 0x11d0cd44;
				_v32 = 0;
				_v36 = 0;
				_t111 = 9;
				_t69 = memset( &_v128, 0, _t111 << 2);
				_v28 = _t69;
				_t122 = _t69;
				_v16 = 0xc000c28c;
				_v12 = 0xee95c24f;
				if(E00C821A5( &_v32, _a8, _t69) >= 0) {
					_t72 = _v32;
					while(0 !=  *_t72) {
						 *_t72 =  *_t72 + 0x20;
						_t72 = _t72 + 2;
					}
					_push(0);
					_push(0);
					_push( &_v28);
					_push(_t109);
					L00CBF45C();
					_t74 = GetLastError();
					if(_t74 != 0x7a) {
						if(_t74 == 0) {
							goto L11;
						} else {
							_t137 =  <=  ? _t74 : _t74 & 0x0000ffff | 0x80070000;
							_t104 = 0x80004005;
							_t128 =  >=  ? 0x80004005 :  <=  ? _t74 : _t74 & 0x0000ffff | 0x80070000;
							_push(_t128);
							_push(0x778);
							goto L8;
						}
					} else {
						_t106 = E00C838D4(_v28, 1);
						_push(0);
						_t122 = _t106;
						_t107 =  &_v28;
						_push(_t122);
						_push(_t107);
						_push(_t109);
						L00CBF45C();
						if(_t107 != 0) {
							L11:
							_t110 = 1 + _v28 * 2;
							if(E00C81EDE( &_v36, 1 + _v28 * 2) >= 0) {
								if(E00C826EE(0, _t122, _v28, _v36, _t110) >= 0) {
									_v92 = 0x30;
									_v68 =  &_v128;
									_v100 = _v28;
									_v108 = _v40;
									_v116 = _v36;
									_v112 = _v32;
									_t110 = 2;
									_v80 = _t110;
									_v72 = _t110;
									_v64 = 1;
									_v52 = 0x80;
									_v128 = 0x24;
									_v104 = _t122;
									_v120 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x1c)) + 8));
									_push( &_v92);
									_t88 =  &_v24;
									_push(_t88);
									_push(0xffffffff);
									L00CBF42C();
									_t128 = _t88;
									if(_t88 == 0) {
										L18:
										_v64 = _t110;
										_push( &_v92);
										_t90 =  &_v24;
										_push(_t90);
										_push(0xffffffff);
										L00CBF42C();
										if(_t90 != 0) {
											_t131 =  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
											_t128 =  >=  ? 0x80004005 :  <=  ? _t90 : _t90 & 0x0000ffff | 0x80070000;
											E00C837D3(0x80004005, "cache.cpp", 0x7a3, _t128);
											_push("Could not close verify handle.");
											goto L20;
										}
									} else {
										_v52 = _v52 | 0x00001000;
										_push( &_v92);
										_t100 =  &_v24;
										_push(_t100);
										_push(0xffffffff);
										L00CBF42C();
										if(_t100 == 0) {
											goto L18;
										} else {
											_t134 =  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000;
											_t128 =  >=  ? 0x80004005 :  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000;
											E00C837D3(0x80004005, "cache.cpp", 0x79d,  >=  ? 0x80004005 :  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000);
											E00CC012F( >=  ? 0x80004005 :  <=  ? _t100 : _t100 & 0x0000ffff | 0x80070000, "Could not verify file %ls.", _v44);
										}
									}
								} else {
									_push("Failed to encode file hash.");
									goto L20;
								}
							} else {
								_push("Failed to allocate string.");
								goto L20;
							}
						} else {
							_t108 = GetLastError();
							_t140 =  <=  ? _t108 : _t108 & 0x0000ffff | 0x80070000;
							_t104 = 0x80004005;
							_t128 =  >=  ? 0x80004005 :  <=  ? _t108 : _t108 & 0x0000ffff | 0x80070000;
							_push(_t128);
							_push(0x773);
							L8:
							_push("cache.cpp");
							E00C837D3(_t104);
							_push("Failed to get file hash.");
							goto L20;
						}
					}
				} else {
					_push("Failed to allocate memory");
					L20:
					_push(_t128);
					E00CC012F();
				}
				if(_v32 != 0) {
					E00CC54EF(_v32);
				}
				if(_v36 != 0) {
					E00CC54EF(_v36);
				}
				if(_t122 != 0) {
					E00C83999(_t122);
				}
				return E00CADE36(_t110, _v8 ^ _t141, _t118, _t122, _t128);
			}

0x00c991f7
0x00c991fd
0x00c99204
0x00c99208
0x00c99218
0x00c9921b
0x00c9921e
0x00c99226
0x00c9922f
0x00c99239
0x00c9923c
0x00c99241
0x00c99242
0x00c99245
0x00c99248
0x00c9924e
0x00c99256
0x00c99266
0x00c99272
0x00c9927e
0x00c99277
0x00c9927b
0x00c9927b
0x00c99285
0x00c99286
0x00c9928a
0x00c9928b
0x00c9928c
0x00c99297
0x00c9929c
0x00c992f1
0x00000000
0x00c992f3
0x00c992fe
0x00c99301
0x00c99308
0x00c9930b
0x00c9930c
0x00000000
0x00c9930c
0x00c9929e
0x00c992a3
0x00c992a8
0x00c992aa
0x00c992ac
0x00c992af
0x00c992b0
0x00c992b1
0x00c992b2
0x00c992b9
0x00c99313
0x00c99316
0x00c9932b
0x00c99348
0x00c99357
0x00c9935e
0x00c99364
0x00c9936a
0x00c99370
0x00c99376
0x00c9937e
0x00c9937f
0x00c99385
0x00c99388
0x00c9938f
0x00c99396
0x00c9939d
0x00c993a3
0x00c993a9
0x00c993aa
0x00c993ad
0x00c993ae
0x00c993b0
0x00c993b5
0x00c993b9
0x00c99410
0x00c99413
0x00c99416
0x00c99417
0x00c9941a
0x00c9941b
0x00c9941d
0x00c99424
0x00c99431
0x00c9943b
0x00c99449
0x00c9944e
0x00000000
0x00c9944e
0x00c993bb
0x00c993bb
0x00c993c5
0x00c993c6
0x00c993c9
0x00c993ca
0x00c993cc
0x00c993d3
0x00000000
0x00c993d5
0x00c993e0
0x00c993ea
0x00c993f8
0x00c99406
0x00c9940b
0x00c993d3
0x00c9934a
0x00c9934a
0x00000000
0x00c9934a
0x00c9932d
0x00c9932d
0x00000000
0x00c9932d
0x00c992bb
0x00c992bb
0x00c992c8
0x00c992cb
0x00c992d2
0x00c992d5
0x00c992d6
0x00c992db
0x00c992db
0x00c992e0
0x00c992e5
0x00000000
0x00c992e5
0x00c992b9
0x00c99268
0x00c99268
0x00c99453
0x00c99453
0x00c99454
0x00c9945a
0x00c9945f
0x00c99464
0x00c99464
0x00c9946d
0x00c99472
0x00c99472
0x00c99479
0x00c9947c
0x00c9947c
0x00c99493

APIs

GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,?,00000000,00000000,00000003,00000000,00000000), ref: 00C99297
GetLastError.KERNEL32(000007D0,000007D0,00000000,00000000,000007D0,00000001), ref: 00C992BB

Strings

Failed to get file hash., xrefs: 00C992E5
cache.cpp, xrefs: 00C992DB, 00C993F3, 00C99444
$, xrefs: 00C99396
Failed to allocate memory, xrefs: 00C99268
Could not verify file %ls., xrefs: 00C99400
Could not close verify handle., xrefs: 00C9944E
)L, xrefs: 00C991FD
0, xrefs: 00C99357
Failed to allocate string., xrefs: 00C9932D
Failed to encode file hash., xrefs: 00C9934A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast
String ID: $$0$Could not close verify handle.$Could not verify file %ls.$Failed to allocate memory$Failed to allocate string.$Failed to encode file hash.$Failed to get file hash.$cache.cpp$)L
API String ID: 1452528299-2978976986
Opcode ID: 6029380bf800aedb1179cd2aca6f4e808f27f1dd5351025dd4b12ff3a0c9e808
Instruction ID: 703bd01b3f047d338605c0985c84fc83c2150fd4659ee55ad717610339647b74
Opcode Fuzzy Hash: 6029380bf800aedb1179cd2aca6f4e808f27f1dd5351025dd4b12ff3a0c9e808
Instruction Fuzzy Hash: 9A715172D00229AADF11DFA9CC45BEFB7F8EB08710F11022AE915F7291E7749D419BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC43A6, Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 247
fileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E00CC43A6(signed short _a4, signed short* _a8, long _a12, long _a16, long _a20, signed short _a24, signed short _a28) {
				void* _v8;
				signed short _v12;
				char _v16;
				WCHAR* _t36;
				signed short _t38;
				void* _t41;
				signed short _t45;
				signed short _t49;
				signed short _t50;
				long _t60;
				signed short _t61;
				signed short _t65;
				signed short _t68;
				signed short _t73;
				intOrPtr _t76;
				void* _t77;
				long _t78;
				signed short _t82;
				long _t83;
				signed short _t85;
				void* _t86;
				signed short* _t87;
				signed short _t88;
				signed short _t91;
				signed short _t96;
				signed short _t97;

				_t83 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a8 != 0) {
					__eflags = _a4;
					if(_a4 != 0) {
						_t36 = _a12;
						__eflags = _t36;
						if(_t36 != 0) {
							__eflags = 0 -  *_t36;
							if(0 !=  *_t36) {
								_t86 = CreateFileW(_t36, 0x80000000, 5, 0, 3, 0x8000080, 0);
								_v8 = _t86;
								__eflags = _t86 - 0xffffffff;
								if(_t86 != 0xffffffff) {
									L14:
									_t38 =  &_v16;
									__imp__GetFileSizeEx(_t86, _t38);
									__eflags = _t38;
									if(_t38 != 0) {
										__eflags = _a16 - _t83;
										if(_a16 == _t83) {
											L25:
											__eflags = _a28;
											if(_a28 == 0) {
												_t76 = _v16;
												_t39 = _v12;
												_t73 = _t76 - _t83;
												_t77 = _t76 - _t83;
												_push(0);
												_pop(0);
												asm("sbb eax, edi");
												__eflags = 0 - _v12;
												if(__eflags > 0) {
													L27:
													_t87 = _a4;
													__eflags =  *_t87;
													if( *_t87 == 0) {
														__eflags = _t73;
														if(_t73 == 0) {
															L30:
															_t88 = 0;
															 *_a8 = 0;
															L51:
															_t41 = _v8;
															__eflags = _t41 - 0xffffffff;
															if(_t41 != 0xffffffff) {
																CloseHandle(_t41);
															}
															L53:
															goto L54;
														}
														_t85 = E00C838D4(_t73, 1);
														__eflags = _t85;
														if(_t85 != 0) {
															L40:
															_t78 = 0;
															_t45 = 0;
															_a12 = 0;
															_a24 = 0;
															while(1) {
																_a16 = _t78;
																_t88 = E00CC3D92(_t73, _t45,  &_a16);
																__eflags = _t88;
																if(_t88 < 0) {
																	break;
																}
																_t49 = ReadFile(_v8, _a24 + _t85, _a16,  &_a12, 0);
																__eflags = _t49;
																if(_t49 == 0) {
																	_t50 = GetLastError();
																	__eflags = _t50;
																	_t91 =  <=  ? _t50 : _t50 & 0x0000ffff | 0x80070000;
																	__eflags = _t91;
																	_t88 =  >=  ? 0x80004005 : _t91;
																	E00C837D3(0x80004005, "fileutil.cpp", 0x399, _t88);
																	break;
																}
																_t45 = _a24 + _a12;
																__eflags = _a12;
																_a24 = _t45;
																if(_a12 != 0) {
																	_t78 = 0;
																	__eflags = 0;
																	continue;
																}
																__eflags = _t45 - _t73;
																if(_t45 == _t73) {
																	 *_a4 = _t85;
																	_t85 = 0;
																	 *_a8 = _t73;
																} else {
																	_t88 = 0x8000ffff;
																}
																break;
															}
															__eflags = _t85;
															if(_t85 != 0) {
																E00C83999(_t85);
															}
															goto L51;
														}
														_t39 = 0x8007000e;
														_push(0x8007000e);
														_t88 = 0x8007000e;
														_push(0x38c);
														L16:
														_push("fileutil.cpp");
														E00C837D3(_t39);
														goto L51;
													}
													__eflags = _t73;
													if(_t73 != 0) {
														_t85 = E00C83A72( *_t87, _t73, 1);
														__eflags = _t85;
														if(_t85 != 0) {
															goto L40;
														}
														_t39 = 0x8007000e;
														_push(0x8007000e);
														_t88 = 0x8007000e;
														_push(0x37f);
														goto L16;
													}
													E00C83999( *_t87);
													 *_t87 = 0;
													goto L30;
												}
												if(__eflags < 0) {
													L34:
													_t88 = 0x8007007a;
													_push(0x8007007a);
													_push(0x371);
													goto L16;
												}
												__eflags = _a24 - _t77;
												if(_a24 >= _t77) {
													goto L27;
												}
												goto L34;
											}
											_t73 = _a24;
											__eflags = 0;
											goto L27;
										}
										_t83 = _a20;
										__eflags = 0 - _v12;
										if(__eflags < 0) {
											L22:
											_t60 = SetFilePointer(_t86, _t83, 0, 1);
											__eflags = _t60 - 0xffffffff;
											if(_t60 != 0xffffffff) {
												goto L25;
											}
											_t39 = GetLastError();
											__eflags = _t39;
											_t88 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
											__eflags = _t88;
											if(_t88 >= 0) {
												goto L25;
											}
											_push(_t88);
											_push(0x35f);
											goto L16;
										}
										if(__eflags > 0) {
											L21:
											_t88 = 0x80070057;
											goto L51;
										}
										__eflags = _t83 - _v16;
										if(_t83 <= _v16) {
											goto L22;
										}
										goto L21;
									}
									_t61 = GetLastError();
									__eflags = _t61;
									_t96 =  <=  ? _t61 : _t61 & 0x0000ffff | 0x80070000;
									_t39 = 0x80004005;
									__eflags = _t96;
									_t88 =  >=  ? 0x80004005 : _t96;
									__eflags = _t88;
									_push(_t88);
									_push(0x351);
									goto L16;
								}
								_t82 = GetLastError();
								_t88 = 0x80070002;
								__eflags = _t82;
								_t65 =  <=  ? _t82 : _t82 & 0x0000ffff | 0x80070000;
								__eflags = _t65 - 0x80070002;
								if(_t65 == 0x80070002) {
									goto L53;
								}
								__eflags = _t82;
								if(_t82 == 0) {
									_t86 = _v8;
									goto L14;
								}
								_t97 = _t65;
								__eflags = _t97;
								_t88 =  >=  ? 0x80004005 : _t97;
								E00C837D3(0x80004005, "fileutil.cpp", 0x34c, _t88);
								goto L53;
							}
							_t68 = 0x80070057;
							_push(0x80070057);
							_push(0x342);
							goto L2;
						}
						_t68 = 0x80070057;
						_push(0x80070057);
						_push(0x341);
					} else {
						_t68 = 0x80070057;
						_push(0x80070057);
						_push(0x340);
					}
					goto L2;
				} else {
					_t68 = 0x80070057;
					_push(0x80070057);
					_push(0x33f);
					L2:
					_push("fileutil.cpp");
					_t88 = _t68;
					E00C837D3(_t68);
					L54:
					return _t88;
				}
			}

0x00cc43ae
0x00cc43b0
0x00cc43b3
0x00cc43b9
0x00cc43da
0x00cc43dc
0x00cc43eb
0x00cc43ee
0x00cc43f0
0x00cc4401
0x00cc4404
0x00cc4431
0x00cc4433
0x00cc4436
0x00cc4439
0x00cc4481
0x00cc4481
0x00cc4486
0x00cc448c
0x00cc448e
0x00cc44bf
0x00cc44c2
0x00cc450b
0x00cc450b
0x00cc450f
0x00cc4537
0x00cc453c
0x00cc453f
0x00cc4541
0x00cc4543
0x00cc4545
0x00cc4546
0x00cc4548
0x00cc454a
0x00cc4516
0x00cc4516
0x00cc4519
0x00cc451c
0x00cc4585
0x00cc4587
0x00cc452b
0x00cc452e
0x00cc4530
0x00cc4647
0x00cc4647
0x00cc464a
0x00cc464d
0x00cc4650
0x00cc4650
0x00cc4656
0x00000000
0x00cc4656
0x00cc4591
0x00cc4593
0x00cc4595
0x00cc45a9
0x00cc45a9
0x00cc45ab
0x00cc45ad
0x00cc45b0
0x00cc45b7
0x00cc45b7
0x00cc45c5
0x00cc45c7
0x00cc45c9
0x00000000
0x00000000
0x00cc45dd
0x00cc45e3
0x00cc45e5
0x00cc460f
0x00cc461e
0x00cc4620
0x00cc4628
0x00cc462a
0x00cc4638
0x00000000
0x00cc4638
0x00cc45ea
0x00cc45ed
0x00cc45f1
0x00cc45f4
0x00cc45b5
0x00cc45b5
0x00000000
0x00cc45b5
0x00cc45f6
0x00cc45f8
0x00cc4604
0x00cc4606
0x00cc460b
0x00cc45fa
0x00cc45fa
0x00cc45fa
0x00000000
0x00cc45f8
0x00cc463d
0x00cc463f
0x00cc4642
0x00cc4642
0x00000000
0x00cc463f
0x00cc4597
0x00cc459c
0x00cc459d
0x00cc459f
0x00cc44b0
0x00cc44b0
0x00cc44b5
0x00000000
0x00cc44b5
0x00cc451e
0x00cc4520
0x00cc456d
0x00cc456f
0x00cc4571
0x00000000
0x00000000
0x00cc4573
0x00cc4578
0x00cc4579
0x00cc457b
0x00000000
0x00cc457b
0x00cc4524
0x00cc4529
0x00000000
0x00cc4529
0x00cc454c
0x00cc4553
0x00cc4553
0x00cc4558
0x00cc4559
0x00000000
0x00cc4559
0x00cc454e
0x00cc4551
0x00000000
0x00000000
0x00000000
0x00cc4551
0x00cc4511
0x00cc4514
0x00000000
0x00cc4514
0x00cc44c4
0x00cc44c9
0x00cc44cc
0x00cc44df
0x00cc44e4
0x00cc44ea
0x00cc44ed
0x00000000
0x00000000
0x00cc44ef
0x00cc44fa
0x00cc44fc
0x00cc44ff
0x00cc4501
0x00000000
0x00000000
0x00cc4503
0x00cc4504
0x00000000
0x00cc4504
0x00cc44ce
0x00cc44d5
0x00cc44d5
0x00000000
0x00cc44d5
0x00cc44d0
0x00cc44d3
0x00000000
0x00000000
0x00000000
0x00cc44d3
0x00cc4490
0x00cc449b
0x00cc449d
0x00cc44a0
0x00cc44a5
0x00cc44a7
0x00cc44a7
0x00cc44aa
0x00cc44ab
0x00000000
0x00cc44ab
0x00cc443d
0x00cc443f
0x00cc444c
0x00cc444e
0x00cc4451
0x00cc4453
0x00000000
0x00000000
0x00cc4459
0x00cc445b
0x00cc447e
0x00000000
0x00cc447e
0x00cc445d
0x00cc4464
0x00cc4466
0x00cc4474
0x00000000
0x00cc4474
0x00cc4406
0x00cc440b
0x00cc440c
0x00000000
0x00cc440c
0x00cc43f2
0x00cc43f7
0x00cc43f8
0x00cc43de
0x00cc43de
0x00cc43e3
0x00cc43e4
0x00cc43e4
0x00000000
0x00cc43bb
0x00cc43bb
0x00cc43c0
0x00cc43c1
0x00cc43c6
0x00cc43c6
0x00cc43cb
0x00cc43cd
0x00cc4658
0x00cc465e
0x00cc465e

APIs

CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,08000080,00000000,?,?,00000000,?,00000000,?,?,?), ref: 00CC4425
GetLastError.KERNEL32 ref: 00CC443B
GetFileSizeEx.KERNEL32(00000000,?), ref: 00CC4486
GetLastError.KERNEL32 ref: 00CC4490
CloseHandle.KERNEL32(?), ref: 00CC4650

Strings

fileutil.cpp, xrefs: 00CC43C6, 00CC446F, 00CC44B0, 00CC4633

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleSize
String ID: fileutil.cpp
API String ID: 3555958901-2967768451
Opcode ID: 4029f0113ceabbd7cc2fdc6f94cc2ed3368945f4364c06abe1faa8113b240d6d
Instruction ID: cf3866eb67da59eb0494ef7e15fc683c0e768c124d82de1d13ded520e080a474
Opcode Fuzzy Hash: 4029f0113ceabbd7cc2fdc6f94cc2ed3368945f4364c06abe1faa8113b240d6d
Instruction Fuzzy Hash: 2B712271A00255ABEB29DF6ACC54F6F76E8EF40760F21812DFD25EB290D674CE008B94

Uniqueness

Uniqueness Score: -1.00%

Function 00C9E05E, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 103
windowCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00C9E05E(struct HINSTANCE__* _a4, void** _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagMONITORINFO _v48;
				struct tagPOINT _v56;
				void* _v72;
				void* _v76;
				void _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t33;
				int _t36;
				void* _t38;
				struct HMONITOR__* _t44;
				signed short _t60;
				void** _t64;
				signed int _t65;
				void* _t67;
				struct HINSTANCE__* _t75;
				void* _t78;
				void* _t79;
				int _t80;
				signed int _t84;

				_t33 =  *0xcea008; // 0x4c290ae8
				_v8 = _t33 ^ _t84;
				_t75 = _a4;
				_t64 = _a8;
				_t65 = 6;
				_t80 = 0;
				_t36 = memset( &_v80, 0, _t65 << 2);
				_t67 = 0xa;
				_t78 =  &_v48;
				_v56.x = 0;
				memset(_t78, _t36, 0 << 2);
				_t79 = _t78 + _t67;
				_v56.y = 0;
				_t38 = LoadBitmapW(_t75, 1);
				 *_t64 = _t38;
				if(_t38 != 0) {
					GetObjectW(_t38, 0x18,  &_v80);
					_t64[1] = 0x80000000;
					_t64[2] = 0x80000000;
					_t64[3] = _v76;
					_t64[4] = _v72;
					_t44 = GetCursorPos( &_v56);
					if(_t44 != 0) {
						__imp__MonitorFromPoint(_v56.x, _v56.y, 2);
						if(_t44 != 0) {
							_v48.cbSize = 0x28;
							if(GetMonitorInfoW(_t44,  &_v48) != 0) {
								asm("cdq");
								_t64[1] = (_v20 - _t64[3] - _v48.rcWork - _t75 >> 1) + _v48.rcWork;
								asm("cdq");
								_t64[2] = (_v16 - _v24 - _t64[4] - _t75 >> 1) + _v24;
							}
						}
					}
				} else {
					_t60 = GetLastError();
					_t83 =  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					_t80 =  >=  ? 0x80004005 :  <=  ? _t60 : _t60 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "splashscreen.cpp", 0xe8, _t80);
					_push("Failed to load splash screen bitmap.");
					_push(_t80);
					E00CC012F();
				}
				return E00CADE36(_t64, _v8 ^ _t84, _t75, _t79, _t80);
			}

0x00c9e064
0x00c9e06b
0x00c9e06e
0x00c9e074
0x00c9e07b
0x00c9e081
0x00c9e083
0x00c9e085
0x00c9e088
0x00c9e08b
0x00c9e08e
0x00c9e08e
0x00c9e091
0x00c9e094
0x00c9e09a
0x00c9e09e
0x00c9e0e7
0x00c9e0f2
0x00c9e0f5
0x00c9e0fb
0x00c9e101
0x00c9e108
0x00c9e110
0x00c9e11a
0x00c9e122
0x00c9e127
0x00c9e138
0x00c9e143
0x00c9e14b
0x00c9e157
0x00c9e15f
0x00c9e15f
0x00c9e138
0x00c9e122
0x00c9e0a0
0x00c9e0a0
0x00c9e0b1
0x00c9e0bb
0x00c9e0c9
0x00c9e0ce
0x00c9e0d3
0x00c9e0d4
0x00c9e0da
0x00c9e174

APIs

LoadBitmapW.USER32(?,00000001), ref: 00C9E094
GetLastError.KERNEL32 ref: 00C9E0A0
GetObjectW.GDI32(00000000,00000018,?), ref: 00C9E0E7
GetCursorPos.USER32(?), ref: 00C9E108
MonitorFromPoint.USER32(?,?,00000002), ref: 00C9E11A
GetMonitorInfoW.USER32 ref: 00C9E130

Strings

splashscreen.cpp, xrefs: 00C9E0C4
(, xrefs: 00C9E127
Failed to load splash screen bitmap., xrefs: 00C9E0CE
)L, xrefs: 00C9E064

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Monitor$BitmapCursorErrorFromInfoLastLoadObjectPoint
String ID: ($Failed to load splash screen bitmap.$splashscreen.cpp$)L
API String ID: 2342928100-3049811984
Opcode ID: 4da9d03b14d8afa1139e054e7f0555a3cad1d53bcb9fb7fa37b9ff853dc05f55
Instruction ID: fb801fb718ca4bf3ba51e00b2c312feee65f40b2c781f4ef8b5198b6dd47135c
Opcode Fuzzy Hash: 4da9d03b14d8afa1139e054e7f0555a3cad1d53bcb9fb7fa37b9ff853dc05f55
Instruction Fuzzy Hash: DA315071A002059FDB10DFB8D98AB9EBBF5FB08710F148129F905EB251DB70D900CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C9E3F4, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95
threadCOMMON

Download Yara Rule

C-Code - Quality: 57%

			E00C9E3F4(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				long _v8;
				int _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void _v32;
				void* _t23;
				void* _t29;
				int _t31;
				void* _t47;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_t23 = CreateEventW(0, 1, 0, 0);
				_v16 = _t23;
				if(_t23 != 0) {
					_v32 = _t23;
					_v28 = _a4;
					_v24 = _a8;
					_v20 = _a12;
					_t29 = CreateThread(0, 0, E00C9E177,  &_v32, 0,  &_v8);
					_v12 = _t29;
					if(_t29 != 0) {
						_t31 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
					} else {
						_t46 =  <=  ? GetLastError() : _t33 & 0x0000ffff | 0x80070000;
						_t47 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t33 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "splashscreen.cpp", 0x42, _t47);
						_push("Failed to create UI thread.");
						goto L2;
					}
				} else {
					_t50 =  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					_t47 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t36 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "splashscreen.cpp", 0x39, _t47);
					_push("Failed to create modal event.");
					L2:
					_push(_t47);
					_t31 = E00CC012F();
				}
				if(_v12 != 0) {
					_t31 = CloseHandle(_v12);
					_v12 = 0;
				}
				if(_v16 != 0) {
					return CloseHandle(_v16);
				}
				return _t31;
			}

0x00c9e401
0x00c9e402
0x00c9e403
0x00c9e404
0x00c9e40c
0x00c9e40f
0x00c9e412
0x00c9e415
0x00c9e41b
0x00c9e420
0x00c9e45c
0x00c9e462
0x00c9e468
0x00c9e46e
0x00c9e481
0x00c9e487
0x00c9e48c
0x00c9e4c9
0x00c9e48e
0x00c9e49f
0x00c9e4a9
0x00c9e4b4
0x00c9e4b9
0x00000000
0x00c9e4b9
0x00c9e422
0x00c9e433
0x00c9e43d
0x00c9e448
0x00c9e44d
0x00c9e452
0x00c9e452
0x00c9e453
0x00c9e459
0x00c9e4d8
0x00c9e4dd
0x00c9e4df
0x00c9e4df
0x00c9e4e5
0x00000000
0x00c9e4ea
0x00c9e4f1

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00000000,00000000,?,?,00C85386,?,?), ref: 00C9E415
GetLastError.KERNEL32(?,?,00C85386,?,?), ref: 00C9E422
CreateThread.KERNEL32 ref: 00C9E481
GetLastError.KERNEL32(?,?,00C85386,?,?), ref: 00C9E48E
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,?,00C85386,?,?), ref: 00C9E4C9
CloseHandle.KERNEL32(?,?,?,00C85386,?,?), ref: 00C9E4DD
CloseHandle.KERNEL32(?,?,?,00C85386,?,?), ref: 00C9E4EA

Strings

splashscreen.cpp, xrefs: 00C9E443, 00C9E4AF
Failed to create UI thread., xrefs: 00C9E4B9
Failed to create modal event., xrefs: 00C9E44D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseCreateErrorHandleLast$EventMultipleObjectsThreadWait
String ID: Failed to create UI thread.$Failed to create modal event.$splashscreen.cpp
API String ID: 2351989216-1977201954
Opcode ID: 3c856a1ab3c0f1631aeec5e53a3672749f184cc66b94d024a41eb195d41f4b0c
Instruction ID: 6de7506646e71ad56ac0521b16fe0b8ae9696f8f482ad5f08e740bf65a6d2083
Opcode Fuzzy Hash: 3c856a1ab3c0f1631aeec5e53a3672749f184cc66b94d024a41eb195d41f4b0c
Instruction Fuzzy Hash: 59315C76D00219BBEB219BA9DC45EAFBBF8EB44711F11812AFD15E2250D6748E00CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C864B6, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 93
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E00C864B6(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v528;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				char* _t14;
				signed short _t15;
				signed short _t23;
				signed short _t27;
				void* _t30;
				void* _t36;
				signed short _t39;
				signed short _t42;
				signed int _t46;

				_t36 = __edx;
				_t30 = __ebx;
				_t10 =  *0xcea008; // 0x4c290ae8
				_v8 = _t10 ^ _t46;
				_t37 = _a8;
				E00CAF670(_a8,  &_v528, 0, 0x208);
				_t14 =  &_v528;
				_push(0x104);
				_push(_t14);
				if(_a4 == 0) {
					_t15 = GetSystemDirectoryW();
					__eflags = _t15;
					if(_t15 != 0) {
						goto L6;
					} else {
						_t23 = GetLastError();
						__eflags = _t23;
						_t42 =  <=  ? _t23 : _t23 & 0x0000ffff | 0x80070000;
						__eflags = _t42;
						_t39 =  >=  ? 0x80004005 : _t42;
						E00C837D3(0x80004005, "variable.cpp", 0x77e, _t39);
						_push("Failed to get 64-bit system folder.");
						goto L11;
					}
				} else {
					__imp__GetSystemWow64DirectoryW();
					if(_t14 != 0) {
						L6:
						__eflags = _v528;
						if(__eflags == 0) {
							L9:
							_t39 = E00CA02F4(_t37,  &_v528, 0);
							__eflags = _t39;
							if(_t39 < 0) {
								_push("Failed to set system folder variant value.");
								goto L11;
							}
						} else {
							_t39 = E00C8338F(0, __eflags,  &_v528, 0x104);
							__eflags = _t39;
							if(_t39 >= 0) {
								goto L9;
							} else {
								_push("Failed to backslash terminate system folder.");
								goto L11;
							}
						}
					} else {
						_t27 =  !=  ? 0 : GetLastError();
						if(_t27 == 0) {
							goto L6;
						} else {
							_t45 =  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
							_t39 =  >=  ? 0x80004005 :  <=  ? _t27 : _t27 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "variable.cpp", 0x777, _t39);
							_push("Failed to get 32-bit system folder.");
							L11:
							_push(_t39);
							E00CC012F();
						}
					}
				}
				return E00CADE36(_t30, _v8 ^ _t46, _t36, _t37, _t39);
			}

0x00c864b6
0x00c864b6
0x00c864bf
0x00c864c6
0x00c864cb
0x00c864dc
0x00c864e4
0x00c864f3
0x00c864f4
0x00c864f5
0x00c86546
0x00c8654c
0x00c8654e
0x00000000
0x00c86550
0x00c86550
0x00c8655f
0x00c86561
0x00c86569
0x00c8656b
0x00c86579
0x00c8657e
0x00000000
0x00c8657e
0x00c864f7
0x00c864f7
0x00c864ff
0x00c86585
0x00c86585
0x00c8658d
0x00c865a9
0x00c865b8
0x00c865ba
0x00c865bc
0x00c865be
0x00000000
0x00c865be
0x00c8658f
0x00c8659c
0x00c8659e
0x00c865a0
0x00000000
0x00c865a2
0x00c865a2
0x00000000
0x00c865a2
0x00c865a0
0x00c86505
0x00c86510
0x00c86515
0x00000000
0x00c86517
0x00c86522
0x00c8652c
0x00c8653a
0x00c8653f
0x00c865c3
0x00c865c3
0x00c865c4
0x00c865ca
0x00c86515
0x00c864ff
0x00c865dc

APIs

GetSystemWow64DirectoryW.KERNEL32(?,00000104), ref: 00C864F7
GetLastError.KERNEL32 ref: 00C86505
GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00C86546
GetLastError.KERNEL32 ref: 00C86550

Strings

Failed to get 64-bit system folder., xrefs: 00C8657E
variable.cpp, xrefs: 00C86535, 00C86574
)L, xrefs: 00C864BF
Failed to set system folder variant value., xrefs: 00C865BE
Failed to get 32-bit system folder., xrefs: 00C8653F
Failed to backslash terminate system folder., xrefs: 00C865A2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: DirectoryErrorLastSystem$Wow64
String ID: Failed to backslash terminate system folder.$Failed to get 32-bit system folder.$Failed to get 64-bit system folder.$Failed to set system folder variant value.$variable.cpp$)L
API String ID: 2634638900-12792844
Opcode ID: 851c2e85f55f9cbd287f158c4f8a2c1612ed5f751531068832c7eea78c2b381a
Instruction ID: 7c2cbc7702a8a45a6f19f60a9116ba103fe66e5c7ac66e3c8ce77a8110712550
Opcode Fuzzy Hash: 851c2e85f55f9cbd287f158c4f8a2c1612ed5f751531068832c7eea78c2b381a
Instruction Fuzzy Hash: FC2106B2E4033566EB20B7A5DC4AFAB72D89F00755F110179FC09E7180EA74CE0497E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1224, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88
threadCOMMON

Download Yara Rule

C-Code - Quality: 55%

			E00CA1224(intOrPtr _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t20;
				intOrPtr _t50;

				_t50 = _a4;
				_v16 =  *(_t50 + 0x28);
				_v12 =  *(_t50 + 0x20);
				_v8 = 0;
				_t20 = WaitForMultipleObjects(2,  &_v16, 0, 0xffffffff);
				if(_t20 == 0) {
					if(ResetEvent( *(_t50 + 0x28)) != 0) {
						 *((intOrPtr*)(_t50 + 0x2c)) = 0;
					} else {
						_t37 =  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_t38 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t23 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "cabextract.cpp", 0x13e, _t38);
						_push("Failed to reset operation complete event.");
						goto L7;
					}
				} else {
					if(_t20 == 1) {
						if(GetExitCodeThread( *(_t50 + 0x20),  &_v8) == 0) {
							_t43 =  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							_t44 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t29 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "cabextract.cpp", 0x145, _t44);
							_push("Failed to get extraction thread exit code.");
							goto L7;
						}
					} else {
						_t47 =  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_t48 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						_v8 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t32 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "cabextract.cpp", 0x14b, _t48);
						_push("Failed to wait for operation complete event.");
						L7:
						_push(_v8);
						E00CC012F();
					}
				}
				return _v8;
			}

0x00ca122b
0x00ca1236
0x00ca123c
0x00ca1246
0x00ca1249
0x00ca1251
0x00ca12ef
0x00ca1333
0x00ca12f1
0x00ca1302
0x00ca130c
0x00ca131a
0x00ca131d
0x00ca1322
0x00000000
0x00ca1322
0x00ca1257
0x00ca125a
0x00ca12a6
0x00ca12bd
0x00ca12c7
0x00ca12d5
0x00ca12d8
0x00ca12dd
0x00000000
0x00ca12dd
0x00ca125c
0x00ca126d
0x00ca1277
0x00ca1285
0x00ca1288
0x00ca128d
0x00ca1327
0x00ca1327
0x00ca132a
0x00ca1330
0x00ca125a
0x00ca133e

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,?,74B5F5E0,?,?,00C852FD,00C852B5,00000000,00C8533D), ref: 00CA1249
GetLastError.KERNEL32 ref: 00CA125C
GetExitCodeThread.KERNEL32(00CCB478,?), ref: 00CA129E
GetLastError.KERNEL32 ref: 00CA12AC
ResetEvent.KERNEL32(00CCB450), ref: 00CA12E7
GetLastError.KERNEL32 ref: 00CA12F1

Strings

cabextract.cpp, xrefs: 00CA1280, 00CA12D0, 00CA1315
Failed to wait for operation complete event., xrefs: 00CA128D
Failed to reset operation complete event., xrefs: 00CA1322
Failed to get extraction thread exit code., xrefs: 00CA12DD

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$CodeEventExitMultipleObjectsResetThreadWait
String ID: Failed to get extraction thread exit code.$Failed to reset operation complete event.$Failed to wait for operation complete event.$cabextract.cpp
API String ID: 2979751695-3400260300
Opcode ID: e42aef8b6c0a6a211362cb329a70752d9049ef6c3676c9f3b3439620c65598d7
Instruction ID: 307b2ea18dc2709c1193700ca09c69a5a20dadb0298bbf7c3232d01fa8e224c9
Opcode Fuzzy Hash: e42aef8b6c0a6a211362cb329a70752d9049ef6c3676c9f3b3439620c65598d7
Instruction Fuzzy Hash: 0C218FB1640305AFEB14AB6ACD56BBE76F8EB05711F10412EF946D62A0E770DE009B15

Uniqueness

Uniqueness Score: -1.00%

Function 00CA1341, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 80
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 59%

			E00CA1341(void* __ebx, intOrPtr _a4) {
				signed short _t30;
				signed short _t34;
				void* _t37;
				void* _t42;
				intOrPtr _t49;

				_t37 = __ebx;
				_t49 = _a4;
				_t42 = 0;
				if( *(_t49 + 0x20) != 0) {
					_t3 = _t49 + 0x24; // 0x685479f6
					 *((intOrPtr*)(_t49 + 0x2c)) = 5;
					if(SetEvent( *_t3) != 0) {
						_t5 = _t49 + 0x20; // 0x85f08bff
						if(WaitForSingleObject( *_t5, 0xffffffff) != 0) {
							_t30 = GetLastError();
							_t45 =  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
							_t42 =  >=  ? 0x80004005 :  <=  ? _t30 : _t30 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "cabextract.cpp", 0x10b, _t42);
							_push("Failed to wait for thread to terminate.");
							goto L5;
						}
					} else {
						_t34 = GetLastError();
						_t48 =  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						_t42 =  >=  ? 0x80004005 :  <=  ? _t34 : _t34 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "cabextract.cpp", 0x105, _t42);
						_push("Failed to set begin operation event.");
						L5:
						_push(_t42);
						E00CC012F();
					}
				}
				_push(_t37);
				if( *(_t49 + 0x20) != 0) {
					_t7 = _t49 + 0x20; // 0x85f08bff
					CloseHandle( *_t7);
					 *(_t49 + 0x20) =  *(_t49 + 0x20) & 0x00000000;
				}
				if( *(_t49 + 0x24) != 0) {
					_t11 = _t49 + 0x24; // 0x685479f6
					CloseHandle( *_t11);
					 *(_t49 + 0x24) =  *(_t49 + 0x24) & 0x00000000;
				}
				if( *(_t49 + 0x28) != 0) {
					_t15 = _t49 + 0x28; // 0xccba60
					CloseHandle( *_t15);
					 *(_t49 + 0x28) =  *(_t49 + 0x28) & 0x00000000;
				}
				if( *((intOrPtr*)(_t49 + 0x4c)) != 0) {
					_t19 = _t49 + 0x4c; // 0x682c79f6
					E00C83999( *_t19);
				}
				if( *((intOrPtr*)(_t49 + 0x1c)) != 0) {
					_t21 = _t49 + 0x1c; // 0xfff48be8
					E00CC54EF( *_t21);
				}
				return _t42;
			}

0x00ca1341
0x00ca1345
0x00ca1349
0x00ca134e
0x00ca1354
0x00ca1357
0x00ca1366
0x00ca139f
0x00ca13aa
0x00ca13ac
0x00ca13bd
0x00ca13c7
0x00ca13d5
0x00ca13da
0x00000000
0x00ca13da
0x00ca1368
0x00ca1368
0x00ca1379
0x00ca1383
0x00ca1391
0x00ca1396
0x00ca13df
0x00ca13df
0x00ca13e0
0x00ca13e6
0x00ca1366
0x00ca13eb
0x00ca13f2
0x00ca13f4
0x00ca13f7
0x00ca13f9
0x00ca13f9
0x00ca1401
0x00ca1403
0x00ca1406
0x00ca1408
0x00ca1408
0x00ca1410
0x00ca1412
0x00ca1415
0x00ca1417
0x00ca1417
0x00ca1420
0x00ca1422
0x00ca1425
0x00ca1425
0x00ca142e
0x00ca1430
0x00ca1433
0x00ca1433
0x00ca143d

APIs

SetEvent.KERNEL32(685479F6,00C8533D,00000000,?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000,?), ref: 00CA135E
GetLastError.KERNEL32(?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000,?,00C85381,FFF9E89D,00C85381), ref: 00CA1368
WaitForSingleObject.KERNEL32(85F08BFF,000000FF,?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000,?,00C85381), ref: 00CA13A2
GetLastError.KERNEL32(?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000,?,00C85381,FFF9E89D,00C85381), ref: 00CA13AC
CloseHandle.KERNEL32(85F08BFF,00C85381,00C8533D,00000000,?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000), ref: 00CA13F7
CloseHandle.KERNEL32(685479F6,00C85381,00C8533D,00000000,?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000), ref: 00CA1406
CloseHandle.KERNEL32(00CCBA60,00C85381,00C8533D,00000000,?,00C8C06D,00C8533D,00C852B5,00000000,?,00C9763B,?,00C85565,00C85371,00C85371,00000000), ref: 00CA1415

Strings

cabextract.cpp, xrefs: 00CA138C, 00CA13D0
Failed to wait for thread to terminate., xrefs: 00CA13DA
Failed to set begin operation event., xrefs: 00CA1396

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseHandle$ErrorLast$EventObjectSingleWait
String ID: Failed to set begin operation event.$Failed to wait for thread to terminate.$cabextract.cpp
API String ID: 1206859064-226982402
Opcode ID: a17e35c08ca24e4428c52c3105dba9ad6465b615188b253caf234f5704eab043
Instruction ID: 14eb4f1fdb03a87211ea33305480a956b5854a55553f30f8d5c4a48f6212023c
Opcode Fuzzy Hash: a17e35c08ca24e4428c52c3105dba9ad6465b615188b253caf234f5704eab043
Instruction Fuzzy Hash: 7421F732200701DBE7316B2ACC45B67B6F5FF88716F05062DE99A919A0D774D840EB25

Uniqueness

Uniqueness Score: -1.00%

Function 00C8D5C0, Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 18%

			E00C8D5C0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HINSTANCE__* _t9;
				signed short _t15;
				signed short _t18;
				intOrPtr* _t21;
				intOrPtr _t24;
				void* _t25;

				_t24 = _a4;
				_t2 = _t24 + 4; // 0x69006e
				_t9 = LoadLibraryW( *( *_t2 + 0x50));
				 *(_t24 + 0xc) = _t9;
				if(_t9 != 0) {
					_t21 = GetProcAddress(_t9, "BootstrapperApplicationCreate");
					if(_t21 != 0) {
						_t5 = _t24 + 0x10; // 0xccb4a0
						_t25 =  *_t21(_a8, _a12, _t5);
						if(_t25 < 0) {
							_push("Failed to create UX.");
							goto L6;
						}
					} else {
						_t15 = GetLastError();
						_t28 =  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						_t25 =  >=  ? 0x80004005 :  <=  ? _t15 : _t15 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "userexperience.cpp", 0x5d, _t25);
						_push("Failed to get BootstrapperApplicationCreate entry-point");
						goto L6;
					}
				} else {
					_t18 = GetLastError();
					_t31 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					_t25 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "userexperience.cpp", 0x59, _t25);
					_push("Failed to load UX DLL.");
					L6:
					_push(_t25);
					E00CC012F();
				}
				return _t25;
			}

0x00c8d5c4
0x00c8d5c7
0x00c8d5cd
0x00c8d5d3
0x00c8d5d8
0x00c8d618
0x00c8d61c
0x00c8d650
0x00c8d65c
0x00c8d660
0x00c8d662
0x00000000
0x00c8d662
0x00c8d61e
0x00c8d61e
0x00c8d62f
0x00c8d639
0x00c8d644
0x00c8d649
0x00000000
0x00c8d649
0x00c8d5da
0x00c8d5da
0x00c8d5eb
0x00c8d5f5
0x00c8d600
0x00c8d605
0x00c8d667
0x00c8d667
0x00c8d668
0x00c8d66e
0x00c8d673

APIs

LoadLibraryW.KERNEL32(?,00000000,?,00C846F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00C85386,?,?), ref: 00C8D5CD
GetLastError.KERNEL32(?,00C846F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00C85386,?,?), ref: 00C8D5DA
GetProcAddress.KERNEL32(00000000,BootstrapperApplicationCreate), ref: 00C8D612
GetLastError.KERNEL32(?,00C846F8,00000000,00000000,wininet.dll,?,00000000,00000000,?,?,00C85386,?,?), ref: 00C8D61E

Strings

wininet.dll, xrefs: 00C8D5F8, 00C8D63C, 00C8D667
userexperience.cpp, xrefs: 00C8D5FB, 00C8D63F
Failed to get BootstrapperApplicationCreate entry-point, xrefs: 00C8D649
BootstrapperApplicationCreate, xrefs: 00C8D60C
Failed to load UX DLL., xrefs: 00C8D605
Failed to create UX., xrefs: 00C8D662

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$AddressLibraryLoadProc
String ID: BootstrapperApplicationCreate$Failed to create UX.$Failed to get BootstrapperApplicationCreate entry-point$Failed to load UX DLL.$userexperience.cpp$wininet.dll
API String ID: 1866314245-1140179540
Opcode ID: 90a703104ea019ccdf85de93f7d8be8120e23b1370f7392cf66b68be01808067
Instruction ID: bdc237b97f519b05081cdd536796917f23c68846151a7f9fc3d03a655175c03f
Opcode Fuzzy Hash: 90a703104ea019ccdf85de93f7d8be8120e23b1370f7392cf66b68be01808067
Instruction Fuzzy Hash: 9F11A072A40725ABEB216BA9DC05F6B77D5EF05761F01413EFD0AE7190EA20CC018BE8

Uniqueness

Uniqueness Score: -1.00%

Function 00C9E31B, Relevance: 16.6, APIs: 11, Instructions: 86
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C9E31B(void** _a4, int _a8, int _a12, long _a16) {
				void* _t16;
				void* _t19;
				long _t28;
				struct HDC__* _t32;
				void* _t35;
				void* _t36;
				void* _t38;
				void* _t39;
				struct HWND__* _t41;
				void** _t43;
				long _t45;

				_t41 = _a4;
				_t43 = GetWindowLongW(_t41, 0xffffffeb);
				_t16 = 2;
				_a4 = _t43;
				_t35 = _a8 - _t16;
				if(_t35 == 0) {
					PostQuitMessage(0);
					return 0;
				}
				_t36 = _t35 - 0x12;
				if(_t36 == 0) {
					_t32 = CreateCompatibleDC(_a12);
					_t19 = SelectObject(_t32,  *_t43);
					StretchBlt(_a12, 0, 0, _a4[3], _a4[4], _t32, 0, 0,  *(_t20 + 0xc),  *(_t20 + 0x10), 0xcc0020);
					SelectObject(_t32, _t19);
					DeleteDC(_t32);
					return 1;
				}
				_t45 = _a16;
				_t38 = _t36 - 0x6d;
				if(_t38 == 0) {
					SetWindowLongW(_t41, 0xffffffeb,  *_t45);
					L8:
					return DefWindowProcW(_t41, _a8, _a12, _t45);
				}
				_t39 = _t38 - 1;
				if(_t39 == 0) {
					_t28 = DefWindowProcW(_t41, 0x82, _a12, _t45);
					SetWindowLongW(_t41, 0xffffffeb, 0);
					return _t28;
				}
				if(_t39 != _t16) {
					goto L8;
				}
				return _t16;
			}

0x00c9e320
0x00c9e32f
0x00c9e333
0x00c9e334
0x00c9e337
0x00c9e339
0x00c9e3e6
0x00000000
0x00c9e3ec
0x00c9e33f
0x00c9e342
0x00c9e3a8
0x00c9e3ab
0x00c9e3cd
0x00c9e3d5
0x00c9e3d8
0x00000000
0x00c9e3e1
0x00c9e344
0x00c9e347
0x00c9e34a
0x00c9e380
0x00c9e386
0x00000000
0x00c9e38e
0x00c9e34c
0x00c9e34f
0x00c9e364
0x00c9e371
0x00000000
0x00c9e377
0x00c9e353
0x00000000
0x00000000
0x00000000

APIs

GetWindowLongW.USER32(?,000000EB), ref: 00C9E326
DefWindowProcW.USER32(?,00000082,?,?), ref: 00C9E364
SetWindowLongW.USER32 ref: 00C9E371
SetWindowLongW.USER32 ref: 00C9E380
DefWindowProcW.USER32(?,?,?,?), ref: 00C9E38E
CreateCompatibleDC.GDI32(?), ref: 00C9E39A
SelectObject.GDI32(00000000,00000000), ref: 00C9E3AB
StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00C9E3CD
SelectObject.GDI32(00000000,00000000), ref: 00C9E3D5
DeleteDC.GDI32(00000000), ref: 00C9E3D8
PostQuitMessage.USER32(00000000), ref: 00C9E3E6

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Window$Long$ObjectProcSelect$CompatibleCreateDeleteMessagePostQuitStretch
String ID:
API String ID: 409979828-0
Opcode ID: 488452ae2f93394f79130746c20b75202815fe2874ded7f0f7a0ba7add8928fe
Instruction ID: cda12ea8bc77d2e49d6f6adfb43345593f0bc3603080d78a09a2d7577f43593b
Opcode Fuzzy Hash: 488452ae2f93394f79130746c20b75202815fe2874ded7f0f7a0ba7add8928fe
Instruction Fuzzy Hash: 65215532100108BFCB259FA9DC4DF7E3BA9FB49361B198519FA26961B0DB318D109B61

Uniqueness

Uniqueness Score: -1.00%

Function 00C83083, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 206
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00C83083(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12) {
				signed int _v8;
				signed int _v12;
				long _v16;
				signed int _t49;
				long _t57;
				void* _t63;
				signed short _t65;
				signed short _t66;
				long _t69;
				signed short _t77;
				signed short _t78;
				WCHAR* _t79;
				long _t81;
				long _t84;
				long _t85;
				long _t87;
				void* _t88;

				_t79 = _a8;
				_t49 = 0;
				_v12 = _v12 & 0;
				_t81 = 0;
				_v8 = 0;
				_v16 = 0;
				_t84 = 0x40;
				if((_a12 & 0x00000001) == 0) {
					L16:
					if((_a12 & 0x00000002) == 0) {
						_v8 = _v8 & 0x00000000;
						_v12 = _t49;
						goto L30;
					} else {
						_a12 = _a12 & 0x00000000;
						_t83 =  !=  ? _t49 : _t79;
						_a8 =  !=  ? _t49 : _t79;
						_t85 =  >  ? _t81 : _t84;
						_t88 = E00C81EDE( &_v12, _t85);
						if(_t88 >= 0) {
							_t57 = GetFullPathNameW(_a8, _t85, _v12,  &_a12);
							if(_t57 != 0) {
								if(_t85 >= _t57) {
									L26:
									if(_t57 <= 0x104) {
										L28:
										_t49 = _v12;
										L30:
										_t80 =  !=  ? _t49 : _t79;
										_t88 = E00C821A5(_a4,  !=  ? _t49 : _t79, 0);
									} else {
										_t88 = E00C83593( &_v12);
										if(_t88 >= 0) {
											goto L28;
										}
									}
								} else {
									_t34 = _t57 + 7; // 0x7
									_t87 =  <  ? _t57 : _t34;
									_t88 = E00C81EDE( &_v12, _t87);
									if(_t88 >= 0) {
										_t57 = GetFullPathNameW(_a8, _t87, _v12,  &_a12);
										if(_t57 != 0) {
											if(_t87 >= _t57) {
												goto L26;
											} else {
												_t63 = 0x8007007a;
												_push(0x8007007a);
												_t88 = 0x8007007a;
												_push(0x149);
												goto L4;
											}
										} else {
											_t65 = GetLastError();
											_t91 =  <=  ? _t65 : _t65 & 0x0000ffff | 0x80070000;
											_t63 = 0x80004005;
											_t88 =  >=  ? 0x80004005 :  <=  ? _t65 : _t65 & 0x0000ffff | 0x80070000;
											_push(_t88);
											_push(0x144);
											goto L4;
										}
									}
								}
							} else {
								_t66 = GetLastError();
								_t94 =  <=  ? _t66 : _t66 & 0x0000ffff | 0x80070000;
								_t63 = 0x80004005;
								_t88 =  >=  ? 0x80004005 :  <=  ? _t66 : _t66 & 0x0000ffff | 0x80070000;
								_push(_t88);
								_push(0x139);
								goto L4;
							}
						}
					}
				} else {
					_v16 = _t84;
					_t88 = E00C81EDE( &_v8, _t84);
					if(_t88 >= 0) {
						_t69 = ExpandEnvironmentStringsW(_t79, _v8, _v16);
						if(_t69 != 0) {
							_t81 = _v16;
							if(_t81 >= _t69) {
								L11:
								if(_t69 <= 0x104) {
									L15:
									_t49 = _v8;
									goto L16;
								} else {
									_t88 =  ==  ? 0 : E00C83593( &_v8);
									if(_t88 >= 0) {
										_t88 = E00C8275D(_v8,  &_v16);
										if(_t88 >= 0) {
											_t81 = _v16;
											goto L15;
										}
									}
								}
							} else {
								_v16 = _t69;
								_t88 = E00C81EDE( &_v8, _t69);
								if(_t88 >= 0) {
									_t69 = ExpandEnvironmentStringsW(_t79, _v8, _v16);
									if(_t69 != 0) {
										_t81 = _v16;
										if(_t81 >= _t69) {
											goto L11;
										} else {
											_t63 = 0x8007007a;
											_push(0x8007007a);
											_t88 = 0x8007007a;
											_push(0x118);
											goto L4;
										}
									} else {
										_t77 = GetLastError();
										_t98 =  <=  ? _t77 : _t77 & 0x0000ffff | 0x80070000;
										_t63 = 0x80004005;
										_t88 =  >=  ? 0x80004005 :  <=  ? _t77 : _t77 & 0x0000ffff | 0x80070000;
										_push(_t88);
										_push(0x113);
										goto L4;
									}
								}
							}
						} else {
							_t78 = GetLastError();
							_t101 =  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
							_t63 = 0x80004005;
							_t88 =  >=  ? 0x80004005 :  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
							_push(_t88);
							_push(0x108);
							L4:
							_push("pathutil.cpp");
							E00C837D3(_t63);
						}
					}
				}
				if(_v12 != 0) {
					E00CC54EF(_v12);
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t88;
			}

0x00c8308a
0x00c8308d
0x00c8308f
0x00c83092
0x00c8309c
0x00c8309f
0x00c830a2
0x00c830a3
0x00c831b0
0x00c831b4
0x00c832b1
0x00c832b5
0x00000000
0x00c831ba
0x00c831ba
0x00c831c2
0x00c831ca
0x00c831cd
0x00c831d7
0x00c831db
0x00c831ec
0x00c831f4
0x00c83221
0x00c83296
0x00c8329b
0x00c832ac
0x00c832ac
0x00c832b8
0x00c832bc
0x00c832c8
0x00c8329d
0x00c832a6
0x00c832aa
0x00000000
0x00000000
0x00c832aa
0x00c83223
0x00c83228
0x00c8322b
0x00c83238
0x00c8323c
0x00c8324d
0x00c83255
0x00c83282
0x00000000
0x00c83284
0x00c83284
0x00c83289
0x00c8328a
0x00c8328c
0x00000000
0x00c8328c
0x00c83257
0x00c83257
0x00c83268
0x00c8326b
0x00c83272
0x00c83275
0x00c83276
0x00000000
0x00c83276
0x00c83255
0x00c8323c
0x00c831f6
0x00c831f6
0x00c83207
0x00c8320a
0x00c83211
0x00c83214
0x00c83215
0x00000000
0x00c83215
0x00c831f4
0x00c831db
0x00c830a9
0x00c830ad
0x00c830b6
0x00c830ba
0x00c830c7
0x00c830cf
0x00c83104
0x00c83109
0x00c8316f
0x00c83174
0x00c831ad
0x00c831ad
0x00000000
0x00c83176
0x00c83189
0x00c8318e
0x00c831a0
0x00c831a4
0x00c831aa
0x00000000
0x00c831aa
0x00c831a4
0x00c8318e
0x00c8310b
0x00c8310c
0x00c83118
0x00c8311c
0x00c83129
0x00c83131
0x00c83159
0x00c8315e
0x00000000
0x00c83160
0x00c83160
0x00c83165
0x00c83166
0x00c83168
0x00000000
0x00c83168
0x00c83133
0x00c83133
0x00c83144
0x00c83147
0x00c8314e
0x00c83151
0x00c83152
0x00000000
0x00c83152
0x00c83131
0x00c8311c
0x00c830d1
0x00c830d1
0x00c830e2
0x00c830e5
0x00c830ec
0x00c830ef
0x00c830f0
0x00c830f5
0x00c830f5
0x00c830fa
0x00c830fa
0x00c830cf
0x00c830ba
0x00c832ce
0x00c832d3
0x00c832d3
0x00c832dc
0x00c832e1
0x00c832e1
0x00c832ee

APIs

ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000040,00000000,00000000), ref: 00C830C7
GetLastError.KERNEL32 ref: 00C830D1
ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C83129
GetLastError.KERNEL32 ref: 00C83133
GetFullPathNameW.KERNEL32(00000000,00000040,00000000,00000000,00000000,00000040,00000000,00000000), ref: 00C831EC
GetLastError.KERNEL32 ref: 00C831F6
GetFullPathNameW.KERNEL32(00000000,00000007,00000000,00000000,00000000,00000007), ref: 00C8324D
GetLastError.KERNEL32 ref: 00C83257

Strings

pathutil.cpp, xrefs: 00C830F5

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$EnvironmentExpandFullNamePathStrings
String ID: pathutil.cpp
API String ID: 1547313835-741606033
Opcode ID: ee4819341bd0f353a1d802f29c1a0fe006780a7693b91d01cef7a7f639fac5c0
Instruction ID: e2cf47fc0111ec1d7195c0cdbf7daaad444b0eabe5a8cdb066f8cdc7d8951994
Opcode Fuzzy Hash: ee4819341bd0f353a1d802f29c1a0fe006780a7693b91d01cef7a7f639fac5c0
Instruction Fuzzy Hash: 21610232E00269BBEF20AAB9CC49BAE7AE8EF44B55F014165FD05E7150E734CF409B94

Uniqueness

Uniqueness Score: -1.00%

Function 00C84690, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 128
windowthreadCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00C84690(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				struct tagMSG _v36;
				void* __ebx;
				long _t29;
				intOrPtr* _t34;
				int _t37;
				intOrPtr* _t40;
				void* _t41;
				void* _t57;
				signed int _t58;
				intOrPtr* _t65;
				void* _t68;
				intOrPtr _t71;
				int _t72;
				int _t73;
				void* _t77;

				_t77 = __eflags;
				_t68 = __edx;
				_t58 = 7;
				memset( &_v36, 0, _t58 << 2);
				_v8 = 0;
				PeekMessageW( &_v36, 0, 0x400, 0x400, 0);
				_t29 = GetCurrentThreadId();
				_t71 = _a4;
				_t72 = E00C9FC51( &_v8, _t68, _t77, _t71, _t29,  &_v8);
				if(_t72 >= 0) {
					_t72 = E00C8D5C0(_t71 + 0xb8, _v8, _t71 + 0x1c);
					__eflags = _t72;
					if(_t72 >= 0) {
						_t34 =  *((intOrPtr*)(_t71 + 0xc8));
						_t73 =  *((intOrPtr*)( *_t34 + 0xc))(_t34);
						__eflags = _t73;
						if(_t73 >= 0) {
							_push(0);
							_push(0);
							_push(0);
							_t57 = GetMessageW;
							while(1) {
								_t37 = GetMessageW( &_v36, ??, ??, ??);
								__eflags = _t37;
								if(_t37 == 0) {
									break;
								}
								__eflags = _t37 - 0xffffffff;
								if(_t37 == 0xffffffff) {
									_t73 = 0x8000ffff;
									E00C837D3(_t37, "engine.cpp", 0x2cd, 0x8000ffff);
									_push("Unexpected return value from message pump.");
									goto L7;
								} else {
									E00C843CD(_t57, _t71,  &_v36);
									__eflags = 0;
									_push(0);
									_push(0);
									_push(0);
									continue;
								}
								goto L13;
							}
							 *((intOrPtr*)(_t71 + 0xf8)) = _v36.wParam;
						} else {
							_push("Failed to start bootstrapper application.");
							L7:
							_push(_t73);
							E00CC012F();
						}
						L13:
						_t40 =  *((intOrPtr*)(_t71 + 0xc8));
						_t41 =  *((intOrPtr*)( *_t40 + 0x10))(_t40);
						__eflags = _t41 - 0x66;
						if(_t41 != 0x66) {
							__eflags = _t41 - 0x68;
							if(_t41 == 0x68) {
								_push(0x20000006);
								_push(2);
								E00C8550F();
								 *_a8 = 1;
								goto L18;
							}
						} else {
							E00C8550F(2, 0x20000004, E00C93C30( *((intOrPtr*)(_t71 + 0x18))));
							 *((intOrPtr*)(_t71 + 0x18)) = 1;
						}
					} else {
						_push("Failed to load UX.");
						goto L2;
					}
				} else {
					_push("Failed to create engine for UX.");
					L2:
					_push(_t72);
					E00CC012F();
					L18:
				}
				E00C8D7CF(_t71 + 0xb8);
				_t65 = _v8;
				if(_t65 != 0) {
					 *((intOrPtr*)( *_t65 + 8))(_t65);
				}
				return _t73;
			}

0x00c84690
0x00c84690
0x00c8469b
0x00c846a4
0x00c846ab
0x00c846b5
0x00c846bb
0x00c846c1
0x00c846cf
0x00c846d3
0x00c846f8
0x00c846fa
0x00c846fc
0x00c84705
0x00c84711
0x00c84713
0x00c84715
0x00c84726
0x00c84727
0x00c84728
0x00c84729
0x00c84745
0x00c84749
0x00c8474b
0x00c8474d
0x00000000
0x00000000
0x00c84731
0x00c84734
0x00c8478a
0x00c8479a
0x00c8479f
0x00000000
0x00c84736
0x00c8473b
0x00c84740
0x00c84742
0x00c84743
0x00c84744
0x00000000
0x00c84744
0x00000000
0x00c84734
0x00c84752
0x00c84717
0x00c84717
0x00c8471c
0x00c8471c
0x00c8471d
0x00c84723
0x00c84758
0x00c84758
0x00c84761
0x00c84764
0x00c84767
0x00c847a9
0x00c847ac
0x00c847ae
0x00c847b3
0x00c847b5
0x00c847bd
0x00000000
0x00c847bd
0x00c84769
0x00c84779
0x00c84781
0x00c84781
0x00c846fe
0x00c846fe
0x00000000
0x00c846fe
0x00c846d5
0x00c846d5
0x00c846da
0x00c846da
0x00c846db
0x00c847c3
0x00c847c4
0x00c847cc
0x00c847d1
0x00c847d6
0x00c847db
0x00c847db
0x00c847e6

APIs

PeekMessageW.USER32 ref: 00C846B5
GetCurrentThreadId.KERNEL32 ref: 00C846BB

Part of subcall function 00C9FC51: new.LIBCMT ref: 00C9FC58

GetMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C84749

Strings

wininet.dll, xrefs: 00C846E8
Unexpected return value from message pump., xrefs: 00C8479F
Failed to create engine for UX., xrefs: 00C846D5
engine.cpp, xrefs: 00C84795
Failed to load UX., xrefs: 00C846FE
Failed to start bootstrapper application., xrefs: 00C84717

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Message$CurrentPeekThread
String ID: Failed to create engine for UX.$Failed to load UX.$Failed to start bootstrapper application.$Unexpected return value from message pump.$engine.cpp$wininet.dll
API String ID: 673430819-2573580774
Opcode ID: 95808d41a69c076152036a5e5854fc8468c5a99fc81836dfbbaef1e12f3e9fd3
Instruction ID: 5292f9293a72af1f01e0c355c4212bdd23bf1a8dbc774e9e598e434557ef9c6d
Opcode Fuzzy Hash: 95808d41a69c076152036a5e5854fc8468c5a99fc81836dfbbaef1e12f3e9fd3
Instruction Fuzzy Hash: 7341B571600216BFEB19ABA4CC85FBEB7ACEF05318F110129F915E7150EB34ED4597A8

Uniqueness

Uniqueness Score: -1.00%

Function 00C81174, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 53
libraryloadermemoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00C81174(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				long _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t18;
				intOrPtr _t21;
				void* _t22;
				signed int _t23;

				_t23 = 0;
				_v8 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, _t18, _t22, _t14, __ecx);
				_t15 = GetModuleHandleW(L"kernel32");
				_t9 = GetProcAddress(_t15, "SetDefaultDllDirectories");
				if(_t9 == 0) {
					L3:
					_t10 = GetProcAddress(_t15, "SetDllDirectoryW");
					if(_t10 == 0) {
						L5:
						_t11 = GetLastError();
					} else {
						_t11 =  *_t10(0xccb524);
						if(_t11 == 0) {
							goto L5;
						}
					}
					if(_a8 > _t23) {
						_t21 = _a4;
						do {
							_t11 = E00C837D6( *((intOrPtr*)(_t21 + _t23 * 4)),  &_v8);
							_t23 = _t23 + 1;
						} while (_t23 < _a8);
					}
				} else {
					_t11 =  *_t9(0x800);
					if(_t11 == 0) {
						GetLastError();
						goto L3;
					}
				}
				return _t11;
			}

0x00c8117b
0x00c81182
0x00c81185
0x00c81196
0x00c8119e
0x00c811ac
0x00c811bb
0x00c811c1
0x00c811c9
0x00c811d6
0x00c811d6
0x00c811cb
0x00c811d0
0x00c811d4
0x00000000
0x00000000
0x00c811d4
0x00c811db
0x00c811dd
0x00c811e0
0x00c811e7
0x00c811ec
0x00c811ed
0x00c811e0
0x00c811ae
0x00c811b3
0x00c811b7
0x00c811b9
0x00000000
0x00c811b9
0x00c811b7
0x00c811f8

APIs

HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C81185
GetModuleHandleW.KERNEL32(kernel32,?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C81190
GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00C8119E
GetLastError.KERNEL32(?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C811B9
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00C811C1
GetLastError.KERNEL32(?,?,?,?,00C8111A,cabinet.dll,00000009,?,?,00000000), ref: 00C811D6

Strings

kernel32, xrefs: 00C8118B
SetDefaultDllDirectories, xrefs: 00C81198
SetDllDirectoryW, xrefs: 00C811BB

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AddressErrorLastProc$HandleHeapInformationModule
String ID: SetDefaultDllDirectories$SetDllDirectoryW$kernel32
API String ID: 3104334766-1824683568
Opcode ID: 3770576c37c52532ad7fe712e359d44280f16421e6661695ca31f0053c2e779e
Instruction ID: 40ef6bce136737706dc60a7c131d59eec70ddd84ea101cbdc745901d1cbad2ea
Opcode Fuzzy Hash: 3770576c37c52532ad7fe712e359d44280f16421e6661695ca31f0053c2e779e
Instruction Fuzzy Hash: FB015EB1640255BA9A207BE6DC0AF6F7BACFF40796F048025FE6592140DB70DE028BB5

Uniqueness

Uniqueness Score: -1.00%

Function 00C9F3E6, Relevance: 15.2, APIs: 2, Strings: 8, Instructions: 155
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00C9F3E6(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20, intOrPtr* _a24) {
				char _v8;
				char _v12;
				intOrPtr* _t41;
				intOrPtr* _t46;
				intOrPtr* _t49;
				intOrPtr _t57;
				intOrPtr _t60;
				intOrPtr* _t71;
				intOrPtr* _t72;
				signed int* _t75;
				void* _t77;

				_t62 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t60 = _a4;
				_v12 = 0;
				_v8 = 0;
				EnterCriticalSection( *(_t60 + 0xc));
				_t77 = E00C8D459( *(_t60 + 0xc) + 0xb8);
				if(_t77 >= 0) {
					_t71 = _a12;
					if(_t71 == 0 ||  *_t71 == 0) {
						_t72 = _a8;
						if(_t72 == 0 ||  *_t72 == 0) {
							_t77 = 0x80070057;
							_push("UX did not provide container or payload id.");
							goto L34;
						} else {
							_t77 = E00C8C0A9(_t62,  *(_t60 + 0xc) + 0x2a8, _t72,  &_v12);
							if(_t77 >= 0) {
								_t75 = _v12 + 0x2c;
								goto L15;
							}
							_push(_t72);
							_push("UX requested unknown container with id: %ls");
							goto L13;
						}
					} else {
						_t77 = E00C8CC57(_t62,  *(_t60 + 0xc) + 0x2b8, _t71,  &_v8);
						if(_t77 >= 0) {
							_t57 = _v8;
							if( *((intOrPtr*)(_t57 + 4)) != 2) {
								_t75 = _t57 + 0x40;
								L15:
								_t41 = _a16;
								if(_t41 == 0 ||  *_t41 == 0) {
									if( *_t75 != 0) {
										E00CC54EF( *_t75);
										 *_t75 =  *_t75 & 0x00000000;
									}
									goto L29;
								} else {
									_t77 = E00C821A5(_t75, _t41, 0);
									if(_t77 >= 0) {
										_t46 = _a20;
										if(_t46 == 0 ||  *_t46 == 0) {
											L29:
											if(_t75[1] != 0) {
												E00CC54EF(_t75[1]);
												_t75[1] = _t75[1] & 0x00000000;
											}
											goto L31;
										} else {
											_t77 = E00C821A5( &(_t75[1]), _t46, 0);
											if(_t77 >= 0) {
												_t49 = _a24;
												if(_t49 == 0 ||  *_t49 == 0) {
													L31:
													if(_t75[2] != 0) {
														E00CC54EF(_t75[2]);
														_t75[2] = _t75[2] & 0x00000000;
													}
												} else {
													_t77 = E00C821A5( &(_t75[2]), _t49, 0);
													if(_t77 >= 0) {
														goto L35;
													}
													_push("Failed to set download password.");
													L34:
													_push(_t77);
													E00CC012F();
												}
												goto L35;
											}
											_push("Failed to set download user.");
											goto L34;
										}
									}
									_push("Failed to set download URL.");
									goto L34;
								}
							}
							_push(_t71);
							_t77 = 0x800710dd;
							_push("UX denied while trying to set download URL on embedded payload: %ls");
							goto L13;
						} else {
							_push(_t71);
							_push("UX requested unknown payload with id: %ls");
							L13:
							_push(_t77);
							E00CC012F();
							L35:
							goto L36;
						}
					}
				} else {
					_push("Engine is active, cannot change engine state.");
					_push(_t77);
					E00CC012F();
					L36:
					LeaveCriticalSection( *(_t60 + 0xc));
					return _t77;
				}
			}

0x00c9f3e6
0x00c9f3e9
0x00c9f3ea
0x00c9f3ec
0x00c9f3f2
0x00c9f3f5
0x00c9f3fb
0x00c9f40f
0x00c9f413
0x00c9f428
0x00c9f42f
0x00c9f472
0x00c9f477
0x00c9f560
0x00c9f565
0x00000000
0x00c9f486
0x00c9f499
0x00c9f49d
0x00c9f4b6
0x00000000
0x00c9f4b6
0x00c9f49f
0x00c9f4a0
0x00000000
0x00c9f4a0
0x00c9f436
0x00c9f449
0x00c9f44d
0x00c9f457
0x00c9f45e
0x00c9f46d
0x00c9f4b9
0x00c9f4b9
0x00c9f4be
0x00c9f52e
0x00c9f532
0x00c9f537
0x00c9f537
0x00000000
0x00c9f4c7
0x00c9f4cf
0x00c9f4d3
0x00c9f4df
0x00c9f4e4
0x00c9f53a
0x00c9f53e
0x00c9f543
0x00c9f548
0x00c9f548
0x00000000
0x00c9f4ed
0x00c9f4f8
0x00c9f4fc
0x00c9f505
0x00c9f50a
0x00c9f54c
0x00c9f550
0x00c9f555
0x00c9f55a
0x00c9f55a
0x00c9f513
0x00c9f51e
0x00c9f522
0x00000000
0x00000000
0x00c9f524
0x00c9f56a
0x00c9f56a
0x00c9f56b
0x00c9f571
0x00000000
0x00c9f50a
0x00c9f4fe
0x00000000
0x00c9f4fe
0x00c9f4e4
0x00c9f4d5
0x00000000
0x00c9f4d5
0x00c9f4be
0x00c9f460
0x00c9f461
0x00c9f466
0x00000000
0x00c9f44f
0x00c9f44f
0x00c9f450
0x00c9f4a5
0x00c9f4a5
0x00c9f4a6
0x00c9f572
0x00000000
0x00c9f572
0x00c9f44d
0x00c9f415
0x00c9f415
0x00c9f41a
0x00c9f41b
0x00c9f573
0x00c9f576
0x00c9f583
0x00c9f583

APIs

EnterCriticalSection.KERNEL32(?), ref: 00C9F3FB
LeaveCriticalSection.KERNEL32(?), ref: 00C9F576

Strings

Engine is active, cannot change engine state., xrefs: 00C9F415
UX requested unknown container with id: %ls, xrefs: 00C9F4A0
Failed to set download URL., xrefs: 00C9F4D5
UX did not provide container or payload id., xrefs: 00C9F565
Failed to set download user., xrefs: 00C9F4FE
UX denied while trying to set download URL on embedded payload: %ls, xrefs: 00C9F466
UX requested unknown payload with id: %ls, xrefs: 00C9F450
Failed to set download password., xrefs: 00C9F524

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Engine is active, cannot change engine state.$Failed to set download URL.$Failed to set download password.$Failed to set download user.$UX denied while trying to set download URL on embedded payload: %ls$UX did not provide container or payload id.$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
API String ID: 3168844106-2615595102
Opcode ID: 2798a0da5df9af5471b65f5c143808129ae751f99c3f6147c77e4e820884b9fe
Instruction ID: cd8c005bec0139dac3da8caabe151ae1e170fe4f47f254720d6806c08e5a579f
Opcode Fuzzy Hash: 2798a0da5df9af5471b65f5c143808129ae751f99c3f6147c77e4e820884b9fe
Instruction Fuzzy Hash: 1141B372A00611EBDF11AE65C80DE6EB768EF40720F16813EF915E7240DB74EE42DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00C99080, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00C99080(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v28;
				signed int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t40;
				intOrPtr _t44;
				signed short _t57;
				void* _t64;
				void* _t71;
				void* _t72;
				signed int _t73;
				intOrPtr _t79;
				char* _t80;
				void* _t82;
				signed int _t87;
				void* _t88;

				_t40 =  *0xcea008; // 0x4c290ae8
				_v8 = _t40 ^ _t87;
				_t79 = _a8;
				_t80 =  &_v28;
				_v36 = 0x14;
				asm("stosd");
				_v32 = 0;
				_t72 = 0x80070490;
				_v40 = 0;
				_t73 = 0;
				_v48 = _t79;
				asm("stosd");
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t44 =  *((intOrPtr*)( *((intOrPtr*)(_t79 + 0x10))));
				if( *((intOrPtr*)(_t44 + 0xc)) <= 0) {
					L12:
					_t82 = _t72;
					if(_t72 >= 0) {
						L15:
						_t45 = _v32;
						if(_v32 != 0) {
							E00C83999(_t45);
						}
						return E00CADE36(_t72, _v8 ^ _t87, _t79, _t80, _t82);
					}
					_push("Failed to find expected public key in certificate chain.");
					_push(_t72);
					L14:
					E00CC012F();
					goto L15;
				}
				_t80 = _a4;
				while(1) {
					_t83 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t73 * 4)) + 4));
					_push( &_v36);
					_push( &_v28);
					_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x10)) + _t73 * 4)) + 4)) + 0xc)) + 0x38);
					_push(1);
					_push(0);
					_push(0x8004);
					_push(0);
					if( *0xcea93c() == 0) {
						break;
					}
					_t60 = _v36;
					if( *((intOrPtr*)(_t80 + 0x24)) != _v36) {
						L11:
						_t73 = _v44 + 1;
						_v44 = _t73;
						_t44 =  *((intOrPtr*)( *((intOrPtr*)(_v48 + 0x10))));
						if(_t73 <  *((intOrPtr*)(_t44 + 0xc))) {
							continue;
						}
						goto L12;
					}
					_t64 = E00CAF919( *((intOrPtr*)(_t80 + 0x20)),  &_v28, _t60);
					_t88 = _t88 + 0xc;
					if(_t64 != 0) {
						goto L11;
					}
					if( *((intOrPtr*)(_t80 + 0x28)) == _t64) {
						_t72 = 0;
						goto L12;
					}
					_t82 = E00CC5587(_t73, _t83, 3,  &_v32,  &_v40);
					if(_t82 < 0) {
						_push("Failed to read certificate thumbprint.");
						L20:
						_push(_t82);
						goto L14;
					}
					_t68 = _v40;
					if( *((intOrPtr*)(_t80 + 0x2c)) != _v40) {
						L9:
						_t69 = _v32;
						if(_v32 != 0) {
							E00C83999(_t69);
							_v32 = _v32 & 0x00000000;
						}
						goto L11;
					}
					_t71 = E00CAF919( *((intOrPtr*)(_t80 + 0x28)), _v32, _t68);
					_t88 = _t88 + 0xc;
					if(_t71 == 0) {
						_t82 = 0;
						goto L15;
					}
					goto L9;
				}
				_t57 = GetLastError();
				_t86 =  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
				_t82 =  >=  ? 0x80004005 :  <=  ? _t57 : _t57 & 0x0000ffff | 0x80070000;
				E00C837D3(0x80004005, "cache.cpp", 0x7c4, _t82);
				_push("Failed to get certificate public key identifier.");
				goto L20;
			}

0x00c99086
0x00c9908d
0x00c99090
0x00c99098
0x00c9909b
0x00c990a2
0x00c990a5
0x00c990a8
0x00c990ad
0x00c990b0
0x00c990b2
0x00c990b5
0x00c990b6
0x00c990b9
0x00c990ba
0x00c990bb
0x00c990bf
0x00c990c4
0x00c9917d
0x00c9917d
0x00c99181
0x00c99190
0x00c99190
0x00c99195
0x00c99198
0x00c99198
0x00c991af
0x00c991af
0x00c99183
0x00c99188
0x00c99189
0x00c99189
0x00000000
0x00c9918f
0x00c990ca
0x00c990cd
0x00c990d3
0x00c990d9
0x00c990dd
0x00c990e4
0x00c990e5
0x00c990e7
0x00c990e9
0x00c990ee
0x00c990f8
0x00000000
0x00000000
0x00c990fe
0x00c99104
0x00c99165
0x00c9916b
0x00c9916c
0x00c99172
0x00c99177
0x00000000
0x00000000
0x00000000
0x00c99177
0x00c9910e
0x00c99113
0x00c99118
0x00000000
0x00000000
0x00c9911d
0x00c991be
0x00000000
0x00c991be
0x00c99133
0x00c99137
0x00c991b6
0x00c991bb
0x00c991bb
0x00000000
0x00c991bb
0x00c99139
0x00c9913f
0x00c99154
0x00c99154
0x00c99159
0x00c9915c
0x00c99161
0x00c99161
0x00000000
0x00c99159
0x00c99148
0x00c9914d
0x00c99152
0x00c991b2
0x00000000
0x00c991b2
0x00000000
0x00c99152
0x00c991c2
0x00c991d3
0x00c991dd
0x00c991eb
0x00c991f0
0x00000000

APIs

_memcmp.LIBVCRUNTIME ref: 00C9910E

Part of subcall function 00CC5587: GetLastError.KERNEL32(?,?,00C99133,?,00000003,00000000,?), ref: 00CC55A6

_memcmp.LIBVCRUNTIME ref: 00C99148
GetLastError.KERNEL32 ref: 00C991C2

Strings

Failed to find expected public key in certificate chain., xrefs: 00C99183
Failed to read certificate thumbprint., xrefs: 00C991B6
cache.cpp, xrefs: 00C991E6
)L, xrefs: 00C99086
Failed to get certificate public key identifier., xrefs: 00C991F0

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast_memcmp
String ID: Failed to find expected public key in certificate chain.$Failed to get certificate public key identifier.$Failed to read certificate thumbprint.$cache.cpp$)L
API String ID: 3428363238-4107823300
Opcode ID: 984ad82a99ab9333dd9372f369cf0a96526d4fcc79494b684254751c0dc343b4
Instruction ID: fdf6d6a2dc40dbe95cc01b30e4a58aac5ee3d48f88da07e2b3b8ec4e4b0a53e2
Opcode Fuzzy Hash: 984ad82a99ab9333dd9372f369cf0a96526d4fcc79494b684254751c0dc343b4
Instruction Fuzzy Hash: C0415E71E00216AFDB10DBA9D889EAEB7F9FB08710F00412AF915E7251E774ED40CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C8F2DC, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 109
stringCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E00C8F2DC(void* __ebx, intOrPtr _a4, void* _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t49;
				intOrPtr* _t52;
				char _t54;
				intOrPtr* _t58;
				char _t59;

				_t58 = _a8;
				_t59 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				if( *((intOrPtr*)(_t58 + 4)) <= 0) {
					L22:
					return _t59;
				}
				_t54 = 0;
				_a8 = 0;
				while(1) {
					_t52 =  *_t58 + _t54;
					_t59 = E00C871CF(_a4,  *((intOrPtr*)(_t52 + 8)),  &_v16, 0);
					if(_t59 < 0) {
						break;
					}
					_t59 = E00C82D79(_t54, _v16, L"swidtag",  &_v8);
					if(_t59 < 0) {
						_push("Failed to allocate regid folder path.");
						L15:
						_push(_t59);
						E00CC012F();
						L16:
						if(_v12 != 0) {
							E00CC54EF(_v12);
						}
						if(_v8 != 0) {
							E00CC54EF(_v8);
						}
						if(_v16 != 0) {
							E00CC54EF(_v16);
						}
						goto L22;
					}
					_t59 = E00C82D79(_t54, _v8,  *_t52,  &_v12);
					if(_t59 < 0) {
						_push("Failed to allocate regid file path.");
						goto L15;
					}
					_t59 = E00C84013(_v8, 0);
					if(_t59 < 0) {
						_push(_v8);
						_push("Failed to create regid folder: %ls");
						L11:
						_push(_t59);
						E00CC012F();
						goto L16;
					}
					_t59 = E00CC4C67(_t54, _v12, 0x80,  *(_t52 + 0xc), lstrlenA( *(_t52 + 0xc)), 0);
					if(_t59 < 0) {
						_push(_v12);
						_push("Failed to write tag xml to file: %ls");
						goto L11;
					}
					_t49 = _v20 + 1;
					_t54 = _a8 + 0x10;
					_v20 = _t49;
					_t22 = _t58 + 4; // 0x8680a79
					_push(0);
					_a8 = _t54;
					_pop(0);
					if(_t49 <  *_t22) {
						continue;
					}
					goto L16;
				}
				_push("Failed to format tag folder path.");
				goto L15;
			}

0x00c8f2e6
0x00c8f2e9
0x00c8f2eb
0x00c8f2ee
0x00c8f2f1
0x00c8f2f4
0x00c8f2fa
0x00c8f407
0x00c8f40d
0x00c8f40d
0x00c8f300
0x00c8f302
0x00c8f306
0x00c8f309
0x00c8f31a
0x00c8f31e
0x00000000
0x00000000
0x00c8f335
0x00c8f339
0x00c8f3c7
0x00c8f3d3
0x00c8f3d3
0x00c8f3d4
0x00c8f3db
0x00c8f3e0
0x00c8f3e5
0x00c8f3e5
0x00c8f3ee
0x00c8f3f3
0x00c8f3f3
0x00c8f3fc
0x00c8f401
0x00c8f401
0x00000000
0x00c8f3fc
0x00c8f34d
0x00c8f351
0x00c8f3c0
0x00000000
0x00c8f3c0
0x00c8f35d
0x00c8f361
0x00c8f3ad
0x00c8f3b0
0x00c8f3b5
0x00c8f3b5
0x00c8f3b6
0x00000000
0x00c8f3bb
0x00c8f37f
0x00c8f383
0x00c8f3a3
0x00c8f3a6
0x00000000
0x00c8f3a6
0x00c8f38b
0x00c8f38c
0x00c8f38f
0x00c8f392
0x00c8f395
0x00c8f397
0x00c8f39a
0x00c8f39b
0x00000000
0x00000000
0x00000000
0x00c8f3a1
0x00c8f3ce
0x00000000

APIs

_MREFOpen@16.MSPDB140-MSVCRT ref: 00C8F315

Part of subcall function 00C84013: CreateDirectoryW.KERNELBASE(00C8533D,00C853B5,00000000,00000000,?,00C99EE4,00000000,00000000,00C8533D,00000000,00C852B5,00000000,?,?,00C8D4AC,00C8533D), ref: 00C84021
Part of subcall function 00C84013: GetLastError.KERNEL32(?,00C99EE4,00000000,00000000,00C8533D,00000000,00C852B5,00000000,?,?,00C8D4AC,00C8533D,00000000,00000000), ref: 00C8402F

lstrlenA.KERNEL32(00CCB4F0,00000000,00000094,00000000,00000094,?,?,00C90328,swidtag,00000094,?,00CCB508,00C90328,00000000,?,00000000), ref: 00C8F368

Part of subcall function 00CC4C67: CreateFileW.KERNEL32(00CCB4F0,40000000,00000001,00000000,00000002,00000080,00000000,00C90328,00000000,?,00C8F37F,?,00000080,00CCB4F0,00000000), ref: 00CC4C7F
Part of subcall function 00CC4C67: GetLastError.KERNEL32(?,00C8F37F,?,00000080,00CCB4F0,00000000,?,00C90328,?,00000094,?,?,?,?,?,00000000), ref: 00CC4C8C

Strings

Failed to write tag xml to file: %ls, xrefs: 00C8F3A6
Failed to allocate regid file path., xrefs: 00C8F3C0
Failed to format tag folder path., xrefs: 00C8F3CE
Failed to allocate regid folder path., xrefs: 00C8F3C7
Failed to create regid folder: %ls, xrefs: 00C8F3B0
swidtag, xrefs: 00C8F328

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CreateErrorLast$DirectoryFileOpen@16lstrlen
String ID: Failed to allocate regid file path.$Failed to allocate regid folder path.$Failed to create regid folder: %ls$Failed to format tag folder path.$Failed to write tag xml to file: %ls$swidtag
API String ID: 904508749-1201533908
Opcode ID: b7d4ff824eda61391174d655230f78c86f15d67d999cb7dee07213ad0c06196a
Instruction ID: b323635ad14bc67f1809825a560942d37b164c396388aa7b03bd02bc7570ffec
Opcode Fuzzy Hash: b7d4ff824eda61391174d655230f78c86f15d67d999cb7dee07213ad0c06196a
Instruction Fuzzy Hash: 99318E32D00629FFCB11BF94DC41F9DBBB5AF04714F14817AEA10AA260E7719E91AB94

Uniqueness

Uniqueness Score: -1.00%

Function 00C951E9, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 90
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E00C951E9(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				intOrPtr _t45;
				void* _t48;

				_t39 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t48 = E00CBF7B2( &_v12,  &_v8, _a8);
				if(_t48 >= 0) {
					_t48 = E00CBF7B2( &_v12,  &_v8, _a12);
					if(_t48 >= 0) {
						_t45 = _a4;
						if( *((intOrPtr*)(_t45 + 0x14)) == 0xffffffff) {
							L8:
							_t48 = E00C94880(_t39,  *((intOrPtr*)(_t45 + 0x10)), 0xf0000003, _v12, _v8);
							if(_t48 >= 0) {
								if( *(_t45 + 0xc) != 0 && WaitForSingleObject( *(_t45 + 0xc), 0x2bf20) == 0xffffffff) {
									_t52 =  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
									_t48 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t30 & 0x0000ffff | 0x80070000;
									E00C837D3(0x80004005, "pipe.cpp", 0x242, _t48);
									_push("Failed to wait for child process exit.");
									goto L13;
								}
							} else {
								_push("Failed to post terminate message to child process.");
								goto L13;
							}
						} else {
							_t48 = E00C94880(_t39,  *((intOrPtr*)(_t45 + 0x14)), 0xf0000003, _v12, _v8);
							if(_t48 >= 0) {
								goto L8;
							} else {
								_push("Failed to post terminate message to child process cache thread.");
								L13:
								_push(_t48);
								E00CC012F();
							}
						}
					} else {
						_push("Failed to write restart to message buffer.");
						goto L2;
					}
				} else {
					_push("Failed to write exit code to message buffer.");
					L2:
					_push(_t48);
					E00CC012F();
				}
				return _t48;
			}

0x00c951e9
0x00c951ec
0x00c951ed
0x00c951ee
0x00c951f5
0x00c95207
0x00c9520b
0x00c9522f
0x00c95233
0x00c9523e
0x00c9524a
0x00c95268
0x00c95277
0x00c9527b
0x00c95288
0x00c952ae
0x00c952b8
0x00c952c6
0x00c952cb
0x00000000
0x00c952cb
0x00c9527d
0x00c9527d
0x00000000
0x00c9527d
0x00c9524c
0x00c9525b
0x00c9525f
0x00000000
0x00c95261
0x00c95261
0x00c952d0
0x00c952d0
0x00c952d1
0x00c952d7
0x00c9525f
0x00c95235
0x00c95235
0x00000000
0x00c95235
0x00c9520d
0x00c9520d
0x00c95212
0x00c95212
0x00c95213
0x00c95219
0x00c952e0

APIs

WaitForSingleObject.KERNEL32(?,0002BF20,?,F0000003,00000000,00000000,?,00000000,00000000,00000000,00C85386,00000000,00000000,?,00000000), ref: 00C95292
GetLastError.KERNEL32(?,?,?,00C84B5B,?,?,00000000,?,?,?,?,?,?,00CCB490,?,?), ref: 00C9529D

Strings

Failed to post terminate message to child process cache thread., xrefs: 00C95261
pipe.cpp, xrefs: 00C952C1
Failed to write restart to message buffer., xrefs: 00C95235
Failed to post terminate message to child process., xrefs: 00C9527D
Failed to wait for child process exit., xrefs: 00C952CB
Failed to write exit code to message buffer., xrefs: 00C9520D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: Failed to post terminate message to child process cache thread.$Failed to post terminate message to child process.$Failed to wait for child process exit.$Failed to write exit code to message buffer.$Failed to write restart to message buffer.$pipe.cpp
API String ID: 1211598281-2161881128
Opcode ID: 2a3332f1aa48b9c50dc8c3ef0fe87e2972be0f040ccb3c20c7140504edbab540
Instruction ID: f7d6ee9d6583c9048555e9233c87bc9bb2383a87c44b74ba07f57aa5f0f825a1
Opcode Fuzzy Hash: 2a3332f1aa48b9c50dc8c3ef0fe87e2972be0f040ccb3c20c7140504edbab540
Instruction Fuzzy Hash: BE21A532941A29BBDF175794DC09F9EB7A8EB00721F210266FA10B6291D7319E50A7E4

Uniqueness

Uniqueness Score: -1.00%

Function 00CBA059, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 216
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 71%

			E00CBA059(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				void* _t80;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				int _t97;
				void* _t98;
				short* _t100;
				int _t102;
				void* _t103;
				signed int _t105;
				short* _t106;
				void* _t109;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0xcea008; // 0x4c290ae8
				_v8 = _t49 ^ _t105;
				_t102 = _a20;
				if(_t102 > 0) {
					_t78 = E00CBC675(_a16, _t102);
					_t109 = _t78 - _t102;
					_t4 = _t78 + 1; // 0x1
					_t102 = _t4;
					if(_t109 >= 0) {
						_t102 = _t78;
					}
				}
				_t97 = _a32;
				if(_t97 == 0) {
					_t97 =  *( *_a4 + 8);
					_a32 = _t97;
				}
				_t54 = MultiByteToWideChar(_t97, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t102, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					_pop(_t98);
					_pop(_t103);
					_pop(_t80);
					return E00CADE36(_t80, _v8 ^ _t105, _t95, _t98, _t103);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t104 = 0;
							L37:
							E00CB91C7(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t97, 1, _a16, _t102, _t81, _v12);
						_t120 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t99 = _v12;
						_t60 = E00CB8969(_t81, _t85, _v12, _t120, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t104 = _t60;
						if(_t104 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t95 = _t104 + _t104;
							_t87 = _t95 + 8;
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t100 = 0;
								__eflags = 0;
								L30:
								__eflags = _t100;
								if(__eflags == 0) {
									L35:
									E00CB91C7(_t100);
									goto L36;
								}
								_t62 = E00CB8969(_t81, _t87, _t100, __eflags, _a8, _a12, _t81, _v12, _t100, _t104, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t104 = WideCharToMultiByte(_a32, 0, _t100, _t104, ??, ??, ??, ??);
								__eflags = _t104;
								if(_t104 != 0) {
									E00CB91C7(_t100);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t95 + 8;
							__eflags = _t95 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t95 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t95 - _t87;
								asm("sbb eax, eax");
								_t100 = E00CB5154(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t100;
								if(_t100 == 0) {
									goto L35;
								}
								 *_t100 = 0xdddd;
								L28:
								_t100 =  &(_t100[4]);
								goto L30;
							}
							__eflags = _t95 - _t87;
							asm("sbb eax, eax");
							E00CC9DF0();
							_t100 = _t106;
							__eflags = _t100;
							if(_t100 == 0) {
								goto L35;
							}
							 *_t100 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t124 = _t104 - _t70;
						if(_t104 > _t70) {
							goto L36;
						}
						_t71 = E00CB8969(_t81, 0, _t99, _t124, _a8, _a12, _t81, _t99, _a24, _t70, 0, 0, 0);
						_t104 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E00CB5154(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00CC9DF0();
					_t81 = _t106;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}

0x00cba05e
0x00cba05f
0x00cba060
0x00cba067
0x00cba06c
0x00cba072
0x00cba078
0x00cba07e
0x00cba081
0x00cba081
0x00cba084
0x00cba086
0x00cba086
0x00cba084
0x00cba088
0x00cba08d
0x00cba094
0x00cba097
0x00cba097
0x00cba0b3
0x00cba0b9
0x00cba0be
0x00cba251
0x00cba254
0x00cba255
0x00cba256
0x00cba264
0x00cba0c4
0x00cba0c4
0x00cba0c7
0x00cba0cc
0x00cba0d0
0x00cba124
0x00cba124
0x00cba126
0x00cba128
0x00cba246
0x00cba246
0x00cba248
0x00cba249
0x00000000
0x00cba24f
0x00cba139
0x00cba13f
0x00cba141
0x00000000
0x00000000
0x00cba147
0x00cba159
0x00cba15e
0x00cba162
0x00000000
0x00000000
0x00cba16f
0x00cba1a9
0x00cba1ac
0x00cba1af
0x00cba1b1
0x00cba1b3
0x00cba1b5
0x00cba201
0x00cba201
0x00cba203
0x00cba203
0x00cba205
0x00cba23f
0x00cba240
0x00000000
0x00cba245
0x00cba219
0x00cba21e
0x00cba220
0x00000000
0x00000000
0x00cba224
0x00cba225
0x00cba226
0x00cba229
0x00cba265
0x00cba268
0x00cba22b
0x00cba22b
0x00cba22c
0x00cba22c
0x00cba239
0x00cba23b
0x00cba23d
0x00cba26e
0x00000000
0x00000000
0x00000000
0x00000000
0x00cba23d
0x00cba1b7
0x00cba1ba
0x00cba1bc
0x00cba1be
0x00cba1c0
0x00cba1c3
0x00cba1c8
0x00cba1e3
0x00cba1e5
0x00cba1ef
0x00cba1f1
0x00cba1f2
0x00cba1f4
0x00000000
0x00000000
0x00cba1f6
0x00cba1fc
0x00cba1fc
0x00000000
0x00cba1fc
0x00cba1ca
0x00cba1cc
0x00cba1d0
0x00cba1d5
0x00cba1d7
0x00cba1d9
0x00000000
0x00000000
0x00cba1db
0x00000000
0x00cba1db
0x00cba171
0x00cba176
0x00000000
0x00000000
0x00cba17c
0x00cba17e
0x00000000
0x00000000
0x00cba195
0x00cba19a
0x00cba19e
0x00000000
0x00000000
0x00000000
0x00cba1a4
0x00cba0d7
0x00cba0d9
0x00cba0db
0x00cba0e3
0x00cba102
0x00cba104
0x00cba10e
0x00cba110
0x00cba111
0x00cba113
0x00000000
0x00000000
0x00cba119
0x00cba11f
0x00cba11f
0x00000000
0x00cba11f
0x00cba0e7
0x00cba0eb
0x00cba0f0
0x00cba0f4
0x00000000
0x00000000
0x00cba0fa
0x00000000
0x00cba0fa

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00CB3382,00CB3382,?,?,?,00CBA2AA,00000001,00000001,E3E85006), ref: 00CBA0B3
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00CBA2AA,00000001,00000001,E3E85006,?,?,?), ref: 00CBA139
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,E3E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00CBA233
__freea.LIBCMT ref: 00CBA240

Part of subcall function 00CB5154: RtlAllocateHeap.NTDLL(00000000,?,?,?,00CB1E90,?,0000015D,?,?,?,?,00CB32E9,000000FF,00000000,?,?), ref: 00CB5186

__freea.LIBCMT ref: 00CBA249
__freea.LIBCMT ref: 00CBA26E

Strings

)L, xrefs: 00CBA060

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ByteCharMultiWide__freea$AllocateHeap
String ID: )L
API String ID: 1414292761-501487344
Opcode ID: 34e64817987b6eba1f65aaeb2b0e45a7836e280113f1889342de7a67648ed846
Instruction ID: ec171e5c646419284f5e2c8712c46aa073d544f0f29cc5a9642775144e3478dd
Opcode Fuzzy Hash: 34e64817987b6eba1f65aaeb2b0e45a7836e280113f1889342de7a67648ed846
Instruction Fuzzy Hash: 7C51EEB2600206AFDB258E64DC82EFF77AAEB44750F144229FD69EB140EB31DD449662

Uniqueness

Uniqueness Score: -1.00%

Function 00CAA024, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 172
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E00CAA024(intOrPtr* _a4, WCHAR* _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _t62;
				intOrPtr _t64;
				void* _t68;
				intOrPtr* _t72;
				void* _t79;
				signed int _t83;
				long _t84;
				signed short _t86;
				intOrPtr* _t94;
				intOrPtr* _t95;
				intOrPtr* _t98;
				intOrPtr* _t99;
				void* _t100;
				WCHAR* _t103;
				intOrPtr* _t104;
				void* _t105;

				_v8 = _v8 & 0x00000000;
				_t62 = 0xccb524;
				_t104 = _a4;
				_v12 = 0xccb524;
				_t5 = _t104 + 4; // 0x75c08524
				_t95 =  *_t5;
				if(_t95 == 0) {
					_t6 = _t104 + 8; // 0x2c453905
					_t98 =  *_t6;
					if(_t98 != 0) {
						_t62 =  *_t98;
					}
				} else {
					_t62 =  *_t95;
				}
				_t7 = _t104 + 0xc; // 0x458b3e74
				_t99 =  *_t7;
				_a4 = _t62;
				if(_t99 != 0) {
					_v12 =  *_t99;
				}
				_t10 = _t95 + 0x2c; // 0x75c08550
				_t94 = _t10;
				if(_t95 != 0) {
					_v20 =  *((intOrPtr*)(_t95 + 0x18));
					_t64 =  *((intOrPtr*)(_t95 + 0x1c));
				} else {
					_t12 = _t99 + 0x40; // 0x458b3eb4
					_t94 = _t12;
					_v20 =  *((intOrPtr*)(_t99 + 0x10));
					_t64 =  *((intOrPtr*)(_t99 + 0x14));
				}
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v16 = _t64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				if(_t95 == 0) {
					_t68 =  !=  ? 0x20000152 : 0x2000014f;
				} else {
					_t68 = (0 | _t99 != 0x00000000) + 0x20000150;
				}
				_push( *_t94);
				_push("download");
				_push(_v12);
				E00C8550F(2, _t68, _a4);
				_t103 = _a8;
				if(E00CC4315(_t103,  &_v8) == 0) {
					L16:
					_v36 = _v36 & 0x00000000;
					_v40 = E00CA993C;
					_v32 = _t104;
					_t72 =  *_t94;
					_t97 = 0x62;
					if(_t97 !=  *_t72) {
						L24:
						_v52 =  *_t104;
						_v48 = _a4;
						_v44 = _v12;
						_v24 =  &_v52;
						_v28 = E00CA9855;
						_t79 = E00CC635A(_t97, _t94, _v20, _v16, _t103,  &_v40,  &_v28);
						L25:
						_t105 = _t79;
						if(_t105 < 0) {
							_push(_t103);
							E00CC012F(_t105, "Failed attempt to download URL: \'%ls\' to: \'%ls\'",  *_t94);
						}
						goto L27;
					}
					_t97 = 0x69;
					if(_t97 !=  *((intOrPtr*)(_t72 + 2))) {
						goto L24;
					}
					_t97 = 0x74;
					if(_t97 !=  *((intOrPtr*)(_t72 + 4))) {
						goto L24;
					}
					_t100 = 0x73;
					if(_t100 !=  *((intOrPtr*)(_t72 + 6))) {
						goto L24;
					}
					_t97 =  *(_t72 + 8) & 0x0000ffff;
					_a8 = 0x3a;
					if(_a8 == _t97) {
						L23:
						_t79 = E00CADC0D(_t100,  &_v40, _t94, _t103);
						goto L25;
					}
					if(_t100 != _t97) {
						goto L24;
					}
					_t97 = _a8;
					if(_a8 !=  *((intOrPtr*)(_t72 + 0xa))) {
						goto L24;
					}
					goto L23;
				} else {
					_t83 = _v8;
					if((_t83 & 0x00000001) == 0) {
						goto L16;
					}
					_t84 = _t83 & 0xfffffffe;
					_v8 = _t84;
					if(SetFileAttributesW(_t103, _t84) != 0) {
						goto L16;
					}
					_t86 = GetLastError();
					_t108 =  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
					_t105 =  >=  ? 0x80004005 :  <=  ? _t86 : _t86 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "apply.cpp", 0x568, _t105);
					E00CC012F(_t105, "Failed to clear readonly bit on payload destination path: %ls", _t103);
					L27:
					return _t105;
				}
			}

0x00caa02a
0x00caa02e
0x00caa035
0x00caa039
0x00caa03c
0x00caa03c
0x00caa041
0x00caa047
0x00caa047
0x00caa04c
0x00caa04e
0x00caa04e
0x00caa043
0x00caa043
0x00caa043
0x00caa050
0x00caa050
0x00caa053
0x00caa058
0x00caa05c
0x00caa05c
0x00caa05f
0x00caa05f
0x00caa064
0x00caa0a2
0x00caa0a5
0x00caa066
0x00caa069
0x00caa069
0x00caa06c
0x00caa06f
0x00caa06f
0x00caa072
0x00caa079
0x00caa07d
0x00caa082
0x00caa083
0x00caa084
0x00caa08a
0x00caa08b
0x00caa08c
0x00caa08f
0x00caa0b6
0x00caa091
0x00caa098
0x00caa098
0x00caa0b9
0x00caa0bb
0x00caa0c0
0x00caa0c9
0x00caa0ce
0x00caa0e0
0x00caa13d
0x00caa13d
0x00caa141
0x00caa148
0x00caa14b
0x00caa14f
0x00caa153
0x00caa19c
0x00caa19e
0x00caa1a4
0x00caa1aa
0x00caa1b0
0x00caa1ba
0x00caa1ca
0x00caa1cf
0x00caa1cf
0x00caa1d3
0x00caa1d5
0x00caa1de
0x00caa1e3
0x00000000
0x00caa1d3
0x00caa157
0x00caa15c
0x00000000
0x00000000
0x00caa160
0x00caa165
0x00000000
0x00000000
0x00caa169
0x00caa16e
0x00000000
0x00000000
0x00caa170
0x00caa174
0x00caa17f
0x00caa18f
0x00caa195
0x00000000
0x00caa195
0x00caa184
0x00000000
0x00000000
0x00caa186
0x00caa18d
0x00000000
0x00000000
0x00000000
0x00caa0e2
0x00caa0e2
0x00caa0e7
0x00000000
0x00000000
0x00caa0e9
0x00caa0ee
0x00caa0f9
0x00000000
0x00000000
0x00caa0fb
0x00caa10c
0x00caa116
0x00caa124
0x00caa130
0x00caa1e7
0x00caa1ee
0x00caa1ee

APIs

SetFileAttributesW.KERNEL32(?,00000000,?,00000000,?,?,?,00000001,00000000,?), ref: 00CAA0F1
GetLastError.KERNEL32(?,?,?,00000001,00000000,?), ref: 00CAA0FB

Strings

Failed attempt to download URL: '%ls' to: '%ls', xrefs: 00CAA1D8
apply.cpp, xrefs: 00CAA11F
Failed to clear readonly bit on payload destination path: %ls, xrefs: 00CAA12A
download, xrefs: 00CAA0BB
:, xrefs: 00CAA174

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: :$Failed attempt to download URL: '%ls' to: '%ls'$Failed to clear readonly bit on payload destination path: %ls$apply.cpp$download
API String ID: 1799206407-1905830404
Opcode ID: 3267a751dd379e24950d71e602147907a9f6e35b2a8f434f76c5c9c311c4fab6
Instruction ID: 28ea18cd6aece20791b88fcc0525feff3bb2d933c79f8c665144c180ae541a2a
Opcode Fuzzy Hash: 3267a751dd379e24950d71e602147907a9f6e35b2a8f434f76c5c9c311c4fab6
Instruction Fuzzy Hash: 9751AF71A0020AEFDB11DFA9C841BAEB7B5FF05714F14806AE915EB251E371DE41CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CC837F, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 156
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00CC837F(void* __ecx, void* __eflags, signed int _a4, intOrPtr* _a8) {
				short* _v8;
				void* __ebx;
				void* __edi;
				signed int _t45;
				signed int _t51;
				short* _t52;
				signed int _t55;
				signed int _t64;
				short* _t67;
				short** _t75;
				short* _t81;
				intOrPtr* _t84;

				_t81 = 0;
				_t84 = E00C838D4(0x10, 1);
				_t75 =  *(_a4 + 0x44);
				while(_t75 != 0) {
					if(CompareStringW(0x7f, 0,  *_t75, 0xffffffff, L"http://appsyndication.org/2006/appsyn", 0xffffffff) != 2 || CompareStringW(0x7f, 0, _t75[1], 0xffffffff, L"application", 0xffffffff) != 2) {
						L9:
						_t75 = _t75[4];
						continue;
					} else {
						_t81 = E00C821A5(_t84, _t75[2], 0);
						if(_t81 < 0) {
							L29:
							if(_t84 != 0) {
								E00CC8530(_t75, _t81, _t84);
							}
							return _t81;
						}
						_t67 = _t75[3];
						while(1) {
							_v8 = _t67;
							if(_t67 == 0) {
								goto L9;
							}
							_t6 =  &(_t67[2]); // 0x700079
							if(CompareStringW(0x7f, 0,  *_t6, 0xffffffff, L"type", 0xffffffff) != 2) {
								L7:
								_t67 = _v8[6];
								continue;
							}
							_t9 = _t84 + 4; // 0x4
							_t81 = E00C821A5(_t9, _v8[4], 0);
							if(_t81 < 0) {
								goto L29;
							}
							goto L7;
						}
						goto L9;
					}
				}
				_t75 = _a4;
				_t44 = _t75[0xc];
				if(_t75[0xc] == 0) {
					L22:
					_t45 =  *(_t84 + 8);
					if(_t45 == _t75[0xc]) {
						L28:
						 *_a8 = _t84;
						_t84 = 0;
						goto L29;
					}
					if(_t45 == 0) {
						if( *(_t84 + 0xc) != 0) {
							E00C83999( *(_t84 + 0xc));
							 *(_t84 + 0xc) =  *(_t84 + 0xc) & 0x00000000;
						}
						goto L28;
					}
					_t51 = E00C83A72( *(_t84 + 0xc), _t45 << 6, 0);
					 *(_t84 + 0xc) = _t51;
					if(_t51 != 0) {
						goto L28;
					}
					_t52 = 0x8007000e;
					_push(0x8007000e);
					_push(0x6c);
					L14:
					_push("apuputil.cpp");
					_t81 = _t52;
					E00C837D3(_t52);
					goto L29;
				}
				_t55 = E00C838D4(_t44 << 6, 1);
				 *(_t84 + 0xc) = _t55;
				if(_t55 != 0) {
					_a4 = _a4 & 0x00000000;
					if(_t75[0xc] <= 0) {
						L21:
						E00CCA280( *(_t84 + 0xc),  *(_t84 + 8), 0x40, E00CC7D0A, 0);
						goto L22;
					}
					_t78 = 0;
					_v8 = 0;
					while(1) {
						_t81 = E00CC7FEC(_t75[0xd] + _t78,  *_t84, ( *(_t84 + 8) << 6) +  *(_t84 + 0xc));
						if(_t81 < 0) {
							goto L29;
						}
						if(_t81 != 1) {
							 *(_t84 + 8) =  *(_t84 + 8) + 1;
						}
						_t64 = _a4 + 1;
						_t78 =  &(_v8[0x20]);
						_a4 = _t64;
						_v8 =  &(_v8[0x20]);
						if(_t64 < _t75[0xc]) {
							continue;
						} else {
							goto L21;
						}
					}
					goto L29;
				}
				_t52 = 0x8007000e;
				_push(0x8007000e);
				_push(0x54);
				goto L14;
			}

0x00cc838a
0x00cc8394
0x00cc8396
0x00cc8433
0x00cc83b6
0x00cc8430
0x00cc8430
0x00000000
0x00cc83d3
0x00cc83de
0x00cc83e2
0x00cc851b
0x00cc851d
0x00cc8520
0x00cc8520
0x00cc852d
0x00cc852d
0x00cc83e8
0x00cc8429
0x00cc8429
0x00cc842e
0x00000000
0x00000000
0x00cc83f6
0x00cc8406
0x00cc8423
0x00cc8426
0x00000000
0x00cc8426
0x00cc8410
0x00cc8419
0x00cc841d
0x00000000
0x00000000
0x00000000
0x00cc841d
0x00000000
0x00cc8429
0x00cc83b6
0x00cc843b
0x00cc843e
0x00cc8443
0x00cc84d4
0x00cc84d4
0x00cc84da
0x00cc8514
0x00cc8517
0x00cc8519
0x00000000
0x00cc8519
0x00cc84de
0x00cc8506
0x00cc850b
0x00cc8510
0x00cc8510
0x00000000
0x00cc8506
0x00cc84e9
0x00cc84ee
0x00cc84f3
0x00000000
0x00000000
0x00cc84f5
0x00cc84fa
0x00cc84fb
0x00cc8463
0x00cc8463
0x00cc8468
0x00cc846a
0x00000000
0x00cc846a
0x00cc844f
0x00cc8454
0x00cc8459
0x00cc8474
0x00cc847c
0x00cc84bd
0x00cc84cc
0x00000000
0x00cc84d1
0x00cc847e
0x00cc8480
0x00cc8483
0x00cc849a
0x00cc849e
0x00000000
0x00000000
0x00cc84a3
0x00cc84a5
0x00cc84a5
0x00cc84ae
0x00cc84af
0x00cc84b2
0x00cc84b5
0x00cc84bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc84bb
0x00000000
0x00cc8483
0x00cc845b
0x00cc8460
0x00cc8461
0x00000000

APIs

Part of subcall function 00C838D4: GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
Part of subcall function 00C838D4: RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,http://appsyndication.org/2006/appsyn,000000FF,00000010,00000001,00000000,00000000,00000000,?,?,00CA8E1F,000002C0,00000100), ref: 00CC83AD
CompareStringW.KERNEL32(0000007F,00000000,?,000000FF,application,000000FF,?,?,00CA8E1F,000002C0,00000100,000002C0,000002C0,00000100,000002C0,00000410), ref: 00CC83C8

Strings

apuputil.cpp, xrefs: 00CC8463
type, xrefs: 00CC83EF
http://appsyndication.org/2006/appsyn, xrefs: 00CC83A0
application, xrefs: 00CC83BA

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CompareHeapString$AllocateProcess
String ID: application$apuputil.cpp$http://appsyndication.org/2006/appsyn$type
API String ID: 2664528157-4206478990
Opcode ID: 08c55fc0e2119c957e53009fa6dbfcd217e1790fc82faa8c7ddf487c37c1b3b7
Instruction ID: ac4f33cd65a8cc6a2d703838fd08e9659532410084956ea314098236887f62c8
Opcode Fuzzy Hash: 08c55fc0e2119c957e53009fa6dbfcd217e1790fc82faa8c7ddf487c37c1b3b7
Instruction Fuzzy Hash: 6D519271A04601ABEB25DF55CC85F5B77A5EB04760F20821CF965DB2D1DBB0EE44DB10

Uniqueness

Uniqueness Score: -1.00%

Function 00CC635A, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 152
fileCOMMON

Download Yara Rule

C-Code - Quality: 40%

			E00CC635A(void* __ecx, intOrPtr* _a4, signed short _a8, WCHAR* _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v12;
				signed int _v16;
				WCHAR* _v20;
				intOrPtr _v24;
				char _v28;
				signed short _v32;
				void* _v36;
				WCHAR* _v40;
				char _v44;
				signed int _t57;
				WCHAR* _t69;
				signed short _t78;
				WCHAR* _t85;
				void* _t88;
				intOrPtr* _t90;

				_t82 = __ecx;
				_v16 = _v16 | 0xffffffff;
				_t81 = _a4;
				asm("xorps xmm0, xmm0");
				_v12 = 0;
				_t85 = 0;
				_v8 = 0;
				_v20 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("movlpd [ebp-0x18], xmm0");
				asm("movlpd [ebp-0x20], xmm0");
				_t88 = E00C821A5( &_v12,  *_a4, 0);
				if(_t88 < 0) {
					L12:
					_t48 = _v20;
					if(_v20 != 0) {
						E00CC54EF(_t48);
					}
					if(_t85 != 0) {
						 *0xcea96c(_t85);
					}
					if(_v12 != 0) {
						E00CC54EF(_v12);
					}
					return _t88;
				}
				 *0xcea98c(L"Burn", 0, 0, 0, 0);
				_t85 = 0;
				if(0 != 0) {
					E00CC56B2(__ecx, L"WiX\\Burn", L"DownloadTimeout", 0x78,  &_v8);
					_t57 = _v8;
					if(_t57 != 0) {
						_t90 =  *0xcea970; // 0xcca79b
						_v8 = _t57 * 0x3e8;
						 *_t90(0, 2,  &_v8, 4);
						 *_t90(0, 6,  &_v8, 4);
						 *_t90(0, 5,  &_v8, 4);
					}
					_t88 = E00CC5BBF(_t82, _t85,  &_v12,  *((intOrPtr*)(_t81 + 4)),  *((intOrPtr*)(_t81 + 8)), _a24,  &_v36,  &_v44);
					if(_t88 >= 0) {
						E00CC5C68(_t82, _a16,  &_v20,  &_v16,  &_v28);
						_t88 = E00CC5916(_t85,  &_v12,  *((intOrPtr*)(_t81 + 4)),  *((intOrPtr*)(_t81 + 8)), _a16, _a8, _a12, _v36, _v32, _v28, _v24, _v16, _a20, _a24);
						if(_t88 >= 0) {
							_t69 = _v20;
							if(_t69 != 0 &&  *_t69 != 0) {
								DeleteFileW(_t69);
							}
						}
						if(_v16 != 0xffffffff) {
							CloseHandle(_v16);
						}
					}
				} else {
					_t78 = GetLastError();
					_t93 =  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
					_t88 =  >=  ? 0x80004005 :  <=  ? _t78 : _t78 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "dlutil.cpp", 0x84, _t88);
				}
			}

0x00cc635a
0x00cc6360
0x00cc6367
0x00cc636a
0x00cc6372
0x00cc6375
0x00cc6377
0x00cc637a
0x00cc637d
0x00cc6380
0x00cc6387
0x00cc638c
0x00cc6396
0x00cc639a
0x00cc64c3
0x00cc64c3
0x00cc64c8
0x00cc64cb
0x00cc64cb
0x00cc64d2
0x00cc64d5
0x00cc64d5
0x00cc64df
0x00cc64e4
0x00cc64e4
0x00cc64f1
0x00cc64f1
0x00cc63ab
0x00cc63b1
0x00cc63b5
0x00cc63fa
0x00cc63ff
0x00cc6404
0x00cc6406
0x00cc6414
0x00cc641e
0x00cc6429
0x00cc6434
0x00cc6434
0x00cc6451
0x00cc6455
0x00cc6466
0x00cc6499
0x00cc649d
0x00cc649f
0x00cc64a4
0x00cc64ae
0x00cc64ae
0x00cc64a4
0x00cc64b8
0x00cc64bd
0x00cc64bd
0x00cc64b8
0x00cc63b7
0x00cc63b7
0x00cc63c8
0x00cc63d2
0x00cc63e0
0x00cc63e0

APIs

GetLastError.KERNEL32 ref: 00CC63B7
DeleteFileW.KERNEL32(00000000,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00CC64AE
CloseHandle.KERNEL32(000000FF,00000000,00000000,?,?,00000078,000000FF,00000000,?,?,?,00000078,000000FF,?,?,00000078), ref: 00CC64BD

Strings

dlutil.cpp, xrefs: 00CC63DB
Burn, xrefs: 00CC63A6
DownloadTimeout, xrefs: 00CC63F0
WiX\Burn, xrefs: 00CC63F5

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseDeleteErrorFileHandleLast
String ID: Burn$DownloadTimeout$WiX\Burn$dlutil.cpp
API String ID: 3522763407-1704223933
Opcode ID: c9b725d347cb5876d1e6978e6f4aa5bc398213fce1d9d84dc8cbafc90bdcf40b
Instruction ID: 5aa6291c45c173ff4e1e282d2453f378b1a6cf3ca196ba196b7deaba0e92349a
Opcode Fuzzy Hash: c9b725d347cb5876d1e6978e6f4aa5bc398213fce1d9d84dc8cbafc90bdcf40b
Instruction Fuzzy Hash: 9D511872D00619BFDF12DFA4CD45FAEBBB9EF08710F004169FA14E6190E7359A51ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C90419, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 133
registryCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E00C90419(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _t65;
				void* _t68;
				void* _t72;
				void* _t74;
				intOrPtr* _t75;
				void* _t77;
				void* _t78;

				_t72 = __edx;
				_t68 = __ecx;
				_t75 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_push(E00C93C30( *((intOrPtr*)(_t75 + 8))));
				_push(E00C94224(_a16));
				_push(E00C94257(_a12));
				E00C8550F(2, 0x20000174,  *((intOrPtr*)(_t75 + 0x50)));
				_t78 = _t77 + 0x18;
				if(_a16 != 0) {
					_t65 = E00C81F20( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_t75 + 0x50)));
					_t78 = _t78 + 0xc;
					if(_t65 < 0) {
						L3:
						_push("Failed to write volatile reboot required registry key.");
						E00CC012F();
						_t68 = _t65;
					} else {
						_t65 = E00CC0AD5(_t68,  *((intOrPtr*)(_t75 + 0x4c)), _v16, 0x20006, 1, 0,  &_v12, 0);
						if(_t65 < 0) {
							goto L3;
						}
					}
				}
				if(_a12 != 0) {
					_t74 = E00CC0E3F( *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0x20006,  &_v8);
					__eflags = _t74;
					if(_t74 >= 0) {
						goto L14;
					} else {
						_push("Failed to open registration key.");
						goto L16;
					}
				} else {
					if(_a20 == 1 || _a20 == 2) {
						E00CA840F(_t68, _t75);
					}
					if( *((intOrPtr*)(_t75 + 0x9c)) != 0) {
						E00C8EEF9(_t68, _t75);
					}
					_t19 = _t75 + 0x94; // 0x95
					E00C8EE0F(_a8, _t19);
					_t74 = E00CC0B49(_t68,  *((intOrPtr*)(_t75 + 0x4c)),  *((intOrPtr*)(_t75 + 0x50)), 0, 0);
					if(_t74 == 0x80070002 || _t74 >= 0) {
						E00C9A66C(_t68, _t72,  *_t75,  *((intOrPtr*)(_t75 + 0x10)));
						L14:
						__eflags = _a16 - 2;
						_t74 = E00C8F09D(_t72, _a16 - 2, _t75, _v8, _a12, 0 | _a16 == 0x00000002);
						__eflags = _t74;
						if(_t74 < 0) {
							_push("Failed to update resume mode.");
							L16:
							_push(_t74);
							E00CC012F();
						}
					} else {
						E00CC012F(_t74, "Failed to delete registration key: %ls",  *((intOrPtr*)(_t75 + 0x50)));
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = _v12 & 0x00000000;
				}
				if(_v16 != 0) {
					E00CC54EF(_v16);
				}
				return _t74;
			}

0x00c90419
0x00c90419
0x00c90420
0x00c90426
0x00c9042c
0x00c9042f
0x00c90437
0x00c90440
0x00c90449
0x00c90454
0x00c90459
0x00c9045f
0x00c9046d
0x00c90472
0x00c90477
0x00c90495
0x00c90495
0x00c9049b
0x00c904a1
0x00c90479
0x00c9048c
0x00c90493
0x00000000
0x00000000
0x00c90493
0x00c90477
0x00c904a5
0x00c9058b
0x00c9058d
0x00c9058f
0x00000000
0x00c90591
0x00c90591
0x00000000
0x00c90591
0x00c904ab
0x00c904af
0x00c904b8
0x00c904b8
0x00c904c3
0x00c904c6
0x00c904c6
0x00c904cb
0x00c904d5
0x00c904e7
0x00c904ef
0x00c9050d
0x00c90512
0x00c90514
0x00c90528
0x00c9052a
0x00c9052c
0x00c9052e
0x00c90533
0x00c90533
0x00c90534
0x00c9053a
0x00c904f5
0x00c904fe
0x00c90503
0x00c904ef
0x00c90545
0x00c9054a
0x00c9054c
0x00c9054c
0x00c90554
0x00c90559
0x00c9055b
0x00c9055b
0x00c90563
0x00c90568
0x00c90568
0x00c90574

APIs

RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 00C9054A
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,?,?,00000000,?), ref: 00C90559

Part of subcall function 00CC0AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,00C90491,?,00000000,00020006), ref: 00CC0AFA

Strings

Failed to update resume mode., xrefs: 00C9052E
Failed to open registration key., xrefs: 00C90591
Failed to delete registration key: %ls, xrefs: 00C904F8
Failed to write volatile reboot required registry key., xrefs: 00C90495
%ls.RebootRequired, xrefs: 00C90467

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Close$Create
String ID: %ls.RebootRequired$Failed to delete registration key: %ls$Failed to open registration key.$Failed to update resume mode.$Failed to write volatile reboot required registry key.
API String ID: 359002179-2517785395
Opcode ID: 25b3e9fddb3d2dae069a39e40bd7cc054fbcb2420bd480bbecd99e123c24ee26
Instruction ID: 3b77bf67f61e473a408ede5dc5cd27e2a4032df1364789971382d980cab7b5aa
Opcode Fuzzy Hash: 25b3e9fddb3d2dae069a39e40bd7cc054fbcb2420bd480bbecd99e123c24ee26
Instruction Fuzzy Hash: 0041AF32900718FFDF22AFA0DC0AEAFBBBAAF40314F24442DFA5561161D7719A50EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CC01F0, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E00CC01F0(void* __ebx, void* __edx, void* __edi, void* __esi) {
				signed int _v8;
				short _v528;
				short _v1048;
				char _v1052;
				struct HINSTANCE__* _v1056;
				struct HINSTANCE__* _v1060;
				long _v1064;
				void* __ebp;
				signed int _t25;
				long _t29;
				intOrPtr _t46;
				intOrPtr _t47;
				void* _t52;
				void* _t53;
				void* _t54;
				char* _t56;
				void* _t61;
				unsigned int _t62;
				unsigned int _t64;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t72;
				intOrPtr _t74;
				void* _t75;
				signed int _t76;
				void* _t77;

				_t68 = __edx;
				_t25 =  *0xcea008; // 0x4c290ae8
				_v8 = _t25 ^ _t76;
				_push(__ebx);
				_push(__esi);
				_t74 =  *0xcea77c; // 0xce6238
				_push(__edi);
				_v1064 = 0x104;
				_v1060 = 0;
				_v1056 = 0;
				_v1052 = 0;
				_t29 = GetModuleFileNameW(0,  &_v528, 0x104);
				_t70 = 0x208;
				if(_t29 == 0) {
					E00CAF670(0x208,  &_v528, 0, 0x208);
					_t77 = _t77 + 0xc;
				}
				if(E00CC4932( &_v528,  &_v1060,  &_v1056) < 0) {
					_v1060 = 0;
					_v1056 = 0;
				}
				if(GetComputerNameW( &_v1048,  &_v1064) != 0) {
					L7:
					E00CC858F(_t70, _t83,  &_v1052, 0);
					_push(_v1052);
					_push("=== Logging started: %ls ===");
					_t71 = 2;
					_push(_t71);
					E00CC061A();
					_t62 = _v1056;
					_push(_t62 & 0x0000ffff);
					_push(_t62 >> 0x10);
					_t64 = _v1060;
					_push(_t64 & 0x0000ffff);
					_push(_t64 >> 0x10);
					E00CC061A(_t71, "Executable: %ls v%d.%d.%d.%d",  &_v528);
					E00CC061A(_t71, "Computer  : %ls",  &_v1048);
					_t46 =  *0xcea778; // 0x3
					_t47 = _t46;
					if(_t47 == 0) {
						_t74 =  *0xcea790; // 0xce6264
					} else {
						_t52 = _t47 - 1;
						if(_t52 == 0) {
							_t74 =  *0xcea780; // 0xce6240
						} else {
							_t53 = _t52 - 1;
							if(_t53 == 0) {
								_t74 =  *0xcea784; // 0xce6248
							} else {
								_t54 = _t53 - 1;
								if(_t54 == 0) {
									_t74 =  *0xcea788; // 0xce6254
								} else {
									if(_t54 == 1) {
										_t74 =  *0xcea78c; // 0xce625c
									}
								}
							}
						}
					}
					E00CC061A(_t71, "--- logging level: %hs ---", _t74);
					_pop(_t72);
					_pop(_t75);
					_pop(_t61);
					if(_v1052 != 0) {
						E00CC54EF(_v1052);
					}
					return E00CADE36(_t61, _v8 ^ _t76, _t68, _t72, _t75);
				} else {
					_t56 =  &_v1048;
					do {
						 *_t56 = 0;
						_t56 = _t56 + 1;
						_t70 = _t70 - 1;
						_t83 = _t70;
					} while (_t70 != 0);
					goto L7;
				}
			}

0x00cc01f0
0x00cc01f9
0x00cc0200
0x00cc0203
0x00cc0204
0x00cc0205
0x00cc0210
0x00cc0212
0x00cc0220
0x00cc0228
0x00cc022e
0x00cc0234
0x00cc023a
0x00cc0241
0x00cc024c
0x00cc0251
0x00cc0251
0x00cc0270
0x00cc0272
0x00cc0278
0x00cc0278
0x00cc0294
0x00cc02a4
0x00cc02ac
0x00cc02b1
0x00cc02b7
0x00cc02be
0x00cc02bf
0x00cc02c0
0x00cc02c5
0x00cc02ce
0x00cc02d2
0x00cc02d3
0x00cc02dc
0x00cc02e6
0x00cc02ee
0x00cc0300
0x00cc0305
0x00cc030d
0x00cc030f
0x00cc0345
0x00cc0311
0x00cc0311
0x00cc0314
0x00cc033d
0x00cc0316
0x00cc0316
0x00cc0319
0x00cc0335
0x00cc031b
0x00cc031b
0x00cc031e
0x00cc032d
0x00cc0320
0x00cc0323
0x00cc0325
0x00cc0325
0x00cc0323
0x00cc031e
0x00cc0319
0x00cc0314
0x00cc0352
0x00cc0361
0x00cc0362
0x00cc0363
0x00cc0364
0x00cc036c
0x00cc036c
0x00cc0380
0x00cc0296
0x00cc0296
0x00cc029c
0x00cc029c
0x00cc029e
0x00cc029f
0x00cc029f
0x00cc029f
0x00000000
0x00cc029c

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000001,00000000,00000000), ref: 00CC0234
GetComputerNameW.KERNEL32 ref: 00CC028C

Strings

Computer : %ls, xrefs: 00CC02FA
=== Logging started: %ls ===, xrefs: 00CC02B7
Executable: %ls v%d.%d.%d.%d, xrefs: 00CC02E8
--- logging level: %hs ---, xrefs: 00CC034C
)L, xrefs: 00CC01F9

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Name$ComputerFileModule
String ID: --- logging level: %hs ---$=== Logging started: %ls ===$Computer : %ls$Executable: %ls v%d.%d.%d.%d$)L
API String ID: 2577110986-2311746771
Opcode ID: 787fc6272e471083bc5a57650e14ba3ad76b371a646a200b9b457edce8ecaa09
Instruction ID: f54bdf1253af6a1134375d4d6eeeb28cce202e1229d90235e4bbf2e37db7e04d
Opcode Fuzzy Hash: 787fc6272e471083bc5a57650e14ba3ad76b371a646a200b9b457edce8ecaa09
Instruction Fuzzy Hash: B6417DB2900168EBCB20DF65DC89FAA77BCEB55300F1441ADFA09E7112D630AE858F65

Uniqueness

Uniqueness Score: -1.00%

Function 00C8F69D, Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 117
registryCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E00C8F69D(intOrPtr _a4, intOrPtr* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				void* _t46;
				void* _t48;
				void* _t50;
				intOrPtr* _t53;
				void* _t58;
				void* _t65;
				void* _t66;

				_t61 = _a4;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				if(E00C81F20( &_v16, L"%ls.RebootRequired",  *((intOrPtr*)(_a4 + 0x50))) >= 0) {
					if(E00CC0E3F( *((intOrPtr*)(_t61 + 0x4c)), _v16, 1,  &_v12) < 0) {
						_t65 = E00CC0E3F( *((intOrPtr*)(_t61 + 0x4c)),  *((intOrPtr*)(_t61 + 0x50)), 1,  &_v8);
						if(_t65 == 0x80070002 || _t65 == 0x80070003) {
							 *_a8 = 0;
							goto L23;
						} else {
							if(_t65 >= 0) {
								_t66 = E00CC0EEC(_t58, _v8, L"Resume",  &_v20);
								if(_t66 != 0x80070002) {
									if(_t66 >= 0) {
										_t46 = _v20 - 1;
										if(_t46 == 0) {
											 *_a8 = 2;
										} else {
											_t48 = _t46 - 1;
											if(_t48 == 0) {
												 *_a8 = 5;
											} else {
												_t50 = _t48 - 1;
												if(_t50 == 0) {
													 *_a8 = 6;
												} else {
													_t53 = _a8;
													if(_t50 == 1) {
														 *_t53 = 4;
													} else {
														 *_t53 = 1;
													}
												}
											}
										}
										goto L24;
									}
									_push("Failed to read Resume value.");
									goto L2;
								}
								 *_a8 = 1;
								goto L23;
							} else {
								_push("Failed to open registration key.");
								goto L2;
							}
						}
					} else {
						 *_a8 = 3;
						L23:
						_t66 = 0;
						goto L24;
					}
				} else {
					_push("Failed to format pending restart registry key to read.");
					L2:
					_push(_t66);
					E00CC012F();
					L24:
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v16 != 0) {
						E00CC54EF(_v16);
					}
					return _t66;
				}
			}

0x00c8f6a6
0x00c8f6ae
0x00c8f6b1
0x00c8f6b7
0x00c8f6c0
0x00c8f6cf
0x00c8f6f6
0x00c8f717
0x00c8f720
0x00c8f7bb
0x00000000
0x00c8f732
0x00c8f734
0x00c8f74e
0x00c8f752
0x00c8f761
0x00c8f770
0x00c8f773
0x00c8f7b0
0x00c8f775
0x00c8f775
0x00c8f778
0x00c8f7a5
0x00c8f77a
0x00c8f77a
0x00c8f77d
0x00c8f79a
0x00c8f77f
0x00c8f782
0x00c8f785
0x00c8f78f
0x00c8f787
0x00c8f787
0x00c8f787
0x00c8f785
0x00c8f77d
0x00c8f778
0x00000000
0x00c8f773
0x00c8f763
0x00000000
0x00c8f763
0x00c8f757
0x00000000
0x00c8f736
0x00c8f736
0x00000000
0x00c8f736
0x00c8f734
0x00c8f6f8
0x00c8f6fb
0x00c8f7bd
0x00c8f7bd
0x00000000
0x00c8f7bd
0x00c8f6d1
0x00c8f6d1
0x00c8f6d6
0x00c8f6d6
0x00c8f6d7
0x00c8f7bf
0x00c8f7c8
0x00c8f7cd
0x00c8f7cf
0x00c8f7cf
0x00c8f7d5
0x00c8f7da
0x00c8f7dc
0x00c8f7dc
0x00c8f7e2
0x00c8f7e7
0x00c8f7e7
0x00c8f7f4
0x00c8f7f4

APIs

RegCloseKey.ADVAPI32(?,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00C8F7CD
RegCloseKey.ADVAPI32(00000000,?,?,00000001,?,?,?,00000001,00000000,?,00000000,?,?,?,00000000,?), ref: 00C8F7DA

Strings

Resume, xrefs: 00C8F741
Failed to open registration key., xrefs: 00C8F736
Failed to read Resume value., xrefs: 00C8F763
%ls.RebootRequired, xrefs: 00C8F6BA
Failed to format pending restart registry key to read., xrefs: 00C8F6D1

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Close
String ID: %ls.RebootRequired$Failed to format pending restart registry key to read.$Failed to open registration key.$Failed to read Resume value.$Resume
API String ID: 3535843008-3890505273
Opcode ID: 5f70c88687f5232101e9d35b234ba0ddd6a830c47e75be1a4535c53fed1a263d
Instruction ID: 202f93f317967a5e4f3667024ea2353e8ba286697928899a49543ec5e36ff5bd
Opcode Fuzzy Hash: 5f70c88687f5232101e9d35b234ba0ddd6a830c47e75be1a4535c53fed1a263d
Instruction Fuzzy Hash: 32414F36900119FFEB11BF99C881AADBBB5FB05318F25817EE914AB310D3719E42DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00CAD12C, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 39%

			E00CAD12C(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				char _v16;
				signed int _v24;
				char _v28;
				char _v32;
				void* _t50;
				char _t69;
				signed int _t70;
				intOrPtr _t71;
				void* _t72;

				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t71 = _a4;
				WaitForSingleObject( *(_t71 + 0xc), 0xffffffff);
				ReleaseMutex( *(_t71 + 0xc));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t69 = 2;
				_push(_a12);
				_v32 = _t69;
				_v28 = 1;
				_v24 = (( *( *((intOrPtr*)(_t71 + 0x10)) + 0x219) & 0x000000ff) + ( *( *((intOrPtr*)(_t71 + 0x10)) + 0x218) & 0x000000ff) >> 0x00000001 & 0x000000ff) * 0x64 / 0xff;
				_push( &_v32);
				if(_a8() == _t69) {
					WaitForSingleObject( *(_t71 + 0xc), 0xffffffff);
					 *((char*)( *((intOrPtr*)(_t71 + 0x10)) + 2)) = 1;
					 *((char*)( *((intOrPtr*)(_t71 + 0x10)) + 3)) = 1;
					ReleaseMutex( *(_t71 + 0xc));
					SetEvent( *(_t71 + 8));
				}
				_t50 = E00CACF56(_t71,  &_v12,  &_v8,  &_v16);
				_t70 = _v8;
				_t72 = _t50;
				if(_t72 >= 0) {
					__eflags = _v12 - 0x1070001;
					if(__eflags == 0) {
						_t72 = E00CAD047(__eflags, _a4, _t70, _a8, _a12);
						__eflags = _t72;
						if(_t72 < 0) {
							_push("Failed to send files in use message from netfx chainer.");
							goto L7;
						}
					}
				} else {
					_push("Failed to get message from netfx chainer.");
					L7:
					_push(_t72);
					E00CC012F();
				}
				if(_t70 != 0) {
					E00C83999(_t70);
				}
				return _t72;
			}

0x00cad132
0x00cad136
0x00cad13c
0x00cad145
0x00cad161
0x00cad170
0x00cad178
0x00cad179
0x00cad17a
0x00cad181
0x00cad182
0x00cad185
0x00cad188
0x00cad191
0x00cad197
0x00cad19d
0x00cad1a4
0x00cad1ad
0x00cad1b4
0x00cad1bb
0x00cad1c4
0x00cad1c4
0x00cad1d7
0x00cad1dc
0x00cad1df
0x00cad1e3
0x00cad1ec
0x00cad1f3
0x00cad204
0x00cad206
0x00cad208
0x00cad20a
0x00000000
0x00cad20a
0x00cad208
0x00cad1e5
0x00cad1e5
0x00cad20f
0x00cad20f
0x00cad210
0x00cad216
0x00cad219
0x00cad21c
0x00cad21c
0x00cad229

APIs

WaitForSingleObject.KERNEL32(?,000000FF,74B5F730,00000000,?,?,?,?,00CAD439,?), ref: 00CAD145
ReleaseMutex.KERNEL32(?,?,?,?,00CAD439,?), ref: 00CAD161
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00CAD1A4
ReleaseMutex.KERNEL32(?), ref: 00CAD1BB
SetEvent.KERNEL32(?), ref: 00CAD1C4

Strings

Failed to get message from netfx chainer., xrefs: 00CAD1E5
Failed to send files in use message from netfx chainer., xrefs: 00CAD20A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: MutexObjectReleaseSingleWait$Event
String ID: Failed to get message from netfx chainer.$Failed to send files in use message from netfx chainer.
API String ID: 2608678126-3424578679
Opcode ID: eeeda365bcf7af8181bb5b09a038cbe76f8f2b3184edcb33f67fbece7cd4c325
Instruction ID: 9f28ab0aaac5df7ffc61db50998f94f9a330f34ca6a9f9ab3d834a918f09c378
Opcode Fuzzy Hash: eeeda365bcf7af8181bb5b09a038cbe76f8f2b3184edcb33f67fbece7cd4c325
Instruction Fuzzy Hash: 9831093190060AAFCB129F94CC09FAEBBB9EF45324F148665F526A6561C731DE40DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00C9F586, Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00C9F586(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				intOrPtr* _t46;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t62;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = 0;
				_v8 = 0;
				EnterCriticalSection( *(_a4 + 0xc));
				_t62 = E00C8D459( *(_a4 + 0xc) + 0xb8);
				if(_t62 >= 0) {
					_t46 = _a16;
					if(_t46 == 0 ||  *_t46 == 0) {
						L20:
						_t62 = 0x80070057;
					} else {
						_t58 = _a12;
						if(_t58 == 0 ||  *_t58 == 0) {
							_t59 = _a8;
							if(_t59 == 0 ||  *_t59 == 0) {
								goto L20;
							} else {
								_t62 = E00C8C0A9(_t48,  *(_a4 + 0xc) + 0x2a8, _t59,  &_v12);
								if(_t62 >= 0) {
									_t62 = E00C821A5(_v12 + 0x28, _t46, 0);
									if(_t62 < 0) {
										_push("Failed to set source path for container.");
										goto L19;
									}
								} else {
									_push(_t59);
									_push("UX requested unknown container with id: %ls");
									goto L16;
								}
							}
						} else {
							_t62 = E00C8CC57(_t48,  *(_a4 + 0xc) + 0x2b8, _t58,  &_v8);
							if(_t62 >= 0) {
								_t41 = _v8;
								if( *((intOrPtr*)(_v8 + 4)) != 2) {
									_t62 = E00C821A5(_t41 + 0x38, _t46, 0);
									if(_t62 < 0) {
										_push("Failed to set source path for payload.");
										L19:
										_push(_t62);
										E00CC012F();
									}
								} else {
									_push(_t58);
									_t62 = 0x800710dd;
									_push("UX denied while trying to set source on embedded payload: %ls");
									goto L16;
								}
							} else {
								_push(_t58);
								_push("UX requested unknown payload with id: %ls");
								L16:
								_push(_t62);
								E00CC012F();
							}
						}
					}
				} else {
					_push("Engine is active, cannot change engine state.");
					_push(_t62);
					E00CC012F();
				}
				LeaveCriticalSection( *(_a4 + 0xc));
				return _t62;
			}

0x00c9f586
0x00c9f589
0x00c9f58a
0x00c9f592
0x00c9f598
0x00c9f59b
0x00c9f5af
0x00c9f5b3
0x00c9f5c8
0x00c9f5cd
0x00c9f69c
0x00c9f69c
0x00c9f5dc
0x00c9f5dc
0x00c9f5e3
0x00c9f63e
0x00c9f643
0x00000000
0x00c9f64a
0x00c9f660
0x00c9f664
0x00c9f687
0x00c9f68b
0x00c9f68d
0x00000000
0x00c9f68d
0x00c9f666
0x00c9f666
0x00c9f667
0x00000000
0x00c9f667
0x00c9f664
0x00c9f5ea
0x00c9f600
0x00c9f604
0x00c9f60e
0x00c9f615
0x00c9f631
0x00c9f635
0x00c9f637
0x00c9f692
0x00c9f692
0x00c9f693
0x00c9f699
0x00c9f617
0x00c9f617
0x00c9f618
0x00c9f61d
0x00000000
0x00c9f61d
0x00c9f606
0x00c9f606
0x00c9f607
0x00c9f66c
0x00c9f66c
0x00c9f66d
0x00c9f672
0x00c9f604
0x00c9f5e3
0x00c9f5b5
0x00c9f5b5
0x00c9f5ba
0x00c9f5bb
0x00c9f5c1
0x00c9f6a8
0x00c9f6b5

APIs

EnterCriticalSection.KERNEL32(?), ref: 00C9F59B
LeaveCriticalSection.KERNEL32(?), ref: 00C9F6A8

Strings

Engine is active, cannot change engine state., xrefs: 00C9F5B5
UX requested unknown container with id: %ls, xrefs: 00C9F667
Failed to set source path for payload., xrefs: 00C9F637
UX denied while trying to set source on embedded payload: %ls, xrefs: 00C9F61D
Failed to set source path for container., xrefs: 00C9F68D
UX requested unknown payload with id: %ls, xrefs: 00C9F607

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Engine is active, cannot change engine state.$Failed to set source path for container.$Failed to set source path for payload.$UX denied while trying to set source on embedded payload: %ls$UX requested unknown container with id: %ls$UX requested unknown payload with id: %ls
API String ID: 3168844106-4121889706
Opcode ID: 3a2f6d69c256641224ccca8302642c994415d388575c8d628b6eeded72d56055
Instruction ID: 9ab9a7d99439f3d0fdb27c8417fcf62e4b12dd8e0c53c290da36f316f5d446bf
Opcode Fuzzy Hash: 3a2f6d69c256641224ccca8302642c994415d388575c8d628b6eeded72d56055
Instruction Fuzzy Hash: CC31EF72A40321AB8F219B59C84EE9EB3B8DF54720B15803EF804EB260DB74ED4197A4

Uniqueness

Uniqueness Score: -1.00%

Function 00C870D4, Relevance: 12.1, APIs: 1, Strings: 7, Instructions: 99
stringCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00C870D4(void* __ebx, void* __ecx, WCHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _t38;
				WCHAR* _t48;
				WCHAR* _t49;
				void* _t52;
				void* _t54;

				_t40 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t48 = _a4;
				_t52 = E00C81EDE( &_v8, lstrlenW(_t48) + 1);
				if(_t52 >= 0) {
					while(1) {
						_t38 = E00CB3E49(_t40, _t48, L"[]{}");
						if(_t38 == 0) {
							goto L5;
						}
						_t52 = E00C81EF2( &_v8, _t48, _t38);
						if(_t52 < 0) {
							_push("Failed to append characters.");
							L14:
							_push(_t52);
							E00CC012F();
						} else {
							goto L5;
						}
						L15:
						goto L16;
						L5:
						_t49 =  &(_t48[_t38]);
						_t40 = 0;
						_t24 =  *_t49 & 0x0000ffff;
						if(0 == ( *_t49 & 0x0000ffff)) {
							_t52 = E00C821A5(_a8, _v8, 0);
							if(_t52 < 0) {
								_push("Failed to copy string.");
								goto L14;
							}
						} else {
							_t52 = E00C81F20( &_v12, L"[\\%c]", _t24);
							_t54 = _t54 + 0xc;
							if(_t52 < 0) {
								_push("Failed to format escape sequence.");
								goto L14;
							} else {
								_t52 = E00C81EF2( &_v8, _v12, 0);
								if(_t52 < 0) {
									_push("Failed to append escape sequence.");
									goto L14;
								} else {
									_t48 =  &(_t49[1]);
									continue;
								}
							}
						}
						goto L15;
					}
				} else {
					_push("Failed to allocate buffer for escaped string.");
					_push(_t52);
					E00CC012F();
				}
				L16:
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				if(_v12 != 0) {
					E00CC54EF(_v12);
				}
				return _t52;
			}

0x00c870d4
0x00c870d7
0x00c870d8
0x00c870d9
0x00c870dd
0x00c870e3
0x00c870f8
0x00c870fc
0x00c87111
0x00c8711c
0x00c87122
0x00000000
0x00000000
0x00c8712f
0x00c87133
0x00c87173
0x00c871a0
0x00c871a0
0x00c871a1
0x00000000
0x00000000
0x00000000
0x00c871a8
0x00000000
0x00c87135
0x00c87135
0x00c87138
0x00c8713a
0x00c87140
0x00c87195
0x00c87199
0x00c8719b
0x00000000
0x00c8719b
0x00c87142
0x00c87151
0x00c87153
0x00c87158
0x00c87181
0x00000000
0x00c8715a
0x00c87168
0x00c8716c
0x00c8717a
0x00000000
0x00c8716e
0x00c8716e
0x00000000
0x00c8716e
0x00c8716c
0x00c87158
0x00000000
0x00c87140
0x00c870fe
0x00c870fe
0x00c87103
0x00c87104
0x00c8710a
0x00c871a9
0x00c871ad
0x00c871b2
0x00c871b2
0x00c871bb
0x00c871c0
0x00c871c0
0x00c871cc

APIs

lstrlenW.KERNEL32(00000000), ref: 00C870E7

Strings

Failed to append escape sequence., xrefs: 00C8717A
Failed to append characters., xrefs: 00C87173
Failed to allocate buffer for escaped string., xrefs: 00C870FE
Failed to format escape sequence., xrefs: 00C87181
[]{}, xrefs: 00C87111
[\%c], xrefs: 00C87146
Failed to copy string., xrefs: 00C8719B

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: lstrlen
String ID: Failed to allocate buffer for escaped string.$Failed to append characters.$Failed to append escape sequence.$Failed to copy string.$Failed to format escape sequence.$[\%c]$[]{}
API String ID: 1659193697-3250950999
Opcode ID: f049a7027b3f20bcd764f30cbc4026a7fd93f53944c5754b00fa292195b5814c
Instruction ID: 6814c50aa5e5a272df40a565b6124daee89f986776c28fda8de56d170706c141
Opcode Fuzzy Hash: f049a7027b3f20bcd764f30cbc4026a7fd93f53944c5754b00fa292195b5814c
Instruction Fuzzy Hash: 3321EB33D48225BADB11B694DC4AF9EB6A89B00714F30026DF908B6540FB74EE41A398

Uniqueness

Uniqueness Score: -1.00%

Function 00CA9039, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 171
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CA9039(void* __ecx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12) {
				int _v8;
				intOrPtr _v12;
				short* _t46;
				intOrPtr* _t51;
				void* _t80;
				intOrPtr* _t87;
				intOrPtr _t88;
				intOrPtr _t91;
				intOrPtr* _t92;
				intOrPtr* _t96;
				intOrPtr _t97;
				intOrPtr _t99;
				int _t102;
				void* _t114;

				_push(__ecx);
				_push(__ecx);
				_t99 = _a12;
				_t102 = 0;
				_v8 = 0;
				_t46 =  *(_t99 + 0xbc);
				if(_t46 != 0 && CompareStringW(0, 1, _t46, 0xffffffff,  *(_t99 + 0x10), 0xffffffff) != 2) {
					_t51 =  *((intOrPtr*)(_t99 + 0x40));
					if(_t51 != 0 &&  *_t51 != 0) {
						_t96 = _a8;
						if( *_t96 != 5) {
							__eflags =  *_t96 - 3;
							if( *_t96 == 3) {
								L9:
								__eflags = E00CA7B00(_t96, _t99, _t51);
								_t80 = 1;
								_t88 =  !=  ? _t80 : 0;
								__eflags = _t88;
								_v8 = _t88;
							} else {
								__eflags =  *_t96 - 6;
								if( *_t96 == 6) {
									goto L9;
								} else {
									__eflags =  *_t96 - 7;
									if( *_t96 == 7) {
										goto L9;
									}
								}
							}
						} else {
							_v8 = 1;
						}
					}
					_t91 = 0;
					_a12 = 0;
					if( *((intOrPtr*)(_t99 + 0xb8)) > 0) {
						_t97 = 0;
						_v12 = 0;
						do {
							_t87 =  *((intOrPtr*)(_t99 + 0xb4)) + _t97;
							if( *_t87 != 2) {
								goto L18;
							} else {
								_t114 =  *((intOrPtr*)(_t99 + 0x3c)) -  *((intOrPtr*)(_t87 + 0xc));
								if(_t114 > 0 || _t114 >= 0 &&  *((intOrPtr*)(_t99 + 0x38)) >  *((intOrPtr*)(_t87 + 8))) {
									goto L18;
								} else {
									if(CompareStringW(0, 1,  *(_t99 + 0xbc), 0xffffffff,  *(_t87 + 0x18), 0xffffffff) == 2) {
										_t92 =  *((intOrPtr*)(_a4 + 0x10));
										_a12 =  *((intOrPtr*)( *_t92 + 0x1c))(_t92,  *(_t87 + 0x18),  *_t87,  *((intOrPtr*)(_t87 + 0x10)),  *((intOrPtr*)(_t87 + 0x2c)),  *((intOrPtr*)(_t87 + 8)),  *((intOrPtr*)(_t87 + 0xc)), _v8);
										_t102 = E00C8D58B(_a4, 1, _t59);
										__eflags = _t102;
										if(_t102 >= 0) {
											__eflags = _a12 - 1;
											if(__eflags != 0) {
												L27:
												_push(E00C93C30( *((intOrPtr*)(_t99 + 0xc4))));
												_push(E00C943FA( *((intOrPtr*)(_t87 + 8)),  *((intOrPtr*)(_t87 + 0xc))));
												_push(E00C940EF( *((intOrPtr*)(_t87 + 0x2c))));
												_push(E00C9416A( *_t87));
												E00C8550F(2, 0x2000006b,  *(_t87 + 0x18));
											} else {
												_t39 = _t99 + 0xc8; // 0x4d8
												_t102 = E00CAC517(_t92, __eflags, _t39, _a8, 0,  *((intOrPtr*)(_t99 + 0x40)),  *((intOrPtr*)(_t99 + 0xc0)), _t87 + 0x18);
												__eflags = _t102;
												if(_t102 >= 0) {
													__eflags = 1;
													 *((intOrPtr*)(_t99 + 0xc4)) = 1;
													goto L27;
												} else {
													_push("Failed to initialize update bundle.");
													goto L22;
												}
											}
										} else {
											E00C837D3(_t62, "detect.cpp", 0x7e, _t102);
											_push("BA aborted detect forward compatible bundle.");
											L22:
											_push(_t102);
											E00CC012F();
										}
									} else {
										_t91 = _a12;
										_t97 = _v12;
										goto L18;
									}
								}
							}
							goto L28;
							L18:
							_t91 = _t91 + 1;
							_t97 = _t97 + 0xf8;
							_a12 = _t91;
							_v12 = _t97;
						} while (_t91 <  *((intOrPtr*)(_t99 + 0xb8)));
					}
				}
				L28:
				return _t102;
			}

0x00ca903c
0x00ca903d
0x00ca9041
0x00ca9048
0x00ca904a
0x00ca904d
0x00ca9055
0x00ca9077
0x00ca907c
0x00ca9085
0x00ca908b
0x00ca9095
0x00ca9098
0x00ca90a4
0x00ca90ab
0x00ca90af
0x00ca90b0
0x00ca90b0
0x00ca90b3
0x00ca909a
0x00ca909a
0x00ca909d
0x00000000
0x00ca909f
0x00ca909f
0x00ca90a2
0x00000000
0x00000000
0x00ca90a2
0x00ca909d
0x00ca908d
0x00ca9090
0x00ca9090
0x00ca908b
0x00ca90b8
0x00ca90ba
0x00ca90c3
0x00ca90c9
0x00ca90cb
0x00ca90ce
0x00ca90d4
0x00ca90d9
0x00000000
0x00ca90db
0x00ca90de
0x00ca90e1
0x00000000
0x00ca90ed
0x00ca910a
0x00ca9138
0x00ca914d
0x00ca915a
0x00ca915c
0x00ca915e
0x00ca917f
0x00ca9182
0x00ca91b9
0x00ca91c4
0x00ca91d0
0x00ca91d9
0x00ca91e1
0x00ca91ec
0x00ca9184
0x00ca9197
0x00ca91a3
0x00ca91a5
0x00ca91a7
0x00ca91b2
0x00ca91b3
0x00000000
0x00ca91a9
0x00ca91a9
0x00000000
0x00ca91a9
0x00ca91a7
0x00ca9160
0x00ca9168
0x00ca916d
0x00ca9172
0x00ca9172
0x00ca9173
0x00ca9179
0x00ca910c
0x00ca910c
0x00ca910f
0x00000000
0x00ca910f
0x00ca910a
0x00ca90e1
0x00000000
0x00ca9112
0x00ca9112
0x00ca9113
0x00ca9119
0x00ca911c
0x00ca911f
0x00ca9127
0x00ca90c3
0x00ca91f4
0x00ca91fc

APIs

CompareStringW.KERNEL32(00000000,00000001,?,000000FF,?,000000FF,00000000,00000100,00000000,?,?,?,00C96F20,000000B8,0000001C,00000100), ref: 00CA9068
CompareStringW.KERNEL32(00000000,00000001,?,000000FF,00CCB4A8,000000FF,?,?,?,00C96F20,000000B8,0000001C,00000100,00000100,00000100,000000B0), ref: 00CA9101

Strings

BA aborted detect forward compatible bundle., xrefs: 00CA916D
Failed to initialize update bundle., xrefs: 00CA91A9
comres.dll, xrefs: 00CA9187
detect.cpp, xrefs: 00CA9163

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CompareString
String ID: BA aborted detect forward compatible bundle.$Failed to initialize update bundle.$comres.dll$detect.cpp
API String ID: 1825529933-439563586
Opcode ID: 3817aede8ba1a02b0938b30b49cdd55797330ffa1b5c34e927001d0c52191a61
Instruction ID: ca8ebd0502f70847a22d91edfeff9c1b850e0d5c78c8b1aeb0bb90836a9bae38
Opcode Fuzzy Hash: 3817aede8ba1a02b0938b30b49cdd55797330ffa1b5c34e927001d0c52191a61
Instruction Fuzzy Hash: 5E51F271600206BFDF15AF78CC86E6AB7BAFF0A324B104269F925CA250D731DD61DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CC143C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123
stringregistryCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E00CC143C(void* _a4, short* _a8, intOrPtr _a12, signed int _a16) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _t43;
				signed int _t45;
				signed short _t52;
				signed int _t62;
				signed int _t64;
				char* _t65;
				signed int _t66;
				signed int _t68;
				void* _t70;
				char* _t74;
				signed int _t76;
				signed int _t77;
				signed int _t78;
				signed int _t82;
				signed int _t83;

				_t64 = _a16;
				_t43 = 0;
				_v16 = _v16 & 0;
				_t74 = 0;
				_v8 = 0;
				if(_t64 != 0) {
					_t66 = 0;
					_t45 = 1;
					_v12 = 0;
					_a16 = 1;
					if(_t64 == 0) {
						L5:
						_t77 = E00C81EDE( &_v8, _t45);
						if(_t77 < 0) {
							L14:
							_t74 = _v8;
							L15:
							if(_t74 != 0) {
								E00CC54EF(_t74);
							}
							return _t77;
						}
						_t74 = _v8;
						_t78 = 0;
						_v12 = 0;
						if(_t64 == 0) {
							L10:
							_t43 = _a16;
							_t65 = _t74;
							L11:
							_push( &_v16);
							_t68 = 2;
							_push(_t43 * _t68 >> 0x20);
							_push(_t43 * _t68);
							_t77 = E00C86E2E();
							if(_t77 < 0) {
								goto L15;
							}
							_t52 = RegSetValueExW(_a4, _a8, 0, 7, _t65, _v16);
							if(_t52 != 0) {
								_t81 =  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
								_t77 =  >=  ? 0x80004005 :  <=  ? _t52 : _t52 & 0x0000ffff | 0x80070000;
								E00C837D3(0x80004005, "regutil.cpp", 0x35c, _t77);
							}
							goto L14;
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_t77 = E00C81BEA(_t74, _a16,  *((intOrPtr*)(_a12 + _t78 * 4)));
							if(_t77 < 0) {
								goto L14;
							}
							_t82 = _v12;
							lstrlenW( *(_a12 + _t82 * 4));
							_t74 = _t74 + lstrlenW( *(_a12 + _t82 * 4)) * 2 + 2;
							_t78 = _t82 + 1;
							_v12 = _t78;
							if(_t78 < _t64) {
								continue;
							}
							_t74 = _v8;
							goto L10;
						}
						goto L14;
					} else {
						goto L3;
					}
					while(1) {
						L3:
						_t76 = _t45;
						_t83 = _t45;
						_t62 = lstrlenW( *(_a12 + _t66 * 4));
						_t70 = _a16 + 1 + _t62;
						_t45 =  >=  ? _t70 : _t62 | 0xffffffff;
						_a16 = _t45;
						asm("sbb esi, esi");
						_t77 = _t83 & 0x80070216;
						if(_t70 < _t76) {
							goto L14;
						}
						_t66 = _v12 + 1;
						_v12 = _t66;
						if(_t66 < _t64) {
							continue;
						}
						goto L5;
					}
					goto L14;
				}
				_t65 = 0xce6440;
				goto L11;
			}

0x00cc1443
0x00cc1446
0x00cc1448
0x00cc144d
0x00cc144f
0x00cc1454
0x00cc1462
0x00cc1464
0x00cc1465
0x00cc1468
0x00cc146d
0x00cc14af
0x00cc14b9
0x00cc14bd
0x00cc156f
0x00cc156f
0x00cc1572
0x00cc1574
0x00cc1577
0x00cc1577
0x00cc1584
0x00cc1584
0x00cc14c3
0x00cc14c6
0x00cc14c8
0x00cc14cd
0x00cc1514
0x00cc1514
0x00cc1517
0x00cc1519
0x00cc151c
0x00cc151f
0x00cc1522
0x00cc1523
0x00cc1529
0x00cc152d
0x00000000
0x00000000
0x00cc153d
0x00cc1545
0x00cc1552
0x00cc155c
0x00cc156a
0x00cc156a
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc14cf
0x00cc14cf
0x00cc14de
0x00cc14e2
0x00000000
0x00000000
0x00cc14eb
0x00cc14f1
0x00cc1506
0x00cc1509
0x00cc150a
0x00cc150f
0x00000000
0x00000000
0x00cc1511
0x00000000
0x00cc1511
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc146f
0x00cc146f
0x00cc146f
0x00cc1471
0x00cc1479
0x00cc1485
0x00cc148c
0x00cc1491
0x00cc1494
0x00cc1496
0x00cc149e
0x00000000
0x00000000
0x00cc14a7
0x00cc14a8
0x00cc14ad
0x00000000
0x00000000
0x00000000
0x00cc14ad
0x00000000
0x00cc146f
0x00cc1456
0x00000000

APIs

lstrlenW.KERNEL32(?,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 00CC1479
lstrlenW.KERNEL32(?,00000000,00000000,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006,00000000,?,?,?,00000001), ref: 00CC14F1
lstrlenW.KERNEL32(?,?,?,?,00000001), ref: 00CC14FD
RegSetValueExW.ADVAPI32(00020006,?,00000000,00000007,00000000,?,00000000,?,?,00000000,00000001,00000000,00000000,BundleUpgradeCode,?,00020006), ref: 00CC153D

Strings

regutil.cpp, xrefs: 00CC1565
BundleUpgradeCode, xrefs: 00CC1442

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: lstrlen$Value
String ID: BundleUpgradeCode$regutil.cpp
API String ID: 198323757-1648651458
Opcode ID: 2c7a06792a9a2235eb006b75896d8e6ec0c2bf9313190db15ce32340ae3b14c2
Instruction ID: 8c1c73fcfa5e445415141362109c3bc81ac7217cb6c69f792c85428d9dc4cf7a
Opcode Fuzzy Hash: 2c7a06792a9a2235eb006b75896d8e6ec0c2bf9313190db15ce32340ae3b14c2
Instruction Fuzzy Hash: C341F372E1022AAFCF11DFA9C841FAE7BAAAF44710F15016DFD01E7211D630DD118B90

Uniqueness

Uniqueness Score: -1.00%

Function 00C9D206, Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 120
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00C9D206(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				void* __ecx;
				intOrPtr* _t18;
				void* _t43;
				void* _t57;
				intOrPtr _t58;
				void* _t60;
				void* _t61;
				void* _t64;

				_v8 = _v8 | 0xffffffff;
				_t58 = _a4;
				_t18 =  *((intOrPtr*)(_t58 + 0xc8));
				_t61 = E00C8D58B(_t58 + 0xb8, 1,  *((intOrPtr*)( *_t18 + 0x74))(_t18, _t57, _t60, _t43));
				if(_t61 >= 0) {
					_push(__ebx);
					_t41 = _t58 + 0x4a0;
					if(E00C94B96(_t58 + 0x4a0, __edx, _t58 + 0x4a0, _t58 + 0x4a4) >= 0) {
						if(E00C94CE8(_t41, 1,  &_v8) >= 0) {
							_push(0x2000000a);
							_push(2);
							E00C8550F();
							while(1) {
								_t64 = E00C94ED2( *((intOrPtr*)(_t58 + 0x49c)), _t41, 1, _a8);
								if(_t64 >= 0) {
									break;
								}
								if(_t64 != 0x800704c7) {
									L13:
									if(_t64 < 0) {
										goto L14;
									}
								} else {
									_t64 = 0x80070642;
									if(E00C8D742(0x80070642,  *((intOrPtr*)(_t58 + 0xc8)), 0, 0, 0x80070642, 0, 0x15, 0) == 4) {
										continue;
									} else {
										L14:
										_push("Failed to elevate.");
										goto L16;
									}
								}
								goto L17;
							}
							_push(0x2000000b);
							_push(2);
							E00C8550F();
							_t64 = E00C952E3(_t41);
							if(_t64 < 0) {
								_push("Failed to connect to elevated child process.");
								goto L16;
							} else {
								_push(0x2000000c);
								_push(2);
								E00C8550F();
								goto L13;
							}
						} else {
							_push("Failed to create pipe and cache pipe.");
							goto L16;
						}
					} else {
						_push("Failed to create pipe name and client token.");
						L16:
						_push(_t64);
						E00CC012F();
					}
					L17:
				} else {
					E00C837D3(_t21, "elevation.cpp", 0x100, _t61);
					_push("UX aborted elevation requirement.");
					_push(_t61);
					E00CC012F();
				}
				if(_v8 != 0) {
					CloseHandle(_v8);
					_v8 = _v8 & 0x00000000;
				}
				if(_t64 < 0) {
					E00C94B2B(_t58 + 0x4a0);
				}
				return _t64;
			}

0x00c9d20a
0x00c9d210
0x00c9d213
0x00c9d22e
0x00c9d232
0x00c9d256
0x00c9d25e
0x00c9d26e
0x00c9d28a
0x00c9d296
0x00c9d29b
0x00c9d29d
0x00c9d2a4
0x00c9d2b5
0x00c9d2b9
0x00000000
0x00000000
0x00c9d2c1
0x00c9d30d
0x00c9d30f
0x00000000
0x00000000
0x00c9d2c3
0x00c9d2d7
0x00c9d2e1
0x00000000
0x00c9d2e3
0x00c9d311
0x00c9d311
0x00000000
0x00c9d311
0x00c9d2e1
0x00000000
0x00c9d2c1
0x00c9d2e5
0x00c9d2ea
0x00c9d2ec
0x00c9d2f9
0x00c9d2fd
0x00c9d318
0x00000000
0x00c9d2ff
0x00c9d2ff
0x00c9d304
0x00c9d306
0x00000000
0x00c9d30c
0x00c9d28c
0x00c9d28c
0x00000000
0x00c9d28c
0x00c9d270
0x00c9d270
0x00c9d31d
0x00c9d31d
0x00c9d31e
0x00c9d324
0x00c9d325
0x00c9d234
0x00c9d23f
0x00c9d244
0x00c9d249
0x00c9d24a
0x00c9d250
0x00c9d32a
0x00c9d32f
0x00c9d335
0x00c9d335
0x00c9d33b
0x00c9d344
0x00c9d344
0x00c9d350

APIs

CloseHandle.KERNEL32(00000000,?,?,00000001,00CCB4F0,?,00000001,000000FF,?,?,7743A770,00000000,00000001,00000000,?,00C972F3), ref: 00C9D32F

Strings

Failed to elevate., xrefs: 00C9D311
Failed to create pipe name and client token., xrefs: 00C9D270
Failed to create pipe and cache pipe., xrefs: 00C9D28C
UX aborted elevation requirement., xrefs: 00C9D244
elevation.cpp, xrefs: 00C9D23A
Failed to connect to elevated child process., xrefs: 00C9D318

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseHandle
String ID: Failed to connect to elevated child process.$Failed to create pipe and cache pipe.$Failed to create pipe name and client token.$Failed to elevate.$UX aborted elevation requirement.$elevation.cpp
API String ID: 2962429428-3003415917
Opcode ID: d56d8caf715ccca94afe7cd940801e587cf2c676330f1d4e605c6c4658d58a5a
Instruction ID: 5b6560e9336a40e49c48faee27065551be50dcfe4e9263bdcace6141aabc726a
Opcode Fuzzy Hash: d56d8caf715ccca94afe7cd940801e587cf2c676330f1d4e605c6c4658d58a5a
Instruction Fuzzy Hash: 9131EE72A45B227BEF156660DC4EFAFB75CEF00721F100216F607B7191DA61EE4053A5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC041B, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118
fileCOMMON

Download Yara Rule

C-Code - Quality: 87%

			E00CC041B(void* __ecx, void* __edx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				void* __ebx;
				void* __esi;
				intOrPtr* _t17;
				void* _t24;
				void* _t26;
				intOrPtr _t27;
				intOrPtr _t30;
				void* _t41;
				void* _t42;
				void* _t44;

				_t42 = __edi;
				_t41 = __edx;
				_t40 = __ecx;
				_push(__ecx);
				_v8 = 0;
				EnterCriticalSection(0xceb60c);
				_t17 = _a16;
				if(_t17 == 0 ||  *_t17 == 0) {
					_t44 = E00C82D79(_t40, _a4, _a8, 0xceb604);
					if(_t44 < 0) {
						goto L21;
					}
					_t44 = E00C83446(_t40,  *0xceb604,  &_v8);
					if(_t44 < 0) {
						goto L21;
					}
					_t44 = E00C84013(_v8, 0);
					if(_t44 < 0) {
						goto L21;
					}
					_push(0);
					_push(0x80);
					_t24 = 2;
					_t40 = 4;
					_t25 =  !=  ? _t40 : _t24;
					_t26 = CreateFileW( *0xceb604, 0x40000000, 1, 0,  !=  ? _t40 : _t24, ??, ??);
					 *0xcea774 = _t26;
					if(_t26 != 0xffffffff) {
						L11:
						if(_a20 != 0) {
							SetFilePointer(_t26, 0, 0, 2);
						}
						goto L13;
					}
					_t44 =  <=  ? GetLastError() : _t34 & 0x0000ffff | 0x80070000;
					if(_t44 >= 0) {
						_t26 =  *0xcea774; // 0xffffffff
						goto L11;
					}
					E00C837D3(_t34, "logutil.cpp", 0x81, _t44);
					goto L21;
				} else {
					_t44 = E00C82DE0(_t40, _a4, _a8, _a12, _t17, 0xceb604, 0xcea774);
					if(_t44 < 0) {
						L21:
						LeaveCriticalSection(0xceb60c);
						if(_v8 != 0) {
							E00CC54EF(_v8);
						}
						return _t44;
					} else {
						L13:
						if(_a24 != 0) {
							E00CC01F0(0, _t41, _t42, _t44);
						}
						_t27 =  *0xceb608; // 0x0
						if(_t27 != 0) {
							E00CC0658(_t40, _t41, _t27);
							_t30 =  *0xceb608; // 0x0
							if(_t30 != 0) {
								E00CC54EF(_t30);
								 *0xceb608 = 0;
							}
						}
						if(_a28 == 0) {
							L20:
							 *0xceb634 = 0;
							goto L21;
						} else {
							_t44 = E00C821A5(_a28,  *0xceb604, 0);
							if(_t44 < 0) {
								goto L21;
							}
							goto L20;
						}
					}
				}
			}

0x00cc041b
0x00cc041b
0x00cc041b
0x00cc041e
0x00cc0428
0x00cc042b
0x00cc0431
0x00cc0436
0x00cc0475
0x00cc0479
0x00000000
0x00000000
0x00cc048e
0x00cc0492
0x00000000
0x00000000
0x00cc04a1
0x00cc04a5
0x00000000
0x00000000
0x00cc04ae
0x00cc04af
0x00cc04b6
0x00cc04b9
0x00cc04ba
0x00cc04cc
0x00cc04d2
0x00cc04da
0x00cc050b
0x00cc050e
0x00cc0515
0x00cc0515
0x00000000
0x00cc050e
0x00cc04ed
0x00cc04f2
0x00cc0506
0x00000000
0x00cc0506
0x00cc04ff
0x00000000
0x00cc043d
0x00cc0456
0x00cc045a
0x00cc0569
0x00cc056e
0x00cc0577
0x00cc057c
0x00cc057c
0x00cc0588
0x00cc0460
0x00cc051b
0x00cc051e
0x00cc0520
0x00cc0520
0x00cc0525
0x00cc052c
0x00cc052f
0x00cc0534
0x00cc053b
0x00cc053e
0x00cc0543
0x00cc0543
0x00cc053b
0x00cc054c
0x00cc0563
0x00cc0563
0x00000000
0x00cc054e
0x00cc055d
0x00cc0561
0x00000000
0x00000000
0x00000000
0x00cc0561
0x00cc054c
0x00cc045a

APIs

EnterCriticalSection.KERNEL32(00CEB60C,00000000,?,?,?,00C85407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00CC042B
CreateFileW.KERNEL32(40000000,00000001,00000000,00000002,00000080,00000000,?,00000000,?,?,?,00CEB604,?,00C85407,00000000,Setup), ref: 00CC04CC
GetLastError.KERNEL32(?,00C85407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00CC04DC
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00C85407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00CC0515

Part of subcall function 00C82DE0: GetLocalTime.KERNEL32(?,?,?,?,?,?), ref: 00C82F1F

LeaveCriticalSection.KERNEL32(00CEB60C,?,?,00CEB604,?,00C85407,00000000,Setup,_Failed,txt,00000000,00000000,00000000,?,?,?), ref: 00CC056E

Strings

logutil.cpp, xrefs: 00CC04FA

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalFileSection$CreateEnterErrorLastLeaveLocalPointerTime
String ID: logutil.cpp
API String ID: 4111229724-3545173039
Opcode ID: 4f0fb2db2a7e0459ab551b7986d67fcc5df63faa1f80d48693f546bbec760999
Instruction ID: ed2a5b99209ee9742051479112819fbde647c7f70edc89c2b92fb5e50ecd3dfc
Opcode Fuzzy Hash: 4f0fb2db2a7e0459ab551b7986d67fcc5df63faa1f80d48693f546bbec760999
Instruction Fuzzy Hash: 163187B1A01355FFDB31AFA1DC86F6F3A6CEB00755F144129FA10AA161D770DE40AB94

Uniqueness

Uniqueness Score: -1.00%

Function 00C9D01A, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 117
threadCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E00C9D01A(char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr* _a52, intOrPtr* _a56) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v96;
				void _v100;
				void* __edi;
				intOrPtr _t76;
				char _t77;
				intOrPtr _t85;
				void* _t86;
				intOrPtr _t87;
				void* _t88;
				intOrPtr _t89;
				void* _t90;

				E00CAF670(_t86,  &_v100, 0, 0x2c);
				E00CAF670(_t86,  &_v56, 0, 0x2c);
				_t77 = _a4;
				_v96 = _a12;
				_t85 = _a40;
				_t87 = _a32;
				_t89 = _a36;
				_v80 = _a20;
				_v76 = _a24;
				_v52 = _a8;
				_v48 = _a44;
				_v44 = _a48;
				_v40 = _a16;
				_v100 = _t77;
				_v56 = _t77;
				_v36 = _a20;
				_v32 = _a24;
				_v12 = 0;
				_v8 = 0;
				_t76 = _a28;
				_v72 = _t76;
				_v68 = _t87;
				_v64 = _t89;
				_v60 = _t85;
				_v28 = _t76;
				_v24 = _t87;
				_v20 = _t89;
				_v16 = _t85;
				_t88 = CreateThread(0, 0, E00C9AB3C,  &_v100, 0, 0);
				if(_t88 != 0) {
					_t90 = E00C94FB3(0, _t85, _a8, E00C9C59C,  &_v56,  &_v12);
					if(_t90 >= 0) {
						E00C9CCF4(0, _t88, _v12);
						 *_a52 = _v12;
						 *_a56 = _v8;
					} else {
						_push("Failed to pump messages in child process.");
						_push(_t90);
						E00CC012F();
					}
					CloseHandle(_t88);
				} else {
					_t93 =  <=  ? GetLastError() : _t71 & 0x0000ffff | 0x80070000;
					_t90 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t71 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "elevation.cpp", 0x45c, _t90);
					_push("Failed to create elevated cache thread.");
					_push(_t90);
					E00CC012F();
				}
				return _t90;
			}

0x00c9d02c
0x00c9d038
0x00c9d043
0x00c9d046
0x00c9d04c
0x00c9d04f
0x00c9d052
0x00c9d055
0x00c9d05b
0x00c9d061
0x00c9d067
0x00c9d06d
0x00c9d073
0x00c9d079
0x00c9d07c
0x00c9d082
0x00c9d089
0x00c9d096
0x00c9d099
0x00c9d09c
0x00c9d0a0
0x00c9d0a3
0x00c9d0a6
0x00c9d0a9
0x00c9d0ac
0x00c9d0af
0x00c9d0b2
0x00c9d0b5
0x00c9d0be
0x00c9d0c2
0x00c9d116
0x00c9d11a
0x00c9d12f
0x00c9d13a
0x00c9d142
0x00c9d11c
0x00c9d11c
0x00c9d121
0x00c9d122
0x00c9d128
0x00c9d145
0x00c9d0c4
0x00c9d0d5
0x00c9d0df
0x00c9d0ed
0x00c9d0f2
0x00c9d0f7
0x00c9d0f8
0x00c9d0fe
0x00c9d153

APIs

CreateThread.KERNEL32 ref: 00C9D0B8
GetLastError.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C9D0C4
CloseHandle.KERNEL32(00000000,00000000,?,?,00C9C59C,00000001,?,?,?,?,?,00000000,00000000,?,?,?), ref: 00C9D145

Strings

Failed to create elevated cache thread., xrefs: 00C9D0F2
elevation.cpp, xrefs: 00C9D0E8
Failed to pump messages in child process., xrefs: 00C9D11C

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseCreateErrorHandleLastThread
String ID: Failed to create elevated cache thread.$Failed to pump messages in child process.$elevation.cpp
API String ID: 747004058-4134175193
Opcode ID: 62f45b0147d4f2b4474fd655cfd0bc12037fbf533ce2368161f053e45d1ec39d
Instruction ID: 4f022f6014a4c5767b8a77850b49db4a2295431d8b37c01e1b6b3209f6bb9473
Opcode Fuzzy Hash: 62f45b0147d4f2b4474fd655cfd0bc12037fbf533ce2368161f053e45d1ec39d
Instruction Fuzzy Hash: DF41E4B5E01219AFDB04DFA9D8859EEBBF8EF08310F10412AF909E7340D770A9419BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C87203, Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 92
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 42%

			E00C87203(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				void* _t29;
				char* _t38;
				signed int _t46;
				void* _t49;

				_t41 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v12 = _v12 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t29 = E00C85C87(_t41, _a4, _a8,  &_v12);
				_t46 = _v12;
				_t49 = _t29;
				if(_t49 < 0 ||  *((intOrPtr*)(_t46 + 0x18)) != 0) {
					if(_t49 == 0x80070490) {
						goto L18;
					}
					if(_t49 >= 0) {
						if( *((intOrPtr*)(_t46 + 0x18)) != 2 ||  *((intOrPtr*)(_t46 + 0x2c)) != 0 ||  *((intOrPtr*)(_t46 + 0x24)) != 0) {
							_t24 = _t46 + 8; // 0x8
							_t49 = E00CA00E0(_t24, _a12);
							if(_t49 >= 0) {
								goto L18;
							}
							_push(_a8);
							_push("Failed to get value as string for variable: %ls");
							L17:
							_push(_t49);
							E00CC012F();
						} else {
							_t16 = _t46 + 8; // 0x8
							_t49 = E00CA00E0(_t16,  &_v8);
							if(_t49 >= 0) {
								_t49 = E00C8567D(_a4, _v8, _a12, 0, 0);
								if(_t49 < 0) {
									_t38 = L"*****";
									if( *((intOrPtr*)(_t46 + 0x20)) == 0) {
										_t38 =  *(_t46 + 8);
									}
									_push(_a8);
									E00CC012F(_t49, "Failed to format value \'%ls\' of variable: %ls", _t38);
								}
							} else {
								_push("Failed to get unformatted string.");
								_push(_t49);
								E00CC012F();
							}
						}
						goto L18;
					}
					_push(_a8);
					_push("Failed to get variable: %ls");
					goto L17;
				} else {
					_t49 = 0x80070490;
					L18:
					LeaveCriticalSection(_a4);
					E00C82793(_v8);
					return _t49;
				}
			}

0x00c87203
0x00c87206
0x00c87207
0x00c87208
0x00c8720c
0x00c87215
0x00c87225
0x00c8722a
0x00c8722d
0x00c87231
0x00c87249
0x00000000
0x00000000
0x00c87251
0x00c87264
0x00c872d1
0x00c872da
0x00c872de
0x00000000
0x00000000
0x00c872e0
0x00c872e3
0x00c872e8
0x00c872e8
0x00c872e9
0x00c87272
0x00c87275
0x00c8727f
0x00c87283
0x00c872a6
0x00c872aa
0x00c872b0
0x00c872b5
0x00c872b7
0x00c872b7
0x00c872ba
0x00c872c4
0x00c872c9
0x00c87285
0x00c87285
0x00c8728a
0x00c8728b
0x00c87291
0x00c87283
0x00000000
0x00c87264
0x00c87253
0x00c87256
0x00000000
0x00c87239
0x00c87239
0x00c872f1
0x00c872f4
0x00c872fd
0x00c87309
0x00c87309

APIs

EnterCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,?,00C8583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00C87215
LeaveCriticalSection.KERNEL32(00000000,00000000,00000002,00000000,?,?,?,00C8583F,000002C0,000002C0,00000000,00000100,00000001,00000000,000002C0,00000002), ref: 00C872F4

Strings

Failed to get value as string for variable: %ls, xrefs: 00C872E3
Failed to format value '%ls' of variable: %ls, xrefs: 00C872BE
*****, xrefs: 00C872B0, 00C872BD
Failed to get variable: %ls, xrefs: 00C87256
Failed to get unformatted string., xrefs: 00C87285

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: *****$Failed to format value '%ls' of variable: %ls$Failed to get unformatted string.$Failed to get value as string for variable: %ls$Failed to get variable: %ls
API String ID: 3168844106-2873099529
Opcode ID: c9038efd9d9dfd3f8b571ab96e7919510f926bba78f5cd0248782acbc9f5b40a
Instruction ID: 817bc1ae50c26ed3c3a9833f8779dd11a133fbea6db2f8b01898989d6c80a489
Opcode Fuzzy Hash: c9038efd9d9dfd3f8b571ab96e7919510f926bba78f5cd0248782acbc9f5b40a
Instruction Fuzzy Hash: 2131B63290462AFBCF21AB90CC45F9E7B65EF15328F204229F81466550E775EE90ABC8

Uniqueness

Uniqueness Score: -1.00%

Function 00C8410D, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00C8410D(void* __ecx, WCHAR** _a4) {
				long _v8;
				long _t6;
				void* _t12;
				WCHAR* _t18;
				long _t19;
				WCHAR** _t23;
				long _t26;

				_t18 = 0;
				_t23 = _a4;
				_t6 = 0;
				_v8 = 0;
				_t26 = 0;
				if(_t23 == 0 ||  *_t23 == 0) {
					L5:
					_t19 = GetCurrentDirectoryW(_t6, _t18);
					if(_t19 != 0) {
						if(_v8 >= _t19) {
							goto L12;
						}
						_t26 = E00C81EDE(_t23, _t19);
						if(_t26 >= 0 && GetCurrentDirectoryW(_t19,  *_t23) == 0) {
							_t30 =  <=  ? GetLastError() : _t11 & 0x0000ffff | 0x80070000;
							_t12 = 0x80004005;
							_t26 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t11 & 0x0000ffff | 0x80070000;
							_push(_t26);
							_push(0x190);
							L11:
							_push("dirutil.cpp");
							E00C837D3(_t12);
						}
						goto L12;
					}
					_t33 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t12 = 0x80004005;
					_t26 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_push(_t26);
					_push(0x187);
					goto L11;
				} else {
					_t26 = E00C8275D( *_t23,  &_v8);
					if(_t26 < 0) {
						L12:
						return _t26;
					}
					_t6 = _v8;
					if(_t6 != 0) {
						_t18 =  *_t23;
					}
					goto L5;
				}
			}

0x00c84113
0x00c84116
0x00c84119
0x00c8411b
0x00c8411e
0x00c84122
0x00c84146
0x00c8414e
0x00c84152
0x00c8417d
0x00000000
0x00000000
0x00c84186
0x00c8418a
0x00c841aa
0x00c841ad
0x00c841b4
0x00c841b7
0x00c841b8
0x00c841bd
0x00c841bd
0x00c841c2
0x00c841c2
0x00000000
0x00c8418a
0x00c84165
0x00c84168
0x00c8416f
0x00c84172
0x00c84173
0x00000000
0x00c84128
0x00c84133
0x00c84137
0x00c841c7
0x00c841cf
0x00c841cf
0x00c8413d
0x00c84142
0x00c84144
0x00c84144
0x00000000
0x00c84142

APIs

GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00000000,crypt32.dll,?,?,00C93ED4,00000001,feclient.dll,?,00000000,?,?,?,00C84A0C), ref: 00C84148
GetLastError.KERNEL32(?,?,00C93ED4,00000001,feclient.dll,?,00000000,?,?,?,00C84A0C,?,?,00CCB478,?,00000001), ref: 00C84154
GetCurrentDirectoryW.KERNEL32(00000000,?,?,00000000,?,?,00C93ED4,00000001,feclient.dll,?,00000000,?,?,?,00C84A0C,?), ref: 00C8418F
GetLastError.KERNEL32(?,?,00C93ED4,00000001,feclient.dll,?,00000000,?,?,?,00C84A0C,?,?,00CCB478,?,00000001), ref: 00C84199

Strings

dirutil.cpp, xrefs: 00C841BD
crypt32.dll, xrefs: 00C84111

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CurrentDirectoryErrorLast
String ID: crypt32.dll$dirutil.cpp
API String ID: 152501406-1104880720
Opcode ID: 8d4a23a25dc2d24b3574eb6fa689670519d341d6c7496a849e1aea7354da5988
Instruction ID: 4ae9b14a2afc9e39467b21dfd31ac9fa8f8201f264417028b7152a1875a020ac
Opcode Fuzzy Hash: 8d4a23a25dc2d24b3574eb6fa689670519d341d6c7496a849e1aea7354da5988
Instruction Fuzzy Hash: CB11DA76A00727AFA721AAA98C88B6FB6DCEF14759F110135FD15E7110E720CD4087E4

Uniqueness

Uniqueness Score: -1.00%

Function 00C9444C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E00C9444C(char _a4, intOrPtr _a8, char _a12, intOrPtr* _a16, intOrPtr* _a20) {
				char _t17;
				intOrPtr _t31;
				intOrPtr _t37;
				void* _t38;

				_t38 = 0;
				_t17 =  ==  ? 0 : _a12;
				_a12 = _t17;
				_t37 = _t17 + 8;
				_t31 = E00C838D4(_t37, 0);
				if(_t31 != 0) {
					E00CA1664(_t31, _t37,  &_a4, 4);
					_t7 = _t37 - 4; // 0xccb504
					_t8 = _t31 + 4; // 0x4
					E00CA1664(_t8, _t7,  &_a12, 4);
					if(_a12 != 0) {
						_t11 = _t37 - 8; // 0xccb500
						_t13 = _t31 + 8; // 0x8
						E00CA1664(_t13, _t11, _a8, _a12);
					}
					 *_a20 = _t37;
					 *_a16 = _t31;
				} else {
					_t38 = 0x8007000e;
					E00C837D3(_t18, "pipe.cpp", 0x2be, 0x8007000e);
					_push("Failed to allocate memory for message.");
					_push(0x8007000e);
					E00CC012F();
				}
				return _t38;
			}

0x00c94456
0x00c9445c
0x00c94460
0x00c94463
0x00c9446c
0x00c94470
0x00c9449e
0x00c944a9
0x00c944ad
0x00c944b1
0x00c944bc
0x00c944c1
0x00c944c8
0x00c944cc
0x00c944d1
0x00c944d7
0x00c944dc
0x00c94472
0x00c94472
0x00c94482
0x00c94487
0x00c9448c
0x00c9448d
0x00c94493
0x00c944e4

APIs

Part of subcall function 00C838D4: GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
Part of subcall function 00C838D4: RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

_memcpy_s.LIBCMT ref: 00C9449E
_memcpy_s.LIBCMT ref: 00C944B1
_memcpy_s.LIBCMT ref: 00C944CC

Strings

feclient.dll, xrefs: 00C94466, 00C9449C
pipe.cpp, xrefs: 00C9447D
Failed to allocate memory for message., xrefs: 00C94487

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: _memcpy_s$Heap$AllocateProcess
String ID: Failed to allocate memory for message.$feclient.dll$pipe.cpp
API String ID: 886498622-766083570
Opcode ID: 06174c36245e7f214c707c8686af9191f46f8b78f6b794ac202ca48db1603fd2
Instruction ID: e7b9941471bd8aaf69c4fcd1b17329c4241007b1a921f2156f9adb6bf0085257
Opcode Fuzzy Hash: 06174c36245e7f214c707c8686af9191f46f8b78f6b794ac202ca48db1603fd2
Instruction Fuzzy Hash: 60114FB260031EABDB05AF90CC86DEBB3ACEF05B14F04452AFA119B141E770EA1197E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9555, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 77%

			E00CC9555() {
				intOrPtr _t1;
				_Unknown_base(*)()* _t3;
				void* _t5;
				_Unknown_base(*)()* _t6;
				struct HINSTANCE__* _t14;

				_t1 =  *0xceb708; // 0x0
				if(_t1 != 1) {
					if(_t1 == 0) {
						_t14 = GetModuleHandleW(L"KERNEL32.DLL");
						if(_t14 != 0) {
							_t3 = GetProcAddress(_t14, "AcquireSRWLockExclusive");
							if(_t3 == 0) {
								goto L5;
							} else {
								 *0xceb70c = _t3;
								_t6 = GetProcAddress(_t14, "ReleaseSRWLockExclusive");
								if(_t6 == 0) {
									goto L5;
								} else {
									 *0xceb710 = _t6;
								}
							}
						} else {
							L5:
							_t14 = 1;
						}
						asm("lock cmpxchg [edx], ecx");
						if(0 != 0 || _t14 != 1) {
							if(0 != 1) {
								_t5 = 1;
							} else {
								goto L12;
							}
						} else {
							L12:
							_t5 = 0;
						}
						return _t5;
					} else {
						return 1;
					}
				} else {
					return 0;
				}
			}

0x00cc9555
0x00cc9560
0x00cc9568
0x00cc957a
0x00cc957e
0x00cc958a
0x00cc9592
0x00000000
0x00cc9594
0x00cc959a
0x00cc959f
0x00cc95a7
0x00000000
0x00cc95a9
0x00cc95a9
0x00cc95a9
0x00cc95a7
0x00cc9580
0x00cc9580
0x00cc9580
0x00cc9580
0x00cc95b7
0x00cc95bd
0x00cc95c5
0x00cc95cb
0x00000000
0x00000000
0x00000000
0x00cc95c7
0x00cc95c7
0x00cc95c7
0x00cc95c7
0x00cc95cf
0x00cc956a
0x00cc956d
0x00cc956d
0x00cc9562
0x00cc9565
0x00cc9565

Strings

KERNEL32.DLL, xrefs: 00CC956F
AcquireSRWLockExclusive, xrefs: 00CC9584
ReleaseSRWLockExclusive, xrefs: 00CC9594

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID:
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 0-1718035505
Opcode ID: 332f19300e58ee7302cfa87372162be6157e697ac94ea33462ad6aad841ceba3
Instruction ID: b2181e8d54c37c2591d8e1baea15f1cb1de70c59437df06c7737ce3fee20113d
Opcode Fuzzy Hash: 332f19300e58ee7302cfa87372162be6157e697ac94ea33462ad6aad841ceba3
Instruction Fuzzy Hash: 3E01D1B1B812A29B4F324EB2DC89FAB2388DA45751300427FE521C7280D771CE4197A0

Uniqueness

Uniqueness Score: -1.00%

Function 00C9C59C, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 163
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E00C9C59C(void* __ecx, void* __edx, intOrPtr* _a4, signed int _a8, intOrPtr* _a12) {
				signed int _t87;
				void* _t96;

				_t97 = _a4;
				_t96 = 0;
				_t87 =  *_a4 - 1;
				if(_t87 > 0x13) {
					L23:
					_t96 = 0x80070057;
					E00C837D3(_t87, "elevation.cpp", 0x5e4, 0x80070057);
					E00CC012F(0x80070057, "Unexpected elevated message sent to child process, msg: %u",  *_t97);
					L24:
					return _t96;
				}
				switch( *((intOrPtr*)(_t87 * 4 +  &M00C9C7AC))) {
					case 0:
						_t92 = E00C9AEB2(__ecx, __edx, _t101,  *((intOrPtr*)(_a8 + 0x20)),  *((intOrPtr*)(_a8 + 0x24)),  *((intOrPtr*)(_t91 + 8)),  *((intOrPtr*)(_t91 + 0xc)),  *((intOrPtr*)(_t97 + 0xc)),  *((intOrPtr*)(_t97 + 4)));
						goto L21;
					case 1:
						__eax = _a8;
						__esi =  *(_a8 + 8);
						__eflags =  *__esi;
						if( *__esi != 0) {
							ReleaseMutex( *__esi) = CloseHandle( *__esi);
							 *__esi = 0;
						}
						__esi = __edi;
						goto L22;
					case 2:
						_a8 = E00C9C29D(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)),  *((intOrPtr*)(__eax + 0x20)),  *((intOrPtr*)(__eax + 0x28)), __esi[3], __esi[1]);
						goto L21;
					case 3:
						_a8 = E00C9C484(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)), __esi[3], __esi[1]);
						goto L21;
					case 4:
						_a8 = E00C9C3DF(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 5:
						__eax = _a8;
						__esi = E00C8FDDF(__ecx,  *((intOrPtr*)(_a8 + 0x24)), __esi[3], __esi[1]);
						__eflags = __esi;
						if(__esi < 0) {
							_push("Failed to save state.");
							_push(__esi);
							__eax = E00CC012F();
							_pop(__ecx);
							_pop(__ecx);
						}
						goto L22;
					case 6:
						goto L23;
					case 7:
						_a8 = E00C9C1D8(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x24)), __esi[3], __esi[1]);
						goto L21;
					case 8:
						__ecx = _a8;
						 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(__ecx + 0x24)) + 0xb4;
						__eax = L00C9B35A(__ecx, __edx, __eflags,  *((intOrPtr*)(__ecx + 4)),  *((intOrPtr*)(__ecx + 0x18)),  *((intOrPtr*)(__ecx + 0x24)) + 0xb4,  *((intOrPtr*)(__ecx + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 9:
						_a8 = E00C9B561(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x18)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 0xa:
						_a8 = E00C9B813(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x18)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 0xb:
						_a8 = E00C9BAB9(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x18)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						goto L21;
					case 0xc:
						__ecx = _a8;
						 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(__ecx + 0x24)) + 0xb4;
						__eax = E00C9BD23(__ecx, __edi, __eflags,  *((intOrPtr*)(__ecx + 0x18)),  *((intOrPtr*)(__ecx + 0x24)) + 0xb4, __esi[3], __esi[1]);
						goto L21;
					case 0xd:
						__ecx = _a8;
						 *((intOrPtr*)(__ecx + 0x24)) =  *((intOrPtr*)(__ecx + 0x24)) + 0xb4;
						__eax = E00C9BC1C(__ecx, __edx, __edi, __eflags,  *((intOrPtr*)(__ecx + 0x18)),  *((intOrPtr*)(__ecx + 0x24)) + 0xb4, __esi[3], __esi[1]);
						goto L21;
					case 0xe:
						_a8 = E00C9C0B1(__ecx, __eflags,  *((intOrPtr*)(_a8 + 0x18)), __esi[3], __esi[1]);
						goto L21;
					case 0xf:
						_a8 = E00C9B2C2(__ecx, __edx, __eflags,  *((intOrPtr*)(_a8 + 0x18)), __esi[3], __esi[1]);
						goto L21;
					case 0x10:
						_a8 = E00C9BE05(__ecx, __eflags,  *((intOrPtr*)(_a8 + 4)),  *((intOrPtr*)(__eax + 0x10)),  *((intOrPtr*)(__eax + 0x20)), __esi[3], __esi[1]);
						L21:
						_t98 = _t92;
						L22:
						 *_a12 = _t98;
						goto L24;
				}
			}

0x00c9c5a0
0x00c9c5a4
0x00c9c5a8
0x00c9c5ac
0x00c9c77d
0x00c9c77d
0x00c9c78d
0x00c9c79a
0x00c9c7a2
0x00c9c7a7
0x00c9c7a7
0x00c9c5b2
0x00000000
0x00c9c5ce
0x00000000
0x00000000
0x00c9c5d8
0x00c9c5db
0x00c9c5de
0x00c9c5e0
0x00c9c5ec
0x00c9c5f2
0x00c9c5f2
0x00c9c5f4
0x00000000
0x00000000
0x00c9c60d
0x00000000
0x00000000
0x00c9c623
0x00000000
0x00000000
0x00c9c63c
0x00000000
0x00000000
0x00c9c649
0x00c9c657
0x00c9c659
0x00c9c65b
0x00c9c661
0x00c9c666
0x00c9c667
0x00c9c66c
0x00c9c66d
0x00c9c66d
0x00000000
0x00000000
0x00000000
0x00000000
0x00c9c67f
0x00000000
0x00000000
0x00c9c68c
0x00c9c698
0x00c9c6a4
0x00000000
0x00000000
0x00c9c6c0
0x00000000
0x00000000
0x00c9c6dc
0x00000000
0x00000000
0x00c9c6f8
0x00000000
0x00000000
0x00c9c6ff
0x00c9c70b
0x00c9c714
0x00000000
0x00000000
0x00c9c71b
0x00c9c727
0x00c9c730
0x00000000
0x00000000
0x00c9c743
0x00000000
0x00000000
0x00c9c756
0x00000000
0x00000000
0x00c9c76f
0x00c9c774
0x00c9c774
0x00c9c776
0x00c9c779
0x00000000
0x00000000

APIs

ReleaseMutex.KERNEL32(?), ref: 00C9C5E4
CloseHandle.KERNEL32(?), ref: 00C9C5EC

Strings

Unexpected elevated message sent to child process, msg: %u, xrefs: 00C9C794
Failed to save state., xrefs: 00C9C661
elevation.cpp, xrefs: 00C9C788

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseHandleMutexRelease
String ID: Failed to save state.$Unexpected elevated message sent to child process, msg: %u$elevation.cpp
API String ID: 4207627910-1576875097
Opcode ID: c931a269cc74ccc2366ba18a185307172b68098cf7844b004860e86a97555953
Instruction ID: c859394f430179d9c3ac72c8378ec9885ea6589a059691ba1e26373ec8bd9500
Opcode Fuzzy Hash: c931a269cc74ccc2366ba18a185307172b68098cf7844b004860e86a97555953
Instruction Fuzzy Hash: 7C61C33A100514FFCF229F94CA85C5ABBB2FF087147158559FAA95A632C732E921FF50

Uniqueness

Uniqueness Score: -1.00%

Function 00CC10C5, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149
registrystringCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E00CC10C5(void* _a4, short* _a8, signed int* _a12, signed int* _a16) {
				int* _v8;
				int _v12;
				int _v16;
				signed short _t44;
				void* _t47;
				int* _t51;
				long _t71;
				signed int _t72;
				signed int _t73;
				signed short _t75;
				unsigned int _t79;
				unsigned int _t80;
				unsigned int _t81;
				WCHAR* _t82;
				void* _t86;
				void* _t87;
				void* _t88;

				_v16 = 0;
				_t72 = 0;
				_v12 = 0;
				_t81 = 0;
				_v8 = 0;
				_t44 = RegQueryValueExW(_a4, _a8, 0,  &_v16, 0,  &_v12);
				_t79 = _v12;
				_t75 = _t44;
				if(_t79 == 0) {
					L3:
					_t86 = 0x80070002;
					_t47 =  <=  ? _t75 : _t75 & 0x0000ffff | 0x80070000;
					if(_t47 != 0x80070002) {
						if(_t75 == 0) {
							_t80 = _t79 >> 1;
							if(_t80 == _t81) {
								if(_v16 == 7) {
									if(_t81 >= 2) {
										_t51 = _v8;
										if(0 !=  *((intOrPtr*)(_t51 + _t81 * 2 - 2)) || 0 !=  *((intOrPtr*)(_t51 + _t81 * 2 - 4))) {
											_t86 = 0x80070057;
										} else {
											_t87 = 0;
											if(_t80 != 0) {
												do {
													_t87 = _t87 + 1;
													_t29 = _t72 + 1; // 0x1
													_t63 =  !=  ? _t72 : _t29;
													_t72 =  !=  ? _t72 : _t29;
												} while (_t87 < _t80);
											}
											_t31 = _t72 - 1; // 0x0
											_t52 = _t31;
											 *_a16 = _t31;
											_t86 = E00C838F6(_t31, _a16, _a12, _t52, 4, 0);
											if(_t86 >= 0) {
												_t73 = 0;
												_t82 = _v8;
												if( *_a16 > 0) {
													while(1) {
														_t86 = E00C821A5( *_a12 + _t73 * 4, _t82, 0);
														if(_t86 < 0) {
															goto L23;
														}
														_t82 =  &(( &(_t82[lstrlenW(_t82)]))[1]);
														_t73 = _t73 + 1;
														if(_t73 <  *_a16) {
															continue;
														} else {
														}
														goto L23;
													}
												}
											}
										}
									} else {
										 *_a12 =  *_a12 & _t72;
										 *_a16 =  *_a16 & _t72;
										_t86 = 0;
									}
								} else {
									_t86 = 0x8007070c;
									_push(0x8007070c);
									_push(0x225);
									goto L6;
								}
							} else {
								_t86 = 0x8000ffff;
							}
						} else {
							_t88 = _t47;
							_t47 = 0x80004005;
							_t86 =  >=  ? 0x80004005 : _t88;
							_push(_t86);
							_push(0x21a);
							L6:
							_push("regutil.cpp");
							E00C837D3(_t47);
						}
					}
				} else {
					_t81 = _t79 >> 1;
					_t86 = E00C81EDE( &_v8, _t81);
					if(_t86 >= 0) {
						_t71 = RegQueryValueExW(_a4, _a8, 0,  &_v16, _v8,  &_v12);
						_t79 = _v12;
						_t75 = _t71;
						goto L3;
					}
				}
				L23:
				_t48 = _v8;
				if(_v8 != 0) {
					E00CC54EF(_t48);
				}
				return _t86;
			}

0x00cc10d8
0x00cc10e0
0x00cc10e2
0x00cc10e8
0x00cc10ea
0x00cc10ed
0x00cc10f3
0x00cc10f6
0x00cc10fa
0x00cc1131
0x00cc1134
0x00cc1140
0x00cc1145
0x00cc114d
0x00cc1170
0x00cc1174
0x00cc1184
0x00cc1196
0x00cc11a9
0x00cc11b3
0x00cc1230
0x00cc11bc
0x00cc11bc
0x00cc11c0
0x00cc11c2
0x00cc11cb
0x00cc11cf
0x00cc11d2
0x00cc11d5
0x00cc11d7
0x00cc11c2
0x00cc11de
0x00cc11de
0x00cc11e9
0x00cc11f0
0x00cc11f4
0x00cc11f9
0x00cc11fb
0x00cc1200
0x00cc1202
0x00cc1213
0x00cc1217
0x00000000
0x00000000
0x00cc1226
0x00cc1229
0x00cc122c
0x00000000
0x00000000
0x00cc122e
0x00000000
0x00cc122c
0x00cc1202
0x00cc1200
0x00cc11f4
0x00cc1198
0x00cc119b
0x00cc11a0
0x00cc11a2
0x00cc11a2
0x00cc1186
0x00cc1186
0x00cc118b
0x00cc118c
0x00000000
0x00cc118c
0x00cc1176
0x00cc1176
0x00cc1176
0x00cc114f
0x00cc114f
0x00cc1151
0x00cc1158
0x00cc115b
0x00cc115c
0x00cc1161
0x00cc1161
0x00cc1166
0x00cc1166
0x00cc114d
0x00cc10fc
0x00cc1101
0x00cc110a
0x00cc110e
0x00cc1126
0x00cc112c
0x00cc112f
0x00000000
0x00cc112f
0x00cc110e
0x00cc1235
0x00cc1235
0x00cc123a
0x00cc123d
0x00cc123d
0x00cc124a

APIs

RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 00CC10ED
RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00C96EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00CC1126
lstrlenW.KERNEL32(?,?,?,00000000,?,-00000001,00000004,00000000), ref: 00CC121A

Strings

regutil.cpp, xrefs: 00CC1161
BundleUpgradeCode, xrefs: 00CC10CC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: QueryValue$lstrlen
String ID: BundleUpgradeCode$regutil.cpp
API String ID: 3790715954-1648651458
Opcode ID: 7f167b6d5f57847c82f69c42e1b8f0715d1a877307169e1d8b14e626363c1660
Instruction ID: 194edf63c2e74a6e48167a6130d4d7886b0c72c07ab74022ad54cd906b1f12b2
Opcode Fuzzy Hash: 7f167b6d5f57847c82f69c42e1b8f0715d1a877307169e1d8b14e626363c1660
Instruction Fuzzy Hash: 6C41E035A0021AEFDB25DF9AC884FAEB7B9EF46710F59406DED15EB211D630DE018B90

Uniqueness

Uniqueness Score: -1.00%

Function 00CC85CB, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 137
timeCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E00CC85CB(intOrPtr _a4, struct _FILETIME* _a8) {
				signed int _v8;
				struct _SYSTEMTIME _v24;
				signed int _v28;
				struct _FILETIME* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t21;
				void* _t26;
				signed short _t32;
				signed int _t35;
				signed short _t38;
				void* _t40;
				void* _t42;
				void* _t44;
				void* _t46;
				signed short _t50;
				signed short* _t54;
				void* _t56;
				void* _t57;
				signed short* _t58;
				signed int _t64;
				void* _t65;

				_t21 =  *0xcea008; // 0x4c290ae8
				_v8 = _t21 ^ _t64;
				_v28 = _v28 & 0x00000000;
				_t50 = 0;
				_v32 = _a8;
				_t58 =  &_v24;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t26 = E00C821A5( &_v28, _a4, 0);
				_t60 = _t26;
				if(_t26 < 0) {
					L23:
					if(_v28 != 0) {
						E00CC54EF(_v28);
					}
					return E00CADE36(_t50, _v8 ^ _t64, 0, _t58, _t60);
				}
				_t58 = _v28;
				_t54 = _t58;
				if(_t58 == 0) {
					L21:
					if(SystemTimeToFileTime( &_v24, _v32) == 0) {
						_t32 = GetLastError();
						_t63 =  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000;
						_t60 =  >=  ? 0x80004005 :  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "timeutil.cpp", 0xbf,  >=  ? 0x80004005 :  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000);
					}
					goto L23;
				} else {
					goto L2;
				}
				while(1) {
					L2:
					_t35 =  *_t58 & 0x0000ffff;
					if(_t35 == 0) {
						goto L21;
					}
					_t56 = 0x54;
					if(_t56 == _t35) {
						L6:
						 *_t58 = 0;
						_t58 =  &(_t58[1]);
						_t38 = _t50;
						if(_t38 == 0) {
							_v24.wYear = E00CB6490(_t54, _t54, 0, 0xa);
							L18:
							_t65 = _t65 + 0xc;
							L19:
							_t54 = _t58;
							_t50 = _t50 + 1;
							L20:
							_t58 =  &(_t58[1]);
							if(_t58 != 0) {
								continue;
							}
							goto L21;
						}
						_t40 = _t38 - 1;
						if(_t40 == 0) {
							_v24.wMonth = E00CB6490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						_t42 = _t40 - 1;
						if(_t42 == 0) {
							_v24.wDay = E00CB6490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						_t44 = _t42 - 1;
						if(_t44 == 0) {
							_v24.wHour = E00CB6490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						_t46 = _t44 - 1;
						if(_t46 == 0) {
							_v24.wMinute = E00CB6490(_t54, _t54, 0, 0xa);
							goto L18;
						}
						if(_t46 != 1) {
							goto L19;
						}
						_v24.wSecond = E00CB6490(_t54, _t54, 0, 0xa);
						goto L18;
					}
					_t57 = 0x3a;
					if(_t57 == _t35) {
						goto L6;
					}
					_push(0x2d);
					_pop(0);
					if(0 != _t35) {
						goto L20;
					}
					goto L6;
				}
				goto L21;
			}

0x00cc85d1
0x00cc85d8
0x00cc85e2
0x00cc85e6
0x00cc85ea
0x00cc85ed
0x00cc85f2
0x00cc85f5
0x00cc85f6
0x00cc85f7
0x00cc85fc
0x00cc8601
0x00cc8605
0x00cc8710
0x00cc8714
0x00cc8719
0x00cc8719
0x00cc8730
0x00cc8730
0x00cc860b
0x00cc860e
0x00cc8612
0x00cc86d1
0x00cc86e0
0x00cc86e2
0x00cc86f3
0x00cc86fd
0x00cc870b
0x00cc870b
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc8618
0x00cc8618
0x00cc8618
0x00cc861e
0x00000000
0x00000000
0x00cc8626
0x00cc862a
0x00cc8640
0x00cc8644
0x00cc8649
0x00cc864c
0x00cc864e
0x00cc86bd
0x00cc86c1
0x00cc86c1
0x00cc86c4
0x00cc86c4
0x00cc86c6
0x00cc86c7
0x00cc86c8
0x00cc86cb
0x00000000
0x00000000
0x00000000
0x00cc86cb
0x00cc8650
0x00cc8653
0x00cc86ae
0x00000000
0x00cc86ae
0x00cc8655
0x00cc8658
0x00cc869f
0x00000000
0x00cc869f
0x00cc865a
0x00cc865d
0x00cc8690
0x00000000
0x00cc8690
0x00cc865f
0x00cc8662
0x00cc8681
0x00000000
0x00cc8681
0x00cc8667
0x00000000
0x00000000
0x00cc8672
0x00000000
0x00cc8672
0x00cc862e
0x00cc8632
0x00000000
0x00000000
0x00cc8634
0x00cc8636
0x00cc863a
0x00000000
0x00000000
0x00000000
0x00cc863a
0x00000000

APIs

SystemTimeToFileTime.KERNEL32(?,00000000,00000000,clbcatq.dll,00000000,clbcatq.dll,00000000,00000000,00000000), ref: 00CC86D8
GetLastError.KERNEL32 ref: 00CC86E2

Strings

timeutil.cpp, xrefs: 00CC8706
)L, xrefs: 00CC85D1
clbcatq.dll, xrefs: 00CC85E9, 00CC85F4

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Time$ErrorFileLastSystem
String ID: clbcatq.dll$timeutil.cpp$)L
API String ID: 2781989572-3876203540
Opcode ID: 3617efbb1cf28d1cbbb1e8c90a6cc07d553859cf7be898abf143225cd86d6351
Instruction ID: 53b568dddefba6bf7fbc921d41d1945cc73eb35a4fcc1be754a843170a7f372f
Opcode Fuzzy Hash: 3617efbb1cf28d1cbbb1e8c90a6cc07d553859cf7be898abf143225cd86d6351
Instruction Fuzzy Hash: B741F671F402157AEB209BB8CC46FBFB365EF80700F14451DF502A7290DA35CE0897A5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC61FA, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128
fileCOMMON

Download Yara Rule

C-Code - Quality: 50%

			E00CC61FA(void* __ecx, intOrPtr _a4, void* _a8, long _a12, void* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr* _a36) {
				signed int _v8;
				signed int _v12;
				signed short _t39;
				void* _t40;
				signed short _t48;
				signed int _t49;
				intOrPtr* _t50;
				void* _t54;
				void* _t60;
				signed int _t61;
				intOrPtr* _t64;
				void* _t67;

				_t62 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t64 = _a12;
				_t67 = E00CC47D3(__ecx, _a8,  *_t64,  *((intOrPtr*)(_t64 + 4)), 0, 0);
				if(_t67 >= 0) {
					while(1) {
						L2:
						_push( &_v8);
						_push(_a32);
						_push(_a28);
						_push(_a4);
						if( *0xcea974() == 0) {
							break;
						}
						if(_v8 != 0) {
							_t60 = 0;
							_a12 = _a12 & 0;
							while(WriteFile(_a8, _a28 + _t60, _v8 - _t60,  &_a12, 0) != 0) {
								_t60 = _t60 + _a12;
								if(_a12 == 0 || _t60 >= _v8) {
									 *_t64 =  *_t64 + _t60;
									_t49 = 0;
									asm("adc [edi+0x4], eax");
									if(_a16 != 0xffffffff) {
										_t61 = _t49;
										_v12 = _t49;
										if(E00CC47D3(_t62, _a16, _t49, _t49, _t49, _t49) >= 0) {
											do {
												_push(0);
												_push( &_v12);
												_t54 = 8;
												WriteFile(_a16, _t64 + _t61 * 8, _t54 - _t61, ??, ??);
												_t61 = _t61 + _v12;
											} while (_v12 != 0 && _t61 < 8);
										}
									}
									_t50 = _a36;
									if(_t50 == 0 ||  *_t50 == 0) {
										L15:
										if(_v8 != 0) {
											goto L2;
										} else {
										}
									} else {
										_t67 = E00CC5B46(_t50,  *_t64,  *((intOrPtr*)(_t64 + 4)), _a20, _a24, _a8);
										if(_t67 >= 0) {
											goto L15;
										}
									}
								} else {
									continue;
								}
								goto L20;
							}
							_t48 = GetLastError();
							_t74 =  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_t40 = 0x80004005;
							_t67 =  >=  ? 0x80004005 :  <=  ? _t48 : _t48 & 0x0000ffff | 0x80070000;
							_push(_t67);
							_push(0x1a6);
							L19:
							_push("dlutil.cpp");
							E00C837D3(_t40);
						}
						L20:
						goto L21;
					}
					_t39 = GetLastError();
					_t71 =  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					_t40 = 0x80004005;
					_t67 =  >=  ? 0x80004005 :  <=  ? _t39 : _t39 & 0x0000ffff | 0x80070000;
					_push(_t67);
					_push(0x19a);
					goto L19;
				}
				L21:
				return _t67;
			}

0x00cc61fa
0x00cc61fd
0x00cc61fe
0x00cc61ff
0x00cc6205
0x00cc6219
0x00cc621d
0x00cc6224
0x00cc6224
0x00cc6227
0x00cc6228
0x00cc622b
0x00cc622e
0x00cc6239
0x00000000
0x00000000
0x00cc6243
0x00cc6249
0x00cc624b
0x00cc624e
0x00cc6271
0x00cc6278
0x00cc627f
0x00cc6283
0x00cc6284
0x00cc628b
0x00cc6294
0x00cc6296
0x00cc62a0
0x00cc62a2
0x00cc62a2
0x00cc62a7
0x00cc62aa
0x00cc62b5
0x00cc62bb
0x00cc62be
0x00cc62a2
0x00cc62a0
0x00cc62c9
0x00cc62ce
0x00cc62ef
0x00cc62f3
0x00000000
0x00000000
0x00cc62f9
0x00cc62d5
0x00cc62e9
0x00cc62ed
0x00000000
0x00000000
0x00cc62ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc6278
0x00cc62fb
0x00cc630c
0x00cc630f
0x00cc6316
0x00cc6319
0x00cc631a
0x00cc6345
0x00cc6345
0x00cc634a
0x00cc634a
0x00cc634f
0x00000000
0x00cc634f
0x00cc6321
0x00cc6332
0x00cc6335
0x00cc633c
0x00cc633f
0x00cc6340
0x00000000
0x00cc6340
0x00cc6350
0x00cc6357

APIs

Part of subcall function 00CC47D3: SetFilePointerEx.KERNELBASE(?,?,?,?,?,00000000,?,?,?,00C98564,00000000,00000000,00000000,00000000,00000000), ref: 00CC47EB
Part of subcall function 00CC47D3: GetLastError.KERNEL32(?,?,?,00C98564,00000000,00000000,00000000,00000000,00000000), ref: 00CC47F5

WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00CC5AC5,?,?,?,?,?,?,?,00010000,?), ref: 00CC6263
WriteFile.KERNEL32(000000FF,00000008,00000008,?,00000000,000000FF,00000000,00000000,00000000,00000000,?,00CC5AC5,?,?,?,?), ref: 00CC62B5
GetLastError.KERNEL32(?,00CC5AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00CC62FB
GetLastError.KERNEL32(?,00CC5AC5,?,?,?,?,?,?,?,00010000,?,00000001,?,GET,?,?), ref: 00CC6321

Strings

dlutil.cpp, xrefs: 00CC6345

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLast$Write$Pointer
String ID: dlutil.cpp
API String ID: 133221148-2067379296
Opcode ID: 206142a6521b0cceadb207e40f89b303c3c44af942e79893ad67d49add5a957b
Instruction ID: 96b7294eac5fba0a42abae40f3ac13b510542faa32555e2a18000874f0c9daa8
Opcode Fuzzy Hash: 206142a6521b0cceadb207e40f89b303c3c44af942e79893ad67d49add5a957b
Instruction Fuzzy Hash: 7D417C72A00219BFEB218F94CE45FAABBA8FF04355F154229FD14E60A0D771DD60DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C82436, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 27%

			E00C82436(signed int __edx, intOrPtr* _a4, short* _a8, signed int _a12, int _a16) {
				signed int _t16;
				int _t17;
				signed int _t18;
				signed short _t22;
				intOrPtr _t23;
				intOrPtr* _t25;
				signed short _t28;
				int _t31;
				short* _t40;
				void* _t41;
				intOrPtr _t43;
				int _t45;
				signed int _t48;
				int _t50;
				int _t52;
				intOrPtr* _t53;

				_t39 = _a4;
				_t45 = __edx | 0xffffffff;
				_t16 = _a12;
				_t31 = 0;
				_t52 = 0;
				_t48 = _t16;
				if( *_a4 == 0) {
					L4:
					_t40 = _a8;
					if(_t16 != 0) {
						if(0 == _t40[_t16]) {
							_t48 = _t16 - 1;
						}
						L11:
						_t17 = _t48 + 1;
						if(_t52 >= _t17) {
							L20:
							_t18 = _a12;
							_push(_t31);
							_push(_t31);
							_push(_t52);
							_t53 = _a4;
							_push( *_t53);
							_t41 = 0xffffffff;
							_t19 =  ==  ? _t41 : _t18;
							if(WideCharToMultiByte(_a16, _t31, _a8,  ==  ? _t41 : _t18, ??, ??, ??, ??) != 0) {
								 *(_t48 +  *_t53) = _t31;
								L23:
								return _t31;
							}
							_t22 = GetLastError();
							_t35 =  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
							_t23 = 0x80004005;
							_t31 =  >=  ? 0x80004005 :  <=  ? _t22 : _t22 & 0x0000ffff | 0x80070000;
							_push(_t31);
							_push(0x1de);
							L7:
							_push("strutil.cpp");
							E00C837D3(_t23);
							goto L23;
						}
						_t52 = _t17;
						if(_t52 < 0x7fffffff) {
							_t25 = _a4;
							_push(1);
							_push(_t52);
							if( *_t25 == _t31) {
								_t23 = E00C838D4();
							} else {
								_push( *_t25);
								_t23 = E00C83A72();
							}
							_t43 = _t23;
							if(_t43 != 0) {
								 *_a4 = _t43;
								goto L20;
							} else {
								_t31 = 0x8007000e;
								_push(0x8007000e);
								_push(0x1d7);
								goto L7;
							}
						}
						_t31 = 0x8007000e;
						goto L23;
					}
					_t50 = WideCharToMultiByte(_a16, _t31, _t40, _t45, _t31, _t31, _t31, _t31);
					if(_t50 != 0) {
						_t48 = _t50 - 1;
						goto L11;
					}
					_t28 = GetLastError();
					_t38 =  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_t23 = 0x80004005;
					_t31 =  >=  ? 0x80004005 :  <=  ? _t28 : _t28 & 0x0000ffff | 0x80070000;
					_push(_t31);
					_push(0x1bc);
					goto L7;
				}
				_t52 = E00C83B51( *_t39);
				_t45 = _t45 | 0xffffffff;
				if(_t52 != _t45) {
					_t16 = _t48;
					goto L4;
				}
				_t31 = 0x80070057;
				goto L23;
			}

0x00c82439
0x00c8243c
0x00c8243f
0x00c82444
0x00c82446
0x00c82449
0x00c8244d
0x00c8246b
0x00c8246b
0x00c82470
0x00c824c4
0x00c824c6
0x00c824c6
0x00c824c9
0x00c824c9
0x00c824ce
0x00c82514
0x00c82514
0x00c82519
0x00c8251a
0x00c8251b
0x00c8251c
0x00c8251f
0x00c82523
0x00c82524
0x00c82537
0x00c82564
0x00c82567
0x00c8256d
0x00c8256d
0x00c82539
0x00c8254a
0x00c8254d
0x00c82554
0x00c82557
0x00c82558
0x00c824ac
0x00c824ac
0x00c824b1
0x00000000
0x00c824b1
0x00c824d0
0x00c824d8
0x00c824e4
0x00c824e7
0x00c824e9
0x00c824ec
0x00c824f7
0x00c824ee
0x00c824ee
0x00c824f0
0x00c824f0
0x00c824fc
0x00c82500
0x00c82512
0x00000000
0x00c82502
0x00c82502
0x00c82507
0x00c82508
0x00000000
0x00c82508
0x00c82500
0x00c824da
0x00000000
0x00c824da
0x00c82482
0x00c82486
0x00c824bb
0x00000000
0x00c824bb
0x00c82488
0x00c82499
0x00c8249c
0x00c824a3
0x00c824a6
0x00c824a7
0x00000000
0x00c824a7
0x00c82456
0x00c82458
0x00c8245d
0x00c82469
0x00000000
0x00c82469
0x00c8245f
0x00000000

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,00CBFEE7,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00CBFEE7,?,00000000,00000000), ref: 00C8247C
GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00CBFEE7,?,00000000,00000000,0000FDE9), ref: 00C82488

Part of subcall function 00C83B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,00C821DC,000001C7,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83B59
Part of subcall function 00C83B51: HeapSize.KERNEL32(00000000,?,00C821DC,000001C7,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83B60

Strings

strutil.cpp, xrefs: 00C824AC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
String ID: strutil.cpp
API String ID: 3662877508-3612885251
Opcode ID: 8f4dfa29f508f5c0bf0e38edf6e1f5ae3448aab20f9b7ba1ba3d35a4005b836e
Instruction ID: 6b6dc6d0a4d5ee3cc733529d731270e4da99e7d057fd91bf9b4a0c085d7d88be
Opcode Fuzzy Hash: 8f4dfa29f508f5c0bf0e38edf6e1f5ae3448aab20f9b7ba1ba3d35a4005b836e
Instruction Fuzzy Hash: CA31B271240259AFEB11AE69CC89E7A72DDEB84768B104229FD259B1A0E771CC409778

Uniqueness

Uniqueness Score: -1.00%

Function 00CB90AA, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 86%

			E00CB90AA(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t54;
				int _t56;
				signed int _t62;
				int _t65;
				short* _t66;
				signed int _t67;
				short* _t68;

				_t64 = __edx;
				_t34 =  *0xcea008; // 0x4c290ae8
				_v8 = _t34 ^ _t67;
				E00CB19B7(_t54,  &_v28, __edx, _a4);
				_t56 = _a24;
				if(_t56 == 0) {
					_t6 = _v24 + 8; // 0xe3e85006
					_t53 =  *_t6;
					_t56 = _t53;
					_a24 = _t53;
				}
				_t65 = 0;
				_t40 = MultiByteToWideChar(_t56, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E00CADE36(_t54, _v8 ^ _t67, _t64, _t65, _t66);
				}
				_t54 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t54 + 0x00000008 & _t40) == 0) {
					_t66 = 0;
					L11:
					if(_t66 != 0) {
						E00CAF670(_t65, _t66, _t65, _t54);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t66, _v12);
						if(_t46 != 0) {
							_t65 = GetStringTypeW(_a8, _t66, _t46, _a20);
						}
					}
					L14:
					E00CB91C7(_t66);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t54 + 0x00000008;
				_t62 = _t54 + 8;
				if((_t40 & _t54 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t66 = E00CB5154(_t62, _t48 & _t62);
					if(_t66 == 0) {
						goto L14;
					}
					 *_t66 = 0xdddd;
					L9:
					_t66 =  &(_t66[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00CC9DF0();
				_t66 = _t68;
				if(_t66 == 0) {
					goto L14;
				}
				 *_t66 = 0xcccc;
				goto L9;
			}

0x00cb90aa
0x00cb90b2
0x00cb90b9
0x00cb90c5
0x00cb90ca
0x00cb90cf
0x00cb90d4
0x00cb90d4
0x00cb90d7
0x00cb90d9
0x00cb90d9
0x00cb90de
0x00cb90f7
0x00cb90fd
0x00cb9102
0x00cb91a1
0x00cb91a5
0x00cb91aa
0x00cb91aa
0x00cb91c6
0x00cb91c6
0x00cb9108
0x00cb9110
0x00cb9114
0x00cb9160
0x00cb9162
0x00cb9164
0x00cb9169
0x00cb9180
0x00cb9188
0x00cb9198
0x00cb9198
0x00cb9188
0x00cb919a
0x00cb919b
0x00000000
0x00cb91a0
0x00cb911b
0x00cb911d
0x00cb911f
0x00cb9127
0x00cb9144
0x00cb914e
0x00cb9153
0x00000000
0x00000000
0x00cb9155
0x00cb915b
0x00cb915b
0x00000000
0x00cb915b
0x00cb912b
0x00cb912f
0x00cb9134
0x00cb9138
0x00000000
0x00000000
0x00cb913a
0x00000000

APIs

MultiByteToWideChar.KERNEL32(?,00000000,E3E85006,00CB234D,00000000,00000000,00CB3382,?,00CB3382,?,00000001,00CB234D,E3E85006,00000001,00CB3382,00CB3382), ref: 00CB90F7
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CB9180
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00CB9192
__freea.LIBCMT ref: 00CB919B

Part of subcall function 00CB5154: RtlAllocateHeap.NTDLL(00000000,?,?,?,00CB1E90,?,0000015D,?,?,?,?,00CB32E9,000000FF,00000000,?,?), ref: 00CB5186

Strings

)L, xrefs: 00CB90B2

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__freea
String ID: )L
API String ID: 2652629310-501487344
Opcode ID: d444a2f75607316835bcf1e50b0193a284e039a0654cebda45ba41043ff918c2
Instruction ID: 62f2f3dcb7eb405c0db970ff2b065cb6ebeb9e1bbb9848d171644fdcc4483442
Opcode Fuzzy Hash: d444a2f75607316835bcf1e50b0193a284e039a0654cebda45ba41043ff918c2
Instruction Fuzzy Hash: F831D072A0021AABDF249F69CC89EEF7BA5EB01310F054128FD15DB250E735CE55DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC40C8, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00CC40C8(WCHAR* _a4, WCHAR* _a8, intOrPtr _a12, long _a16) {
				short _t20;
				WCHAR* _t25;
				long _t28;
				WCHAR* _t29;
				signed short _t32;
				short* _t34;
				short* _t35;

				_t25 = _a8;
				_t35 = 0;
				_t28 =  ==  ? 0 | _a12 != 0x00000000 : 0 | _a12 != 0x00000000 | 0x00000002;
				_a16 = _t28;
				if(MoveFileExW(_a4, _t25, _t28) != 0) {
					L20:
					return _t35;
				}
				_t32 = GetLastError();
				if(_a12 != 0 || _t32 != 0x50 && _t32 != 0xb7) {
					if(_t32 != 2) {
						L8:
						if(_t32 != 3) {
							L18:
							_t35 =  <=  ? _t32 : _t32 & 0x0000ffff | 0x80070000;
							goto L19;
						}
						_t34 = _t35;
						_t29 = _t25;
						if(( *_t25 & 0x0000ffff) == 0) {
							L17:
							_t35 = 0x80070003;
							goto L19;
						}
						_push(0x5c);
						do {
							_t34 =  ==  ? _t29 : _t34;
							_t29 =  &(_t29[1]);
						} while (( *_t29 & 0x0000ffff) != 0);
						if(_t34 == 0) {
							goto L17;
						}
						 *_t34 = 0;
						_t35 = E00C84013(_t25, _t35);
						_t20 = 0x5c;
						 *_t34 = _t20;
						if(_t35 >= 0 && MoveFileExW(_a4, _t25, _a16) == 0) {
							_t35 =  <=  ? GetLastError() : _t22 & 0x0000ffff | 0x80070000;
							if(_t35 < 0) {
								E00C837D3(_t22, "fileutil.cpp", 0x4cc, _t35);
							}
						}
						goto L19;
					}
					if(E00CC4315(_a4, _t35) == 0) {
						goto L18;
					}
					_t32 = 3;
					goto L8;
				} else {
					_t35 = 1;
					L19:
					goto L20;
				}
			}

0x00cc40cc
0x00cc40d2
0x00cc40e2
0x00cc40ea
0x00cc40f5
0x00cc41c9
0x00cc41ce
0x00cc41ce
0x00cc4102
0x00cc4107
0x00cc4121
0x00cc4137
0x00cc413a
0x00cc41ba
0x00cc41c5
0x00000000
0x00cc41c5
0x00cc413f
0x00cc4141
0x00cc4146
0x00cc41b3
0x00cc41b3
0x00000000
0x00cc41b3
0x00cc4148
0x00cc414b
0x00cc414e
0x00cc4151
0x00cc4157
0x00cc415e
0x00000000
0x00000000
0x00cc4164
0x00cc416c
0x00cc4170
0x00cc4171
0x00cc4176
0x00cc419a
0x00cc419f
0x00cc41ac
0x00cc41ac
0x00cc419f
0x00000000
0x00cc4176
0x00cc412e
0x00000000
0x00000000
0x00cc4136
0x00000000
0x00cc4116
0x00cc4118
0x00cc41c8
0x00000000
0x00cc41c8

APIs

MoveFileExW.KERNEL32(00000003,00000001,00000000,00000000,00000101,?,00CC4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00C99E5F,00000000), ref: 00CC40ED
GetLastError.KERNEL32(00000001,?,00CC4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00C99E5F,00000000,000007D0,00000001,00000001,00000003), ref: 00CC40FC
MoveFileExW.KERNEL32(00000003,00000001,000007D0,00000001,00000000,?,00CC4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00C99E5F,00000000), ref: 00CC417F
GetLastError.KERNEL32(?,00CC4203,00000003,00000001,00000001,000007D0,00000003,00000000,?,00C99E5F,00000000,000007D0,00000001,00000001,00000003,000007D0), ref: 00CC4189

Strings

fileutil.cpp, xrefs: 00CC41A7

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastMove
String ID: fileutil.cpp
API String ID: 55378915-2967768451
Opcode ID: 30350ddfb48ee1d34851b59f68b23c9ef7a358459e5cca74feb2c175a6de59a1
Instruction ID: dfe1a505010be6f1a6c7c229bb61d80b6e49e0d16599f298726b491432ac05fd
Opcode Fuzzy Hash: 30350ddfb48ee1d34851b59f68b23c9ef7a358459e5cca74feb2c175a6de59a1
Instruction Fuzzy Hash: 48210476A003369BDB251E65CC61F7F7695EB607A1F0A812EFC95E7150D7308E8192E0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4212, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC4212(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				void* _t34;
				void* _t37;
				signed short* _t39;
				signed int _t42;
				void* _t44;
				void* _t45;
				signed int _t49;
				void* _t50;

				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_t50 = E00CC4315(_a4, _a8);
				if(_t50 == 0) {
					L21:
					if(_v12 != 0) {
						E00C82647(_v12, _v8);
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t50;
				}
				_t34 = E00CC0E3F(0x80000002, L"SYSTEM\\CurrentControlSet\\Control\\Session Manager", 1,  &_v16);
				if(_t34 == 0x80070002 || _t34 < 0) {
					L20:
					goto L21;
				} else {
					_t37 = E00CC10C5(_v16, L"PendingFileRenameOperations",  &_v12,  &_v8);
					if(_t37 != 0x80070002 && _t37 >= 0) {
						_t49 = 0;
						if(_v8 <= 0) {
							goto L20;
						}
						_a8 = 0x5c;
						_t45 = 0x3f;
						do {
							_t39 =  *(_v12 + _t49 * 4);
							if(_t39 == 0) {
								goto L17;
							}
							_t42 =  *_t39 & 0x0000ffff;
							if(_t42 == 0) {
								goto L17;
							}
							if(_a8 == _t42 && _t45 == _t39[1] && _t45 == _t39[2]) {
								_t44 = 0x5c;
								if(_t44 == _t39[3]) {
									_t39 =  &(_t39[4]);
								}
							}
							if(E00C82D05( &_v20, _a4, _t39,  &_v20) < 0) {
								goto L20;
							} else {
								if(_v20 == 2) {
									_t50 = 0;
									goto L20;
								}
								_t45 = 0x3f;
							}
							L17:
							_t49 = _t49 + 2;
						} while (_t49 < _v8);
					}
					goto L20;
				}
			}

0x00cc4222
0x00cc4225
0x00cc4228
0x00cc422b
0x00cc4233
0x00cc4237
0x00cc42ed
0x00cc42f0
0x00cc42f8
0x00cc42f8
0x00cc4300
0x00cc4305
0x00cc4305
0x00cc4312
0x00cc4312
0x00cc424e
0x00cc425a
0x00cc42ec
0x00000000
0x00cc4268
0x00cc4278
0x00cc427f
0x00cc4285
0x00cc428a
0x00000000
0x00000000
0x00cc428e
0x00cc4295
0x00cc4296
0x00cc4299
0x00cc429e
0x00000000
0x00000000
0x00cc42a0
0x00cc42a6
0x00000000
0x00000000
0x00cc42ac
0x00cc42bc
0x00cc42c1
0x00cc42c3
0x00cc42c3
0x00cc42c1
0x00cc42d5
0x00000000
0x00cc42d7
0x00cc42db
0x00cc42ea
0x00000000
0x00cc42ea
0x00cc42df
0x00cc42df
0x00cc42e0
0x00cc42e0
0x00cc42e3
0x00cc42e8
0x00000000
0x00cc427f

APIs

Part of subcall function 00CC4315: FindFirstFileW.KERNEL32(00CA8FFA,?,000002C0,00000000,00000000), ref: 00CC4350
Part of subcall function 00CC4315: FindClose.KERNEL32(00000000), ref: 00CC435C

RegCloseKey.ADVAPI32(?,00000000,?,00000000,?,00000000,?,00000000,?,wininet.dll), ref: 00CC4305

Part of subcall function 00CC0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00CC5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00CC0E52

Part of subcall function 00CC10C5: RegQueryValueExW.ADVAPI32(00000000,000002C0,00000000,000002C0,00000000,00000000,000002C0,BundleUpgradeCode,00000410,000002C0,00000000,00000000,00000000,00000100,00000000), ref: 00CC10ED
Part of subcall function 00CC10C5: RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,?,?,?,?,?,00C96EF3,00000100,000000B0,00000088,00000410,000002C0), ref: 00CC1126

Strings

PendingFileRenameOperations, xrefs: 00CC4270
\, xrefs: 00CC428E
SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 00CC4244
crypt32.dll, xrefs: 00CC423D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseFindQueryValue$FileFirstOpen
String ID: PendingFileRenameOperations$SYSTEM\CurrentControlSet\Control\Session Manager$\$crypt32.dll
API String ID: 3397690329-3978359083
Opcode ID: c3caba3ce33e61d248b8892f5fb3b1487edbb5f66d2d672d0d7c527e2f50ab57
Instruction ID: ae9559667568ed961119cbacdd52218f4b8d814e8d35eb2d1fc82237e5dc9e8e
Opcode Fuzzy Hash: c3caba3ce33e61d248b8892f5fb3b1487edbb5f66d2d672d0d7c527e2f50ab57
Instruction Fuzzy Hash: FE319A35A00219AADF25AFD1C862FAEBBB9EB00351F14C16EF910A6151D7319B80DB54

Uniqueness

Uniqueness Score: -1.00%

Function 00CAD047, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 80
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 31%

			E00CAD047(void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v20;
				signed int _t31;
				intOrPtr _t33;
				signed int _t45;
				signed int* _t46;
				signed int* _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int* _t53;
				intOrPtr _t54;

				_t53 = _a8;
				_t45 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t51 =  *_t53;
				_t49 = E00C838D4(_t51 << 2, 1);
				_a8 = _t49;
				if(_t49 != 0) {
					_t31 = 0;
					if( *_t53 > 0) {
						_t4 =  &(_t53[1]); // 0x4
						_t46 = _t4;
						do {
							 *(_t49 + _t31 * 4) = _t46;
							_t31 = _t31 + 1;
							_t46 =  &(_t46[0x83]);
						} while (_t31 <  *_t53);
					}
					_v20 = 3;
					_v16 = 2;
					_v12 = _t51;
					_v8 = _t49;
					_t33 = _a12( &_v20, _a16);
					_t52 = _a4;
					_t54 = _t33;
					WaitForSingleObject( *(_t52 + 0xc), 0xffffffff);
					 *((intOrPtr*)( *((intOrPtr*)(_t52 + 0x10)) + 0x424)) = _t45;
					 *((intOrPtr*)( *((intOrPtr*)(_t52 + 0x10)) + 0x428)) = _t54;
					if(_t54 == 2) {
						 *((char*)( *((intOrPtr*)(_t52 + 0x10)) + 2)) = 1;
						 *((char*)( *((intOrPtr*)(_t52 + 0x10)) + 3)) = 1;
					}
					ReleaseMutex( *(_t52 + 0xc));
					SetEvent( *(_t52 + 8));
					E00C83999(_a8);
				} else {
					_t45 = 0x8007000e;
					E00C837D3(_t30, "NetFxChainer.cpp", 0xe4, 0x8007000e);
					_push("Failed to allocate buffer.");
					_push(0x8007000e);
					E00CC012F();
				}
				return _t45;
			}

0x00cad04f
0x00cad058
0x00cad05a
0x00cad05d
0x00cad05e
0x00cad05f
0x00cad060
0x00cad06d
0x00cad06f
0x00cad074
0x00cad09d
0x00cad0a1
0x00cad0a3
0x00cad0a3
0x00cad0a6
0x00cad0a6
0x00cad0a9
0x00cad0aa
0x00cad0b0
0x00cad0a6
0x00cad0ba
0x00cad0c2
0x00cad0c9
0x00cad0cc
0x00cad0cf
0x00cad0d2
0x00cad0d5
0x00cad0dc
0x00cad0e5
0x00cad0ee
0x00cad0f7
0x00cad0fc
0x00cad103
0x00cad103
0x00cad10a
0x00cad113
0x00cad11c
0x00cad076
0x00cad076
0x00cad086
0x00cad08b
0x00cad090
0x00cad091
0x00cad097
0x00cad129

APIs

Part of subcall function 00C838D4: GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
Part of subcall function 00C838D4: RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00CAD0DC
ReleaseMutex.KERNEL32(?), ref: 00CAD10A
SetEvent.KERNEL32(?), ref: 00CAD113

Strings

NetFxChainer.cpp, xrefs: 00CAD081
Failed to allocate buffer., xrefs: 00CAD08B

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$AllocateEventMutexObjectProcessReleaseSingleWait
String ID: Failed to allocate buffer.$NetFxChainer.cpp
API String ID: 944053411-3611226795
Opcode ID: cb0d534ad58d721943b27b04d6ebaab21c919b5128388fd4b3c65a561bec5815
Instruction ID: caec279f687a79e142c504cacd2785589fd7a43407a629e01a598d0ba4c858e0
Opcode Fuzzy Hash: cb0d534ad58d721943b27b04d6ebaab21c919b5128388fd4b3c65a561bec5815
Instruction Fuzzy Hash: A721F1B0A0030ABFDB109F68D845E9DB7F4FF08328F108629F925A7251C371AD50CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00C855B6, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 78
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 56%

			E00C855B6(void* __ecx, intOrPtr _a4, short* _a8, intOrPtr* _a12) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _t17;
				signed int _t18;
				void* _t22;
				void* _t23;
				signed int _t25;
				intOrPtr _t33;
				intOrPtr _t37;
				unsigned int _t43;
				intOrPtr _t46;

				_t37 = _a4;
				_t43 =  *(_t37 + 0x1c);
				_t46 = 0;
				_t33 = 0;
				if(_t43 == 0) {
					L10:
					_t46 = 1;
					 *_a12 = _t33;
				} else {
					while(1) {
						_t17 = _t43 >> 1;
						_v8 = _t17;
						_t18 = _t17 + _t33;
						_v12 = _t18;
						_t22 = CompareStringW(0x7f, 0x1000, _a8, 0xffffffff,  *(_t18 * 0x38 +  *((intOrPtr*)(_t37 + 0x20))), 0xffffffff) - 1;
						if(_t22 == 0) {
							goto L5;
						}
						_t23 = _t22 - 1;
						if(_t23 == 0) {
							 *_a12 = _v8 + _t33;
						} else {
							_t25 = _t23 - 1;
							if(_t25 != 0) {
								_t51 =  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
								_t46 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t26 & 0x0000ffff | 0x80070000;
								E00C837D3(0x80004005, "variable.cpp", 0x59f, _t46);
								_push("Failed to compare strings.");
								_push(_t46);
								E00CC012F();
							} else {
								_t33 = _v12 + 1;
								_t43 = _t43 + (_t25 | 0xffffffff) - _v8;
								L6:
								if(_t43 == 0) {
									goto L10;
								} else {
									_t37 = _a4;
									continue;
								}
							}
						}
						goto L11;
						L5:
						_t43 = _v8;
						goto L6;
					}
				}
				L11:
				return _t46;
			}

0x00c855bb
0x00c855c1
0x00c855c4
0x00c855c6
0x00c855ca
0x00c8566a
0x00c8566f
0x00c85670
0x00000000
0x00c855d0
0x00c855d2
0x00c855d4
0x00c855d7
0x00c855d9
0x00c855f8
0x00c855fb
0x00000000
0x00000000
0x00c855fd
0x00c85600
0x00c85666
0x00c85602
0x00c85602
0x00c85605
0x00c85632
0x00c8563c
0x00c8564a
0x00c8564f
0x00c85654
0x00c85655
0x00c85607
0x00c85610
0x00c85611
0x00c85618
0x00c8561a
0x00000000
0x00c8561c
0x00c8561c
0x00000000
0x00c8561c
0x00c8561a
0x00c85605
0x00000000
0x00c85615
0x00c85615
0x00000000
0x00c85615
0x00c855d0
0x00c85672
0x00c8567a

APIs

CompareStringW.KERNEL32(0000007F,00001000,?,000000FF,version.dll,000000FF,?,00000000,00000007,00C8648B,00C8648B,?,00C8554A,?,?,00000000), ref: 00C855F2
GetLastError.KERNEL32(?,00C8554A,?,?,00000000,?,00000000,00C8648B,?,00C87DDC,?,?,?,?,?), ref: 00C85621

Strings

Failed to compare strings., xrefs: 00C8564F
version.dll, xrefs: 00C855E4
variable.cpp, xrefs: 00C85645

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CompareErrorLastString
String ID: Failed to compare strings.$variable.cpp$version.dll
API String ID: 1733990998-4228644734
Opcode ID: 1910c90e6bb555ca7113c1e1c8c64758a491f59c5390b356c5d5fb0a11f94c00
Instruction ID: 13f9c917c8f827d1fad841436d5b765281bfe6a7f52cfbd9643e9faa1c472658
Opcode Fuzzy Hash: 1910c90e6bb555ca7113c1e1c8c64758a491f59c5390b356c5d5fb0a11f94c00
Instruction Fuzzy Hash: 5F21FF32A40614ABCB049FA8CC41A6AB7A4EB49765F610329F825EB390EA709E018794

Uniqueness

Uniqueness Score: -1.00%

Function 00C896F4, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E00C896F4(void* __edx, void* __edi, int _a4, intOrPtr _a8) {
				void* _t12;
				void* _t19;
				void* _t22;
				int _t26;
				void* _t27;
				signed int _t28;
				void* _t33;
				void* _t34;
				void* _t37;

				_t33 = __edi;
				_t26 = _a4;
				_t12 =  *((intOrPtr*)(_t26 + 0x10)) - 0x10;
				if(_t12 == 0) {
					L8:
					_push(_t33);
					_t8 = _t26 + 0x18; // 0x18
					_t34 = _t8;
					E00CA1664(_a8, 0x18, _t34, 0x18);
					_t28 = 6;
					memset(_t34, 0, _t28 << 2);
					goto L9;
				} else {
					_t19 = _t12 - 1;
					if(_t19 == 0) {
						_t37 = E00C87410(_t27, __edx,  *_t26,  *(_t26 + 0x18), _a8);
						if(_t37 == 0x80070490 || _t37 >= 0) {
							L9:
							_t37 = E00C88E48(_t26);
							if(_t37 < 0) {
								_push("Failed to read next symbol.");
								goto L11;
							}
						} else {
							E00C837D3(_t20, "condition.cpp", 0x1b8, _t37);
							_push("Failed to find variable.");
							L11:
							_push(_t37);
							E00CC012F();
						}
					} else {
						_t22 = _t19 - 1;
						if(_t22 == 0) {
							goto L8;
						} else {
							_t23 = _t22 == 1;
							if(_t22 == 1) {
								goto L8;
							} else {
								_t37 = 0x8007000d;
								 *((intOrPtr*)(_t26 + 0x30)) = 1;
								E00C837D3(_t23, "condition.cpp", 0x1c7, 0x8007000d);
								_push( *((intOrPtr*)(_t26 + 0x14)));
								E00CC012F(0x8007000d, "Failed to parse condition \'%ls\' at position: %u",  *((intOrPtr*)(_t26 + 4)));
							}
						}
					}
				}
				return _t37;
			}

0x00c896f4
0x00c896f8
0x00c896ff
0x00c89702
0x00c89777
0x00c89777
0x00c8977a
0x00c8977a
0x00c89783
0x00c8978f
0x00c89790
0x00000000
0x00c89704
0x00c89704
0x00c89707
0x00c89752
0x00c8975a
0x00c89793
0x00c89799
0x00c8979d
0x00c8979f
0x00000000
0x00c8979f
0x00c89760
0x00c8976b
0x00c89770
0x00c897a4
0x00c897a4
0x00c897a5
0x00c897ab
0x00c89709
0x00c89709
0x00c8970c
0x00000000
0x00c8970e
0x00c8970e
0x00c89711
0x00000000
0x00c89713
0x00c89713
0x00c89718
0x00c8972a
0x00c8972f
0x00c8973b
0x00c89740
0x00c89711
0x00c8970c
0x00c89707
0x00c897b1

APIs

_memcpy_s.LIBCMT ref: 00C89783

Strings

Failed to read next symbol., xrefs: 00C8979F
Failed to parse condition '%ls' at position: %u, xrefs: 00C89735
condition.cpp, xrefs: 00C89725, 00C89766
Failed to find variable., xrefs: 00C89770

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: _memcpy_s
String ID: Failed to find variable.$Failed to parse condition '%ls' at position: %u$Failed to read next symbol.$condition.cpp
API String ID: 2001391462-1605196437
Opcode ID: 8a2b3db6522960a01f5d651000dea32a428d92813feae0a65ac0f3299ebd3961
Instruction ID: e9b984e81e60580615bbc3f399ae3beb5fadfc7200bcf6c8e4c4de4f1c75d88e
Opcode Fuzzy Hash: 8a2b3db6522960a01f5d651000dea32a428d92813feae0a65ac0f3299ebd3961
Instruction Fuzzy Hash: 85113A33690220BBDB113D68DC86FAB7A54EB02714F080038F905AE596C672DA10A3E9

Uniqueness

Uniqueness Score: -1.00%

Function 00C98003, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 00C838D4: GetProcessHeap.KERNEL32(?,000001C7,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838E5
Part of subcall function 00C838D4: RtlAllocateHeap.NTDLL(00000000,?,00C82284,000001C7,00000001,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C838EC

CreateWellKnownSid.ADVAPI32(00000000,00000000,00000000,00000000,00000044,00000001,00000000,00000000,?,?,00C98C10,0000001A,00000000,?,00000000,00000000), ref: 00C9804C
GetLastError.KERNEL32(?,?,00C98C10,0000001A,00000000,?,00000000,00000000,?,?,00000000,00000000,?,?,-00000004,00000000), ref: 00C98056

Strings

Failed to allocate memory for well known SID., xrefs: 00C98034
cache.cpp, xrefs: 00C9802A, 00C9807A
Failed to create well known SID., xrefs: 00C98084

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$AllocateCreateErrorKnownLastProcessWell
String ID: Failed to allocate memory for well known SID.$Failed to create well known SID.$cache.cpp
API String ID: 2186923214-2110050797
Opcode ID: 4b2683415352a9720eff3d8b8ca5ae085a6e950d9c3426fc3fc315e9239e069e
Instruction ID: a71f389440fcb11312033cce4dac9afdb6d6fde5feaeeef994b02f34094a8117
Opcode Fuzzy Hash: 4b2683415352a9720eff3d8b8ca5ae085a6e950d9c3426fc3fc315e9239e069e
Instruction Fuzzy Hash: CA012F726407247AEB2176799C0AF5B6A9CDF41F61F11112BFE04E7240FD758E0592E4

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4038, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52
fileCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00CC4038(void* __ecx, void* __eflags, WCHAR* _a4) {
				signed char _v8;
				void* _t22;

				_v8 = _v8 | 0xffffffff;
				_t22 = 0;
				if(E00CC4315(_a4,  &_v8) != 0) {
					if((_v8 & 0x00000007) == 0 || SetFileAttributesW(_a4, 0x80) != 0) {
						L5:
						if(DeleteFileW(_a4) == 0) {
							_t22 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
							if(_t22 < 0) {
								_push(_t22);
								_push(0x5c2);
								goto L8;
							}
						}
					} else {
						_t22 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
						if(_t22 >= 0) {
							goto L5;
						} else {
							_push(_t22);
							_push(0x5bc);
							L8:
							_push("fileutil.cpp");
							E00C837D3(_t14);
						}
					}
				}
				return _t22;
			}

0x00cc403c
0x00cc4048
0x00cc4051
0x00cc405d
0x00cc408d
0x00cc4098
0x00cc40a7
0x00cc40ac
0x00cc40ae
0x00cc40af
0x00000000
0x00cc40af
0x00cc40ac
0x00cc4071
0x00cc407e
0x00cc4083
0x00000000
0x00cc4085
0x00cc4085
0x00cc4086
0x00cc40b4
0x00cc40b4
0x00cc40b9
0x00cc40b9
0x00cc4083
0x00cc40be
0x00cc40c5

APIs

Part of subcall function 00CC4315: FindFirstFileW.KERNEL32(00CA8FFA,?,000002C0,00000000,00000000), ref: 00CC4350
Part of subcall function 00CC4315: FindClose.KERNEL32(00000000), ref: 00CC435C

SetFileAttributesW.KERNEL32(00CA8FFA,00000080,00000000,00CA8FFA,000000FF,00000000,?,?,00CA8FFA), ref: 00CC4067
GetLastError.KERNEL32(?,?,00CA8FFA), ref: 00CC4071
DeleteFileW.KERNEL32(00CA8FFA,00000000,00CA8FFA,000000FF,00000000,?,?,00CA8FFA), ref: 00CC4090
GetLastError.KERNEL32(?,?,00CA8FFA), ref: 00CC409A

Strings

fileutil.cpp, xrefs: 00CC40B4

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: File$ErrorFindLast$AttributesCloseDeleteFirst
String ID: fileutil.cpp
API String ID: 3967264933-2967768451
Opcode ID: ddb9ecf6842219647a87d1fee7673510c9e9b80c972fdbc241055113a1ad1216
Instruction ID: 25e5d2985817eb9429d185695be027d2d554793c3d928393eecb5909b6311cf3
Opcode Fuzzy Hash: ddb9ecf6842219647a87d1fee7673510c9e9b80c972fdbc241055113a1ad1216
Instruction Fuzzy Hash: 5D01DE31A80735A7D7216AAACD19F5B7AD8EF007A1F008229FE05E20A0DB20CE0096E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CAD5AF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00CAD5AF(intOrPtr* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				void* _t10;
				intOrPtr* _t21;
				struct _SECURITY_ATTRIBUTES* _t22;

				_t21 = __ecx;
				_t22 = 0;
				_t1 = _t21 + 8; // 0x8
				 *__ecx = 0xce06ec;
				 *(__ecx + 4) = 1;
				InitializeCriticalSection(_t1);
				_t10 = CreateEventW(0, 1, 0, 0);
				 *(_t21 + 0x28) = _t10;
				if(_t10 != 0) {
					 *((intOrPtr*)(_t21 + 0x20)) = 0;
					 *((intOrPtr*)(_t21 + 0x24)) = 0;
					 *((intOrPtr*)(_t21 + 0x2c)) = _a4;
				} else {
					_t25 =  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					_t22 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t14 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "bitsengine.cpp", 0x11c, _t22);
					_push("Failed to create BITS job complete event.");
					_push(_t22);
					E00CC012F();
				}
				 *_a8 = _t22;
				return _t21;
			}

0x00cad5b4
0x00cad5b6
0x00cad5b8
0x00cad5bb
0x00cad5c2
0x00cad5c9
0x00cad5d4
0x00cad5da
0x00cad5df
0x00cad621
0x00cad624
0x00cad627
0x00cad5e1
0x00cad5f2
0x00cad5fc
0x00cad60a
0x00cad60f
0x00cad614
0x00cad615
0x00cad61b
0x00cad62d
0x00cad634

APIs

InitializeCriticalSection.KERNEL32(00000008,00000000,00000000,?,00CADD19,?,?,?,?,?,00000001,00000000,?), ref: 00CAD5C9
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00CADD19,?,?,?,?,?,00000001,00000000,?), ref: 00CAD5D4
GetLastError.KERNEL32(?,00CADD19,?,?,?,?,?,00000001,00000000,?), ref: 00CAD5E1

Strings

Failed to create BITS job complete event., xrefs: 00CAD60F
bitsengine.cpp, xrefs: 00CAD605

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CreateCriticalErrorEventInitializeLastSection
String ID: Failed to create BITS job complete event.$bitsengine.cpp
API String ID: 3069647169-3441864216
Opcode ID: 9f461be9bbb34160167be1267756af2a37425770e7428e7c30c093afc80e6ef4
Instruction ID: 092a7214b27877c8c803119254381b80e48bc36d3ccb83f1c079f153dba50f1e
Opcode Fuzzy Hash: 9f461be9bbb34160167be1267756af2a37425770e7428e7c30c093afc80e6ef4
Instruction Fuzzy Hash: 8B019EB2600726ABD7109B6AD805B8BBAD8FF09761F104126FC09D7A40E7B09950CBE4

Uniqueness

Uniqueness Score: -1.00%

Function 00C8D39D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00C8D39D(intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr* _t10;
				long _t15;
				long _t18;
				intOrPtr _t19;

				_t19 = _a4;
				_t18 = 0;
				_t2 = _t19 + 0x18; // 0xd0
				EnterCriticalSection(_t2);
				_t3 = _t19 + 0x30; // 0xe8
				_t15 = 1;
				if(InterlockedCompareExchange(_t3, 1, 0) != 0) {
					_t15 = 0;
					_t18 = 0x8007139f;
				}
				_t4 = _t19 + 0x18; // 0xd0
				LeaveCriticalSection(_t4);
				_t10 = _a8;
				if(_t10 != 0) {
					 *_t10 = _t15;
				}
				if(_t18 < 0) {
					E00C837D3(_t10, "userexperience.cpp", 0xea, _t18);
					_push("Engine active cannot be changed because it was already in that state.");
					_push(_t18);
					E00CC012F();
				}
				return _t18;
			}

0x00c8d3a2
0x00c8d3a6
0x00c8d3a8
0x00c8d3ac
0x00c8d3b5
0x00c8d3b8
0x00c8d3c3
0x00c8d3c5
0x00c8d3c7
0x00c8d3c7
0x00c8d3cc
0x00c8d3d0
0x00c8d3d6
0x00c8d3db
0x00c8d3dd
0x00c8d3dd
0x00c8d3e1
0x00c8d3ee
0x00c8d3f3
0x00c8d3f8
0x00c8d3f9
0x00c8d3ff
0x00c8d406

APIs

EnterCriticalSection.KERNEL32(000000D0,?,000000B8,00000000,?,00C96E4B,000000B8,00000000,?,00000000,7743A770), ref: 00C8D3AC
InterlockedCompareExchange.KERNEL32(000000E8,00000001,00000000), ref: 00C8D3BB
LeaveCriticalSection.KERNEL32(000000D0,?,00C96E4B,000000B8,00000000,?,00000000,7743A770), ref: 00C8D3D0

Strings

userexperience.cpp, xrefs: 00C8D3E9
Engine active cannot be changed because it was already in that state., xrefs: 00C8D3F3

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$CompareEnterExchangeInterlockedLeave
String ID: Engine active cannot be changed because it was already in that state.$userexperience.cpp
API String ID: 3376869089-1544469594
Opcode ID: 1b494b9e2273a805c91b53308224c3746f045e34db31b147e4dfd7e74750fa31
Instruction ID: 324861f136d536f501a579bf965890edabcd21928ae0495498db700b96f10a26
Opcode Fuzzy Hash: 1b494b9e2273a805c91b53308224c3746f045e34db31b147e4dfd7e74750fa31
Instruction Fuzzy Hash: 0EF08C763003046B97106EAAEC85F9B73ADEA85769B04442AF502C3250DA70ED058724

Uniqueness

Uniqueness Score: -1.00%

Function 00CC937F, Relevance: 7.6, APIs: 5, Instructions: 119
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC937F(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				char _v20;
				char _v24;
				void* _t58;
				void* _t60;

				_t58 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				_v20 = 0;
				_v24 = 0;
				_t60 = E00CC0E3F(_a4,  *0xcea7e0, 0x20019,  &_v16);
				if(_t60 == 0x80070002 || _t60 < 0) {
					L17:
					if(_v12 != 0) {
						RegCloseKey(_v12);
						_v12 = 0;
					}
					if(_v8 != 0) {
						RegCloseKey(_v8);
						_v8 = 0;
					}
					if(_v16 != 0) {
						RegCloseKey(_v16);
					}
					return _t60;
				} else {
					_t60 = E00CC0E3F(_v16, _a8, 0x20019,  &_v8);
					if(_t60 != 0x80070002 && _t60 >= 0) {
						_t60 = E00CC0E3F(_v8,  *0xcea7e4, 0x20019,  &_v12);
						if(_t60 != 0x80070002 && _t60 >= 0) {
							_t60 = E00CC0B49(_t58, _v12, _a12, 0, 1);
							if(_t60 < 0) {
								goto L17;
							}
							_t60 = E00CC0E9B(_v12,  &_v20, 0);
							if(_t60 >= 0 && _v20 <= 0) {
								if(_v12 != 0) {
									RegCloseKey(_v12);
									_v12 = 0;
								}
								_t60 = E00CC0B49(_t58, _v8,  *0xcea7e4, 0, 0);
								if(_t60 >= 0) {
									_t60 = E00CC0E9B(_v8, 0,  &_v24);
									if(_t60 >= 0 && _v24 == 0) {
										if(_v8 != 0) {
											RegCloseKey(_v8);
											_v8 = 0;
										}
										_t60 = E00CC0B49(_t58, _v16, _a8, 0, 0);
									}
								}
							}
						}
					}
					goto L17;
				}
			}

0x00cc937f
0x00cc9399
0x00cc939f
0x00cc93a2
0x00cc93a5
0x00cc93a8
0x00cc93b6
0x00cc93be
0x00cc94a6
0x00cc94a9
0x00cc94ae
0x00cc94b0
0x00cc94b0
0x00cc94b6
0x00cc94bb
0x00cc94bd
0x00cc94bd
0x00cc94c3
0x00cc94c8
0x00cc94c8
0x00cc94d2
0x00cc93cc
0x00cc93e0
0x00cc93e8
0x00cc940d
0x00cc9415
0x00cc9431
0x00cc9435
0x00000000
0x00000000
0x00cc9444
0x00cc9448
0x00cc9452
0x00cc9457
0x00cc9459
0x00cc9459
0x00cc946c
0x00cc9470
0x00cc947f
0x00cc9483
0x00cc948d
0x00cc9492
0x00cc9494
0x00cc9494
0x00cc94a4
0x00cc94a4
0x00cc9483
0x00cc9470
0x00cc9448
0x00cc9415
0x00000000
0x00cc93e8

APIs

Part of subcall function 00CC0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00CC5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00CC0E52

RegCloseKey.ADVAPI32(00000001,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019,00000001,00000000,00000000,00020019,00000000,00000001), ref: 00CC9457
RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000,00000001,?,00000000,00000001,00000000,00020019), ref: 00CC9492
RegCloseKey.ADVAPI32(00000001,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00CC94AE
RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00CC94BB
RegCloseKey.ADVAPI32(00000000,00000001,00020019,00000000,00000000,00000000,00000000), ref: 00CC94C8

Part of subcall function 00CC0B49: RegCloseKey.ADVAPI32(00000000), ref: 00CC0CA0

Part of subcall function 00CC0E9B: RegQueryInfoKeyW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00CC9444,00000001), ref: 00CC0EB3

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Close$InfoOpenQuery
String ID:
API String ID: 796878624-0
Opcode ID: 0b9c853beffa35b65914df451c9e3e629791f76b250c190722c4585644cc9464
Instruction ID: 5b741bb27a86b0992f89af9040e22abe71d3cda8775b164705cb25a08ca91638
Opcode Fuzzy Hash: 0b9c853beffa35b65914df451c9e3e629791f76b250c190722c4585644cc9464
Instruction Fuzzy Hash: 00410772C01229FFCF22EF95CD85EADFB79EF04760B1141AEE91076121C7324E91AA90

Uniqueness

Uniqueness Score: -1.00%

Function 00C821BC, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 33%

			E00C821BC(signed int __edx, intOrPtr* _a4, char* _a8, signed int _a12, int _a16) {
				signed int _t17;
				unsigned int _t18;
				signed int _t19;
				signed short _t24;
				intOrPtr _t25;
				signed short _t31;
				signed int _t34;
				int _t36;
				char* _t38;
				void* _t39;
				intOrPtr _t41;
				intOrPtr _t42;
				int _t44;
				unsigned int _t46;
				intOrPtr* _t47;
				unsigned int _t49;
				int _t51;

				_t37 = _a4;
				_t44 = __edx | 0xffffffff;
				_t17 = _a12;
				_t51 = 0;
				_t34 = _t17;
				_t46 = 0;
				if( *_a4 == 0) {
					L4:
					_t38 = _a8;
					if(_t17 != 0) {
						if(_t38[_t17] == 0) {
							_t34 = _t17 - 1;
						}
						L11:
						_t18 = _t34 + 1;
						if(_t46 >= _t18) {
							L20:
							_t19 = _a12;
							_push(_t46);
							_t47 = _a4;
							_push( *_t47);
							_t39 = 0xffffffff;
							_t20 =  ==  ? _t39 : _t19;
							if(MultiByteToWideChar(_a16, _t51, _a8,  ==  ? _t39 : _t19, ??, ??) != 0) {
								 *((short*)( *_t47 + _t34 * 2)) = 0;
								L23:
								return _t51;
							}
							_t24 = GetLastError();
							_t55 =  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							_t25 = 0x80004005;
							_t51 =  >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							_push(_t51);
							_push(0x22f);
							L7:
							_push("strutil.cpp");
							E00C837D3(_t25);
							goto L23;
						}
						_t46 = _t18;
						if(_t46 < 0x7fffffff) {
							_push(1);
							_t41 =  *_a4;
							_push(_t46 + _t46);
							if(_t41 == 0) {
								_t25 = E00C838D4();
							} else {
								_push(_t41);
								_t25 = E00C83A72();
							}
							_t42 = _t25;
							if(_t42 != 0) {
								 *_a4 = _t42;
								goto L20;
							} else {
								_t51 = 0x8007000e;
								_push(0x8007000e);
								_push(0x228);
								goto L7;
							}
						}
						_t51 = 0x8007000e;
						goto L23;
					}
					_t36 = MultiByteToWideChar(_a16, _t51, _t38, _t44, _t51, _t51);
					if(_t36 != 0) {
						_t34 = _t36 - 1;
						goto L11;
					}
					_t31 = GetLastError();
					_t58 =  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
					_t25 = 0x80004005;
					_t51 =  >=  ? 0x80004005 :  <=  ? _t31 : _t31 & 0x0000ffff | 0x80070000;
					_push(_t51);
					_push(0x20c);
					goto L7;
				}
				_t49 = E00C83B51( *_t37);
				_t44 = _t44 | 0xffffffff;
				if(_t49 != _t44) {
					_t46 = _t49 >> 1;
					_t17 = _t34;
					goto L4;
				}
				_t51 = 0x80070057;
				goto L23;
			}

0x00c821bf
0x00c821c2
0x00c821c5
0x00c821ca
0x00c821cc
0x00c821cf
0x00c821d3
0x00c821f3
0x00c821f3
0x00c821f8
0x00c82248
0x00c8224a
0x00c8224a
0x00c8224d
0x00c8224d
0x00c82252
0x00c8229c
0x00c8229c
0x00c822a1
0x00c822a2
0x00c822a5
0x00c822a9
0x00c822aa
0x00c822bd
0x00c822ec
0x00c822f0
0x00c822f6
0x00c822f6
0x00c822bf
0x00c822d0
0x00c822d3
0x00c822da
0x00c822dd
0x00c822de
0x00c82232
0x00c82232
0x00c82237
0x00000000
0x00c82237
0x00c82254
0x00c8225c
0x00c8226b
0x00c8226d
0x00c82272
0x00c82275
0x00c8227f
0x00c82277
0x00c82277
0x00c82278
0x00c82278
0x00c82284
0x00c82288
0x00c8229a
0x00000000
0x00c8228a
0x00c8228a
0x00c8228f
0x00c82290
0x00000000
0x00c82290
0x00c82288
0x00c8225e
0x00000000
0x00c8225e
0x00c82208
0x00c8220c
0x00c82241
0x00000000
0x00c82241
0x00c8220e
0x00c8221f
0x00c82222
0x00c82229
0x00c8222c
0x00c8222d
0x00000000
0x00c8222d
0x00c821dc
0x00c821de
0x00c821e3
0x00c821ef
0x00c821f1
0x00000000
0x00c821f1
0x00c821e5
0x00000000

APIs

MultiByteToWideChar.KERNEL32(8007139F,00000000,?,?,00000000,00000000,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C82202
GetLastError.KERNEL32(?,00000000,00000000,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C8220E

Part of subcall function 00C83B51: GetProcessHeap.KERNEL32(00000000,000001C7,?,00C821DC,000001C7,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83B59
Part of subcall function 00C83B51: HeapSize.KERNEL32(00000000,?,00C821DC,000001C7,80004005,8007139F,?,?,00CC015F,8007139F,?,00000000,00000000,8007139F), ref: 00C83B60

Strings

strutil.cpp, xrefs: 00C82232

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Heap$ByteCharErrorLastMultiProcessSizeWide
String ID: strutil.cpp
API String ID: 3662877508-3612885251
Opcode ID: cd4a5a2eff809e963a67a5a9812d05e9f408f78f6157449b6d3f737ec2de33b5
Instruction ID: 28c6dbc404642fb117fa08a88dea906aac0c85eec3afede11c2a1e9033cb7694
Opcode Fuzzy Hash: cd4a5a2eff809e963a67a5a9812d05e9f408f78f6157449b6d3f737ec2de33b5
Instruction Fuzzy Hash: 90311A72600215ABEB20AAAACC4DB6B77D5EF45778F110225FC15DB2A0E630CD0197A8

Uniqueness

Uniqueness Score: -1.00%

Function 00C8738E, Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00C8738E(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t22;

				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E00C85C87(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t22 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t22 != 0x80070490) {
						if(_t22 >= 0) {
							_t22 = E00CA00E0(_t15 + 8, _a12);
							if(_t22 < 0) {
								_push(_a8);
								_push("Failed to get value as string for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t22);
							E00CC012F();
						}
					}
				} else {
					_t22 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}

0x00c8738e
0x00c87391
0x00c87392
0x00c8739a
0x00c873af
0x00c873b1
0x00c873b6
0x00c873cb
0x00c873cf
0x00c873e7
0x00c873eb
0x00c873ed
0x00c873f0
0x00000000
0x00c873f0
0x00c873d1
0x00c873d1
0x00c873d4
0x00c873f5
0x00c873f5
0x00c873f6
0x00c873fb
0x00c873cf
0x00c873be
0x00c873be
0x00c873be
0x00c87401
0x00c8740d

APIs

EnterCriticalSection.KERNEL32(00C852B5,WixBundleOriginalSource,?,?,00C9A41D,00C853B5,WixBundleOriginalSource,00C8533D,00CEAA90,?,00000000,00C8533D,?,00C97587,?,?), ref: 00C8739A
LeaveCriticalSection.KERNEL32(00C852B5,00C852B5,00000000,00000000,?,?,00C9A41D,00C853B5,WixBundleOriginalSource,00C8533D,00CEAA90,?,00000000,00C8533D,?,00C97587), ref: 00C87401

Strings

Failed to get value as string for variable: %ls, xrefs: 00C873F0
Failed to get value of variable: %ls, xrefs: 00C873D4
WixBundleOriginalSource, xrefs: 00C87396

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to get value as string for variable: %ls$Failed to get value of variable: %ls$WixBundleOriginalSource
API String ID: 3168844106-30613933
Opcode ID: 1aa889d73b7ace6630392862fbf956892e0801e267f3a3ede22d055e8152a9c7
Instruction ID: d21d3e647d593d66153d54d8db9677eef04976306238f022864428d49a29e53d
Opcode Fuzzy Hash: 1aa889d73b7ace6630392862fbf956892e0801e267f3a3ede22d055e8152a9c7
Instruction Fuzzy Hash: 22017172984129FBCF116F54CC05F9E7B64DB14769F218225FC04AA230E735DE50ABD5

Uniqueness

Uniqueness Score: -1.00%

Function 00CBD038, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00CBD038(void* __ebx, signed int __edx, signed int _a4, void* _a8, signed int _a12) {
				signed int _v8;
				long _v12;
				struct _OVERLAPPED* _v16;
				long _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _v52;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t62;
				intOrPtr _t66;
				signed char _t68;
				signed int _t69;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr _t79;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t106;
				signed int _t107;
				signed int _t109;
				intOrPtr _t111;
				signed int _t116;
				signed int _t118;
				void* _t119;
				signed int _t120;
				signed int _t121;
				void* _t122;

				_t118 = __edx;
				_t104 = __ebx;
				_t62 =  *0xcea008; // 0x4c290ae8
				_v8 = _t62 ^ _t121;
				_t109 = _a12;
				_v12 = _t109;
				_t120 = _a4;
				_t119 = _a8;
				_v52 = _t119;
				if(_t109 != 0) {
					__eflags = _t119;
					if(_t119 != 0) {
						_push(__ebx);
						_t106 = _t120 >> 6;
						_t118 = (_t120 & 0x0000003f) * 0x30;
						_v32 = _t106;
						_t66 =  *((intOrPtr*)(0xceb158 + _t106 * 4));
						_v48 = _t66;
						_v28 = _t118;
						_t107 =  *((intOrPtr*)(_t66 + _t118 + 0x29));
						__eflags = _t107 - 2;
						if(_t107 == 2) {
							L6:
							_t68 =  !_t109;
							__eflags = _t68 & 0x00000001;
							if((_t68 & 0x00000001) != 0) {
								_t66 = _v48;
								L9:
								__eflags =  *(_t66 + _t118 + 0x28) & 0x00000020;
								if(__eflags != 0) {
									E00CBD2C2(_t120, 0, 0, 2);
									_t122 = _t122 + 0x10;
								}
								_t69 = E00CBCBDD(_t107, _t118, __eflags, _t120);
								__eflags = _t69;
								if(_t69 == 0) {
									_t111 =  *((intOrPtr*)(0xceb158 + _v32 * 4));
									_t71 = _v28;
									__eflags =  *(_t111 + _t71 + 0x28) & 0x00000080;
									if(( *(_t111 + _t71 + 0x28) & 0x00000080) == 0) {
										_v24 = 0;
										_v20 = 0;
										_v16 = 0;
										_t73 = WriteFile( *(_t111 + _t71 + 0x18), _t119, _v12,  &_v20, 0);
										__eflags = _t73;
										if(_t73 == 0) {
											_v24 = GetLastError();
										}
										_t120 =  &_v24;
										goto L28;
									}
									_t87 = _t107;
									__eflags = _t87;
									if(_t87 == 0) {
										_t89 = E00CBCC53( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									_t90 = _t87 - 1;
									__eflags = _t90;
									if(_t90 == 0) {
										_t89 = E00CBCE20( &_v24, _t120, _t119, _v12);
										goto L17;
									}
									__eflags = _t90 != 1;
									if(_t90 != 1) {
										goto L34;
									}
									_t89 = E00CBCD32( &_v24, _t120, _t119, _v12);
									goto L17;
								} else {
									__eflags = _t107;
									if(_t107 == 0) {
										_t89 = E00CBC9BD( &_v24, _t120, _t119, _v12);
										L17:
										L15:
										_t120 = _t89;
										L28:
										_t119 =  &_v44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										_t74 = _v40;
										__eflags = _t74;
										if(_t74 != 0) {
											__eflags = _t74 - _v36;
											L40:
											_pop(_t104);
											L41:
											return E00CADE36(_t104, _v8 ^ _t121, _t118, _t119, _t120);
										}
										_t77 = _v44;
										__eflags = _t77;
										if(_t77 == 0) {
											_t119 = _v52;
											L34:
											_t116 = _v28;
											_t79 =  *((intOrPtr*)(0xceb158 + _v32 * 4));
											__eflags =  *(_t79 + _t116 + 0x28) & 0x00000040;
											if(( *(_t79 + _t116 + 0x28) & 0x00000040) == 0) {
												L37:
												 *((intOrPtr*)(E00CB3E36())) = 0x1c;
												_t81 = E00CB3E23();
												 *_t81 =  *_t81 & 0x00000000;
												__eflags =  *_t81;
												L38:
												goto L40;
											}
											__eflags =  *_t119 - 0x1a;
											if( *_t119 != 0x1a) {
												goto L37;
											}
											goto L40;
										}
										_t120 = 5;
										__eflags = _t77 - _t120;
										if(_t77 != _t120) {
											_t81 = E00CB3E00(_t77);
										} else {
											 *((intOrPtr*)(E00CB3E36())) = 9;
											 *(E00CB3E23()) = _t120;
										}
										goto L38;
									}
									__eflags = _t107 - 1 - 1;
									if(_t107 - 1 > 1) {
										goto L34;
									}
									_t89 = E00CBCB70( &_v24, _t119, _v12);
									goto L15;
								}
							}
							 *(E00CB3E23()) =  *_t97 & 0x00000000;
							 *((intOrPtr*)(E00CB3E36())) = 0x16;
							_t81 = E00CB3D7A();
							goto L38;
						}
						__eflags = _t107 - 1;
						if(_t107 != 1) {
							goto L9;
						}
						goto L6;
					}
					 *(E00CB3E23()) =  *_t99 & _t119;
					 *((intOrPtr*)(E00CB3E36())) = 0x16;
					E00CB3D7A();
					goto L41;
				}
				goto L41;
			}

0x00cbd038
0x00cbd038
0x00cbd040
0x00cbd047
0x00cbd04a
0x00cbd04d
0x00cbd051
0x00cbd055
0x00cbd058
0x00cbd05d
0x00cbd066
0x00cbd068
0x00cbd089
0x00cbd08e
0x00cbd094
0x00cbd097
0x00cbd09a
0x00cbd0a1
0x00cbd0a4
0x00cbd0a7
0x00cbd0ab
0x00cbd0ae
0x00cbd0b5
0x00cbd0b7
0x00cbd0b9
0x00cbd0bb
0x00cbd0da
0x00cbd0dd
0x00cbd0dd
0x00cbd0e2
0x00cbd0eb
0x00cbd0f0
0x00cbd0f0
0x00cbd0f4
0x00cbd0fa
0x00cbd0fc
0x00cbd13a
0x00cbd141
0x00cbd144
0x00cbd149
0x00cbd198
0x00cbd19b
0x00cbd19e
0x00cbd1aa
0x00cbd1b0
0x00cbd1b2
0x00cbd1ba
0x00cbd1ba
0x00cbd1bd
0x00000000
0x00cbd1bd
0x00cbd14e
0x00cbd14e
0x00cbd151
0x00cbd18a
0x00000000
0x00cbd18a
0x00cbd153
0x00cbd153
0x00cbd156
0x00cbd17a
0x00000000
0x00cbd17a
0x00cbd158
0x00cbd15b
0x00000000
0x00000000
0x00cbd16a
0x00000000
0x00cbd0fe
0x00cbd0fe
0x00cbd100
0x00cbd12d
0x00cbd132
0x00cbd11d
0x00cbd11d
0x00cbd1c0
0x00cbd1c0
0x00cbd1c3
0x00cbd1c4
0x00cbd1c5
0x00cbd1c6
0x00cbd1c9
0x00cbd1cb
0x00cbd230
0x00cbd233
0x00cbd233
0x00cbd234
0x00cbd243
0x00cbd243
0x00cbd1cd
0x00cbd1d0
0x00cbd1d2
0x00cbd1f8
0x00cbd1fb
0x00cbd1fe
0x00cbd201
0x00cbd208
0x00cbd20d
0x00cbd218
0x00cbd21d
0x00cbd223
0x00cbd228
0x00cbd228
0x00cbd22b
0x00000000
0x00cbd22b
0x00cbd20f
0x00cbd212
0x00000000
0x00000000
0x00000000
0x00cbd214
0x00cbd1d6
0x00cbd1d7
0x00cbd1d9
0x00cbd1f0
0x00cbd1db
0x00cbd1e0
0x00cbd1eb
0x00cbd1eb
0x00000000
0x00cbd1d9
0x00cbd104
0x00cbd107
0x00000000
0x00000000
0x00cbd115
0x00000000
0x00cbd11a
0x00cbd0fc
0x00cbd0c2
0x00cbd0ca
0x00cbd0d0
0x00000000
0x00cbd0d0
0x00cbd0b0
0x00cbd0b3
0x00000000
0x00000000
0x00000000
0x00cbd0b3
0x00cbd06f
0x00cbd076
0x00cbd07c
0x00000000
0x00cbd081
0x00000000

Strings

)L, xrefs: 00CBD040

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID:
String ID: )L
API String ID: 0-501487344
Opcode ID: e16d754890a0cddfe4ce77a2c1dc5e2b948825a4caf0afa1847e91940e78264f
Instruction ID: 1b4cd617393fb14a7c2d0fd14923bdb6cf2010d529a98fdc58a7f977983bc985
Opcode Fuzzy Hash: e16d754890a0cddfe4ce77a2c1dc5e2b948825a4caf0afa1847e91940e78264f
Instruction Fuzzy Hash: FE519271D0028AAFCF159FA9D845BEFBBB4AF15320F14005AE416AB291E770DE419B61

Uniqueness

Uniqueness Score: -1.00%

Function 00CC35A4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122
memoryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E00CC35A4(intOrPtr _a4, signed char _a8, intOrPtr* _a12) {
				void* _v8;
				void* _v12;
				char _v16;
				intOrPtr _v24;
				char _v32;
				short _t29;
				void* _t31;
				intOrPtr* _t48;
				intOrPtr* _t55;
				intOrPtr* _t56;
				void* _t62;

				_t55 = 0;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				__imp__#8( &_v32);
				_t29 = 8;
				_v32 = _t29;
				__imp__#2(_a4);
				_v24 = _t29;
				if(_t29 != 0) {
					_t31 = E00CC2F23(0,  &_v8, 0);
					_t55 = _v8;
					_t62 =  ==  ? 0x80004005 : _t31;
					if(_t62 < 0) {
						goto L13;
					}
					if((_a8 & 0x00000001) == 0) {
						L5:
						_t62 =  *((intOrPtr*)( *_t55 + 0x110))(_t55, 0);
						if(_t62 >= 0) {
							_t62 =  *((intOrPtr*)( *_t55 + 0x118))(_t55, 0);
							if(_t62 >= 0) {
								 *((intOrPtr*)( *_t55 + 0xfc))(_t55, 0);
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t62 =  ==  ? 0x8007006e :  *((intOrPtr*)( *_t55 + 0xe8))(_t55,  &_v16);
								if(_t62 >= 0) {
									_t48 = _a12;
									if(_t48 != 0) {
										 *_t48 = _t55;
										_t55 = 0;
									}
									_t62 = 0;
								} else {
									_push( &_v12);
									_push(_t55);
									if( *((intOrPtr*)( *_t55 + 0xf0))() == 0) {
										E00CC2E85( &_v12, _v12);
									}
								}
							}
						}
						goto L13;
					}
					_t62 =  *((intOrPtr*)( *_t55 + 0x120))(_t55, 0xffffffff);
					if(_t62 < 0) {
						goto L13;
					}
					goto L5;
				} else {
					_t62 = 0x8007000e;
					E00C837D3(_t29, "xmlutil.cpp", 0x16a, 0x8007000e);
					L13:
					__imp__#9( &_v32);
					if(_t55 != 0) {
						 *((intOrPtr*)( *_t55 + 8))(_t55);
					}
					_t56 = _v12;
					if(_t56 != 0) {
						 *((intOrPtr*)( *_t56 + 8))(_t56);
					}
					return _t62;
				}
			}

0x00cc35b2
0x00cc35b4
0x00cc35b8
0x00cc35bb
0x00cc35be
0x00cc35c6
0x00cc35ca
0x00cc35ce
0x00cc35d4
0x00cc35d9
0x00cc35fb
0x00cc3600
0x00cc360d
0x00cc3612
0x00000000
0x00000000
0x00cc361c
0x00cc362f
0x00cc3639
0x00cc363d
0x00cc3649
0x00cc364d
0x00cc3653
0x00cc3668
0x00cc3669
0x00cc366a
0x00cc366b
0x00cc367c
0x00cc3681
0x00cc369e
0x00cc36a3
0x00cc36a5
0x00cc36a7
0x00cc36a7
0x00cc36a9
0x00cc3683
0x00cc3688
0x00cc3689
0x00cc3692
0x00cc3697
0x00cc3697
0x00cc3692
0x00cc3681
0x00cc364d
0x00000000
0x00cc363d
0x00cc3629
0x00cc362d
0x00000000
0x00000000
0x00000000
0x00cc35db
0x00cc35db
0x00cc35eb
0x00cc36ab
0x00cc36af
0x00cc36b7
0x00cc36bc
0x00cc36bc
0x00cc36bf
0x00cc36c4
0x00cc36c9
0x00cc36c9
0x00cc36d4
0x00cc36d4

APIs

VariantInit.OLEAUT32(000002C0), ref: 00CC35BE
SysAllocString.OLEAUT32(?), ref: 00CC35CE
VariantClear.OLEAUT32(?), ref: 00CC36AF

Strings

xmlutil.cpp, xrefs: 00CC35E6

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Variant$AllocClearInitString
String ID: xmlutil.cpp
API String ID: 2213243845-1270936966
Opcode ID: cd5320978de403dc561942815ea3b98344870b16fdab2b456a4b7a2d7e912157
Instruction ID: a0b9f76cfb9ca90afb8ca3e72b1351e3bb8ec75a91f8d45c2815954770deaab2
Opcode Fuzzy Hash: cd5320978de403dc561942815ea3b98344870b16fdab2b456a4b7a2d7e912157
Instruction Fuzzy Hash: B9416371900665ABCB119FA9D888FAEBBB8BF45710F0581A9FC15EB311D730DE408BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C81209, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C81209(void* __ecx, intOrPtr _a4, intOrPtr* _a8, short*** _a12) {
				int _v8;
				int _v12;
				PWCHAR* _t21;
				signed short _t24;
				void* _t35;

				_v8 = 0;
				_v12 = 0;
				_t35 = E00C81EF2( &_v8, L"ignored ", 0);
				if(_t35 >= 0) {
					_t35 = E00C81EF2( &_v8, _a4, 0);
					if(_t35 >= 0) {
						_t21 = CommandLineToArgvW(_v8,  &_v12);
						if(_t21 != 0) {
							_t8 =  &(_t21[1]); // 0x4
							 *_a12 = _t8;
							 *_a8 = _v12 - 1;
						} else {
							_t24 = GetLastError();
							_t39 =  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							_t35 =  >=  ? 0x80004005 :  <=  ? _t24 : _t24 & 0x0000ffff | 0x80070000;
							E00C837D3(0x80004005, "apputil.cpp", 0x63, _t35);
						}
					}
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t35;
			}

0x00c8121c
0x00c8121f
0x00c81227
0x00c8122b
0x00c8123a
0x00c8123e
0x00c81247
0x00c8124f
0x00c8127e
0x00c81284
0x00c8128d
0x00c81251
0x00c81251
0x00c81262
0x00c8126c
0x00c81277
0x00c81277
0x00c8124f
0x00c8123e
0x00c81292
0x00c81297
0x00c81297
0x00c812a3

APIs

CommandLineToArgvW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000000,ignored ,00000000,?,00000000,?,?,?,00C85137,00000000,?), ref: 00C81247
GetLastError.KERNEL32(?,?,?,00C85137,00000000,?,?,00000003,00000000,00000000,?,?,?,?,?,?), ref: 00C81251

Strings

apputil.cpp, xrefs: 00C81272
ignored , xrefs: 00C81216

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ArgvCommandErrorLastLine
String ID: apputil.cpp$ignored
API String ID: 3459693003-568828354
Opcode ID: 0c981fceb621f1a96b2be7017809bdbc865dcb734f2704a4650c1d7c358c7cd4
Instruction ID: aeec7fe17df4d05abfb77e2590f2f53caab97893dbc6efeb0a374be32a782a4f
Opcode Fuzzy Hash: 0c981fceb621f1a96b2be7017809bdbc865dcb734f2704a4650c1d7c358c7cd4
Instruction Fuzzy Hash: 6D114C72A00229BB9B11EB99D805EAFBBECEF44750B154169FC04E7210E730DE419BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00C9F086, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00C9F086(intOrPtr _a4, long _a8) {
				signed short _t7;
				int _t13;

				_t13 = 0;
				if(PostThreadMessageW( *(_a4 + 0x10), 0x9001, 0, _a8) == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "EngineForApplication.cpp", 0x292, _t13);
					_push("Failed to post plan message.");
					_push(_t13);
					E00CC012F();
				}
				return _t13;
			}

0x00c9f090
0x00c9f0a3
0x00c9f0a5
0x00c9f0b6
0x00c9f0c0
0x00c9f0ce
0x00c9f0d3
0x00c9f0d8
0x00c9f0d9
0x00c9f0df
0x00c9f0e4

APIs

PostThreadMessageW.USER32 ref: 00C9F09B
GetLastError.KERNEL32 ref: 00C9F0A5

Strings

Failed to post plan message., xrefs: 00C9F0D3
EngineForApplication.cpp, xrefs: 00C9F0C9

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastMessagePostThread
String ID: EngineForApplication.cpp$Failed to post plan message.
API String ID: 2609174426-2952114608
Opcode ID: 705a4c4ce8fbed18ea6bfdea5eb65b62d56a4a8ab741ad406b815eb39807c61d
Instruction ID: 668508f0b80c4e825292c10ce01dfa1321971a3acb1b6da39d048bad8518b4e4
Opcode Fuzzy Hash: 705a4c4ce8fbed18ea6bfdea5eb65b62d56a4a8ab741ad406b815eb39807c61d
Instruction Fuzzy Hash: 59F06C327443307BE72166AA9C09F8B7BD9EF04BA1F014026FD0CE6191D625CD1096E5

Uniqueness

Uniqueness Score: -1.00%

Function 00C9F194, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33
threadwindowCOMMON

Download Yara Rule

C-Code - Quality: 28%

			E00C9F194(intOrPtr _a4, int _a8) {
				signed short _t7;
				long _t13;

				_t13 = 0;
				if(PostThreadMessageW( *(_a4 + 0x10), 0x9005, _a8, 0) == 0) {
					_t7 = GetLastError();
					_t16 =  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					_t13 =  >=  ? 0x80004005 :  <=  ? _t7 : _t7 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "EngineForApplication.cpp", 0x2c3, _t13);
					_push("Failed to post shutdown message.");
					_push(_t13);
					E00CC012F();
				}
				return _t13;
			}

0x00c9f19b
0x00c9f1b1
0x00c9f1b3
0x00c9f1c4
0x00c9f1ce
0x00c9f1dc
0x00c9f1e1
0x00c9f1e6
0x00c9f1e7
0x00c9f1ed
0x00c9f1f2

APIs

PostThreadMessageW.USER32 ref: 00C9F1A9
GetLastError.KERNEL32 ref: 00C9F1B3

Strings

Failed to post shutdown message., xrefs: 00C9F1E1
EngineForApplication.cpp, xrefs: 00C9F1D7

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastMessagePostThread
String ID: EngineForApplication.cpp$Failed to post shutdown message.
API String ID: 2609174426-188808143
Opcode ID: a621e4827fa9488bffcc9451cc4addbdcbe6a6219b8968bf16514947a2d88579
Instruction ID: d0163521d7e15b26674281b60aa679a6fbb36a2a1870b60b9f43bb9cc74a80ce
Opcode Fuzzy Hash: a621e4827fa9488bffcc9451cc4addbdcbe6a6219b8968bf16514947a2d88579
Instruction Fuzzy Hash: 00F06C377413357BE7216AAADC09F8B7BD4EF04B61F014026FE18E6191D655CD0097E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CA051A, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(00CCB468,00000000,?,00CA145A,?,00000000,?,00C8C121,?,00C852FD,?,00C973B2,?,?,00C852FD,?), ref: 00CA0524
GetLastError.KERNEL32(?,00CA145A,?,00000000,?,00C8C121,?,00C852FD,?,00C973B2,?,?,00C852FD,?,00C8533D,00000001), ref: 00CA052E

Strings

cabextract.cpp, xrefs: 00CA0552
Failed to set begin operation event., xrefs: 00CA055C

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorEventLast
String ID: Failed to set begin operation event.$cabextract.cpp
API String ID: 3848097054-4159625223
Opcode ID: 493b1a59b0a4fc8013467dd2228e6920d77384d7d8989ae5f87c47854e0b838e
Instruction ID: 5728bae6ca5ba9aa8eb0059d36a613f8f00656277210380c3fd7987d38001d15
Opcode Fuzzy Hash: 493b1a59b0a4fc8013467dd2228e6920d77384d7d8989ae5f87c47854e0b838e
Instruction Fuzzy Hash: B1F0E573E007316BA711A6B9AC06FDB76D8DF05BA2F120136FE09F7150E6149D0066ED

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3119, Relevance: 6.1, APIs: 4, Instructions: 73
memoryCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00CC3119(void* __eax, intOrPtr* _a4, intOrPtr _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v20;
				char _v28;
				intOrPtr* _t36;
				intOrPtr* _t39;
				signed int _t40;
				signed int _t41;
				signed int* _t43;
				void* _t46;
				void* _t47;
				void* _t51;

				_v8 = _v8 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				__imp__#2(_a8);
				_t46 = __eax;
				__imp__#8( &_v28);
				_t39 = _a4;
				_t47 =  *((intOrPtr*)( *_t39 + 0x44))(_t39,  &_v8);
				if(_t47 >= 0) {
					_t47 = E00CC336E( &_v12, _v8, __eax,  &_v12);
					if(_t47 != 1 && _t47 >= 0) {
						_t36 = _v12;
						_t47 =  *((intOrPtr*)( *_t36 + 0x20))(_t36,  &_v28);
						_t51 = _t47;
						if(_t51 >= 0 && _t51 == 0) {
							_t43 = _a12;
							if(_t43 != 0) {
								_v20 = _v20 & 0x00000000;
								 *_t43 = _v20;
							}
						}
					}
				}
				_t40 = _v8;
				if(_t40 != 0) {
					 *((intOrPtr*)( *_t40 + 8))(_t40);
				}
				_t41 = _v12;
				if(_t41 != 0) {
					 *((intOrPtr*)( *_t41 + 8))(_t41);
				}
				__imp__#9( &_v28);
				if(_t46 != 0) {
					__imp__#6(_t46);
				}
				return _t47;
			}

0x00cc311f
0x00cc3123
0x00cc312c
0x00cc3132
0x00cc3138
0x00cc313e
0x00cc314b
0x00cc314f
0x00cc315e
0x00cc3163
0x00cc3169
0x00cc3176
0x00cc3178
0x00cc317a
0x00cc317e
0x00cc3183
0x00cc3188
0x00cc318c
0x00cc318c
0x00cc3183
0x00cc317a
0x00cc3163
0x00cc318e
0x00cc3193
0x00cc3198
0x00cc3198
0x00cc319b
0x00cc31a0
0x00cc31a5
0x00cc31a5
0x00cc31ac
0x00cc31b4
0x00cc31b7
0x00cc31b7
0x00cc31c4

APIs

SysAllocString.OLEAUT32(?), ref: 00CC312C
VariantInit.OLEAUT32(?), ref: 00CC3138
VariantClear.OLEAUT32(?), ref: 00CC31AC
SysFreeString.OLEAUT32(00000000), ref: 00CC31B7

Part of subcall function 00CC336E: SysAllocString.OLEAUT32(?), ref: 00CC3383

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: String$AllocVariant$ClearFreeInit
String ID:
API String ID: 347726874-0
Opcode ID: 6b0788d410f014208c15bfcb9d093aa4945b7a5928e09541d9ff83b624f5b6dc
Instruction ID: a731cf7869ac5780c403277f18b537f338700c747e4713b31e777b01bb7c86b3
Opcode Fuzzy Hash: 6b0788d410f014208c15bfcb9d093aa4945b7a5928e09541d9ff83b624f5b6dc
Instruction Fuzzy Hash: 08217F31901259AFCB14DFA5D848FAEBBB8EF44711F09415CE801DB220DB30DE45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CB605E, Relevance: 6.0, APIs: 4, Instructions: 50
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 71%

			E00CB605E(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_push(_t30);
				_t36 = GetLastError();
				_t2 =  *0xcea05c; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00CB523F(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00CB88AE(_t20, _t25, _t31, __eflags,  *0xcea05c, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00CB5ED0(_t25, _t31, 0xceb13c);
							E00CB511A(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00CB511A();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00CB51FC(_t20, _t25, _t29, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0xcea05c; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00CB523F(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00CB88AE(_t21, _t27, _t32, __eflags,  *0xcea05c, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00CB5ED0(_t27, _t32, 0xceb13c);
									E00CB511A(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00CB511A();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00CB8858(0, _t25, _t31, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00CB8858(__ebx, _t23, _t30, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}

0x00cb605e
0x00cb605e
0x00cb605e
0x00cb6061
0x00cb6068
0x00cb606a
0x00cb606f
0x00cb6072
0x00cb6080
0x00cb6087
0x00cb608c
0x00cb608f
0x00cb6092
0x00cb60a4
0x00cb60a9
0x00cb60ab
0x00cb60b6
0x00cb60bd
0x00cb60c2
0x00cb60c5
0x00cb60c7
0x00000000
0x00000000
0x00000000
0x00000000
0x00cb60ad
0x00cb60ad
0x00000000
0x00cb60ad
0x00cb6094
0x00cb6094
0x00cb6095
0x00cb6095
0x00cb609a
0x00cb60d5
0x00cb60d6
0x00cb60dc
0x00cb60e1
0x00cb60e4
0x00cb60e5
0x00cb60e6
0x00cb60ed
0x00cb60ef
0x00cb60f1
0x00cb60f6
0x00cb60f9
0x00cb6107
0x00cb6113
0x00cb6116
0x00cb6119
0x00cb612b
0x00cb6130
0x00cb6132
0x00cb613d
0x00cb6143
0x00cb614b
0x00cb614d
0x00000000
0x00000000
0x00000000
0x00000000
0x00cb6134
0x00cb6134
0x00000000
0x00cb6134
0x00cb611b
0x00cb611b
0x00cb611c
0x00cb611c
0x00cb614f
0x00cb6150
0x00cb6150
0x00cb60fb
0x00cb6101
0x00cb6105
0x00cb6158
0x00cb6159
0x00cb615f
0x00000000
0x00000000
0x00000000
0x00cb6105
0x00cb6166
0x00cb6166
0x00cb6074
0x00cb607a
0x00cb607e
0x00cb60c9
0x00cb60ca
0x00cb60d4
0x00000000
0x00000000
0x00000000
0x00cb607e

APIs

GetLastError.KERNEL32(?,00000000,00CB19F5,00000000,80004004,?,00CB1CF9,00000000,80004004,00000000,00000000), ref: 00CB6062
SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 00CB60CA
SetLastError.KERNEL32(00000000,80004004,00000000,00000000), ref: 00CB60D6
_abort.LIBCMT ref: 00CB60DC

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLast$_abort
String ID:
API String ID: 88804580-0
Opcode ID: 6c1cd9dacbf5ea4a774507e154859b94ad5b0710977c37635d5391cf684801a3
Instruction ID: e45af2acd9fa7a4829200f24a89abed473368f07653edf47e8a3db4361f0fdd5
Opcode Fuzzy Hash: 6c1cd9dacbf5ea4a774507e154859b94ad5b0710977c37635d5391cf684801a3
Instruction Fuzzy Hash: 6DF0A435140A5066C222377AFC0EFDF265A9FC1731F250118F82A961D1FF299D01616A

Uniqueness

Uniqueness Score: -1.00%

Function 00C8730C, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 34%

			E00C8730C(void* __ecx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t22;

				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E00C85C87(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t22 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t22 != 0x80070490) {
						if(_t22 >= 0) {
							_t22 = E00CA006A(_t20, _t15 + 8, _a12);
							if(_t22 < 0) {
								_push(_a8);
								_push("Failed to get value as numeric for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t22);
							E00CC012F();
						}
					}
				} else {
					_t22 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}

0x00c8730c
0x00c8730f
0x00c87310
0x00c87318
0x00c8732d
0x00c8732f
0x00c87334
0x00c87349
0x00c8734d
0x00c87365
0x00c87369
0x00c8736b
0x00c8736e
0x00000000
0x00c8736e
0x00c8734f
0x00c8734f
0x00c87352
0x00c87373
0x00c87373
0x00c87374
0x00c87379
0x00c8734d
0x00c8733c
0x00c8733c
0x00c8733c
0x00c8737f
0x00c8738b

APIs

EnterCriticalSection.KERNEL32(?), ref: 00C87318
LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00C8737F

Strings

Failed to get value of variable: %ls, xrefs: 00C87352
Failed to get value as numeric for variable: %ls, xrefs: 00C8736E

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to get value as numeric for variable: %ls$Failed to get value of variable: %ls
API String ID: 3168844106-4270472870
Opcode ID: 25a5b5f9ca1e708888136b76b9c26c63833db20fec69e09c932d589c1484e088
Instruction ID: a4857f7f8ec5df4e58a9be8800554a31bdb4c02d71bf63782689343c20ab43ff
Opcode Fuzzy Hash: 25a5b5f9ca1e708888136b76b9c26c63833db20fec69e09c932d589c1484e088
Instruction Fuzzy Hash: 78019E72944128FBCF116E50CC05F9E3B299B14769F208225FD08AA230D339DE50ABD9

Uniqueness

Uniqueness Score: -1.00%

Function 00C87481, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 38%

			E00C87481(void* __ecx, void* __edx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _t15;
				void* _t21;
				void* _t23;

				_t21 = __edx;
				_t20 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t23 = E00C85C87(_t20, _a4, _a8,  &_v8);
				_t15 = _v8;
				if(_t23 < 0 ||  *((intOrPtr*)(_t15 + 0x18)) != 0) {
					if(_t23 != 0x80070490) {
						if(_t23 >= 0) {
							_t23 = E00CA01D0(_t20, _t21, _t15 + 8, _a12);
							if(_t23 < 0) {
								_push(_a8);
								_push("Failed to get value as version for variable: %ls");
								goto L8;
							}
						} else {
							_push(_a8);
							_push("Failed to get value of variable: %ls");
							L8:
							_push(_t23);
							E00CC012F();
						}
					}
				} else {
					_t23 = 0x80070490;
				}
				LeaveCriticalSection(_a4);
				return _t23;
			}

0x00c87481
0x00c87481
0x00c87484
0x00c87485
0x00c8748d
0x00c874a2
0x00c874a4
0x00c874a9
0x00c874be
0x00c874c2
0x00c874da
0x00c874de
0x00c874e0
0x00c874e3
0x00000000
0x00c874e3
0x00c874c4
0x00c874c4
0x00c874c7
0x00c874e8
0x00c874e8
0x00c874e9
0x00c874ee
0x00c874c2
0x00c874b1
0x00c874b1
0x00c874b1
0x00c874f4
0x00c87500

APIs

EnterCriticalSection.KERNEL32(?), ref: 00C8748D
LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00C874F4

Strings

Failed to get value of variable: %ls, xrefs: 00C874C7
Failed to get value as version for variable: %ls, xrefs: 00C874E3

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to get value as version for variable: %ls$Failed to get value of variable: %ls
API String ID: 3168844106-1851729331
Opcode ID: fec2b8cf85fcff7c153c43e810409bbcf7af733762ce78322ee7ee62a69a0f0c
Instruction ID: dfa17ba6c1e28a5103076fc19e6cbb336400fb6769dde6fe39246cf5cf7a02c9
Opcode Fuzzy Hash: fec2b8cf85fcff7c153c43e810409bbcf7af733762ce78322ee7ee62a69a0f0c
Instruction Fuzzy Hash: 30017172944129FBCF126F84CC45F9E7F689B54769F208225FD05AA220D335DE50ABE4

Uniqueness

Uniqueness Score: -1.00%

Function 00C87410, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 31%

			E00C87410(void* __ecx, void* __edx, struct _CRITICAL_SECTION* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void* _t20;
				void* _t22;

				_t20 = __edx;
				_t19 = __ecx;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				EnterCriticalSection(_a4);
				_t22 = E00C85C87(_t19, _a4, _a8,  &_v8);
				if(_t22 != 0x80070490) {
					if(_t22 >= 0) {
						_t22 = E00C9FF73(_t20, _v8 + 8, _a12);
						if(_t22 < 0) {
							_push(_a8);
							_push("Failed to copy value of variable: %ls");
							goto L5;
						}
					} else {
						_push(_a8);
						_push("Failed to get value of variable: %ls");
						L5:
						_push(_t22);
						E00CC012F();
					}
				}
				LeaveCriticalSection(_a4);
				return _t22;
			}

0x00c87410
0x00c87410
0x00c87413
0x00c87414
0x00c8741c
0x00c87431
0x00c87439
0x00c8743d
0x00c87458
0x00c8745c
0x00c8745e
0x00c87461
0x00000000
0x00c87461
0x00c8743f
0x00c8743f
0x00c87442
0x00c87466
0x00c87466
0x00c87467
0x00c8746c
0x00c8743d
0x00c87472
0x00c8747e

APIs

EnterCriticalSection.KERNEL32(00000000,00000000,00000006,?,00C89752,00000000,?,00000000,00000000,00000000,?,00C89590,00000000,?,00000000,00000000), ref: 00C8741C
LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000,?,00C89752,00000000,?,00000000,00000000,00000000,?,00C89590,00000000,?,00000000), ref: 00C87472

Strings

Failed to get value of variable: %ls, xrefs: 00C87442
Failed to copy value of variable: %ls, xrefs: 00C87461

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: Failed to copy value of variable: %ls$Failed to get value of variable: %ls
API String ID: 3168844106-2936390398
Opcode ID: baee539cd03e80585b02460e52ee7e9af252627be140b332a012d535528300a3
Instruction ID: 11bc55d8861338a99d3061eb5310a82126eb855dea0360f24f695667206f9807
Opcode Fuzzy Hash: baee539cd03e80585b02460e52ee7e9af252627be140b332a012d535528300a3
Instruction Fuzzy Hash: 22F04476944128BBCF116F94CC05E9E7F64DF14765F148124FD04A6221D735DE20ABD4

Uniqueness

Uniqueness Score: -1.00%

Function 00CB1246, Relevance: 6.0, APIs: 4, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CB1246() {
				void* _t4;
				void* _t8;

				E00CB1854();
				E00CB17E8();
				if(E00CB1548() != 0) {
					_t4 = E00CB14FA(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00CB1584();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}

0x00cb1246
0x00cb124b
0x00cb1257
0x00cb125c
0x00cb1261
0x00cb1263
0x00cb126e
0x00cb1265
0x00cb1265
0x00000000
0x00cb1265
0x00cb1259
0x00cb1259
0x00cb125b
0x00cb125b

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00CB1246
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00CB124B
___vcrt_initialize_locks.LIBVCRUNTIME ref: 00CB1250

Part of subcall function 00CB1548: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00CB1559

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00CB1265

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: 294756368ebb91e0d837f8d85631f380e5f2af2aa371e18ba28d844398db2aca
Instruction ID: e661deb09b934a731015263ece455238f52f45b0bf153da344051c8d472bf330
Opcode Fuzzy Hash: 294756368ebb91e0d837f8d85631f380e5f2af2aa371e18ba28d844398db2aca
Instruction Fuzzy Hash: C1C04808004201541E213EF222732ED03881CE238AFEC20C5FC7AA7647AD0A191F3533

Uniqueness

Uniqueness Score: -1.00%

Function 00CB8361, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00CB8361(void* __edx, void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t48;
				int _t51;
				signed int _t54;
				signed int _t55;
				short _t58;
				signed char _t62;
				signed int _t63;
				signed char* _t72;
				signed char* _t73;
				int _t77;
				signed int _t80;
				signed char* _t81;
				short* _t82;
				int _t86;
				signed char _t87;
				signed int _t88;
				signed int _t91;
				signed int _t92;
				int _t94;
				int _t95;
				intOrPtr _t97;
				signed int _t98;

				_t93 = __edi;
				_t48 =  *0xcea008; // 0x4c290ae8
				_v8 = _t48 ^ _t98;
				_t97 = _a8;
				_t77 = E00CB7F34(__eflags, _a4);
				if(_t77 != 0) {
					_push(__edi);
					_t94 = 0;
					__eflags = 0;
					_t80 = 0;
					_t51 = 0;
					_v32 = 0;
					while(1) {
						__eflags =  *((intOrPtr*)(_t51 + 0xcea1d8)) - _t77;
						if( *((intOrPtr*)(_t51 + 0xcea1d8)) == _t77) {
							break;
						}
						_t80 = _t80 + 1;
						_t51 = _t51 + 0x30;
						_v32 = _t80;
						__eflags = _t51 - 0xf0;
						if(_t51 < 0xf0) {
							continue;
						} else {
							__eflags = _t77 - 0xfde8;
							if(_t77 == 0xfde8) {
								L23:
							} else {
								__eflags = _t77 - 0xfde9;
								if(_t77 == 0xfde9) {
									goto L23;
								} else {
									_t51 = IsValidCodePage(_t77 & 0x0000ffff);
									__eflags = _t51;
									if(_t51 == 0) {
										goto L23;
									} else {
										_t51 = GetCPInfo(_t77,  &_v28);
										__eflags = _t51;
										if(_t51 == 0) {
											__eflags =  *0xceb374 - _t94; // 0x0
											if(__eflags == 0) {
												goto L23;
											} else {
												E00CB7FA7(_t97);
												goto L37;
											}
										} else {
											E00CAF670(_t94, _t97 + 0x18, _t94, 0x101);
											 *(_t97 + 4) = _t77;
											 *(_t97 + 0x21c) = _t94;
											_t77 = 1;
											__eflags = _v28 - 1;
											if(_v28 <= 1) {
												 *(_t97 + 8) = _t94;
											} else {
												__eflags = _v22;
												_t72 =  &_v22;
												if(_v22 != 0) {
													while(1) {
														_t87 = _t72[1];
														__eflags = _t87;
														if(_t87 == 0) {
															goto L16;
														}
														_t91 = _t87 & 0x000000ff;
														_t88 =  *_t72 & 0x000000ff;
														while(1) {
															__eflags = _t88 - _t91;
															if(_t88 > _t91) {
																break;
															}
															 *(_t97 + _t88 + 0x19) =  *(_t97 + _t88 + 0x19) | 0x00000004;
															_t88 = _t88 + 1;
															__eflags = _t88;
														}
														_t72 =  &(_t72[2]);
														__eflags =  *_t72;
														if( *_t72 != 0) {
															continue;
														}
														goto L16;
													}
												}
												L16:
												_t73 = _t97 + 0x1a;
												_t86 = 0xfe;
												do {
													 *_t73 =  *_t73 | 0x00000008;
													_t73 =  &(_t73[1]);
													_t86 = _t86 - 1;
													__eflags = _t86;
												} while (_t86 != 0);
												 *(_t97 + 0x21c) = E00CB7EF6( *(_t97 + 4));
												 *(_t97 + 8) = _t77;
											}
											asm("stosd");
											asm("stosd");
											asm("stosd");
											L36:
											E00CB800C(_t91, _t97);
											L37:
											__eflags = 0;
										}
									}
								}
							}
						}
						_pop(_t93);
						goto L39;
					}
					E00CAF670(_t94, _t97 + 0x18, _t94, 0x101);
					_t54 = _v32 * 0x30;
					__eflags = _t54;
					_v36 = _t54;
					_t55 = _t54 + 0xcea1e8;
					_v32 = _t55;
					do {
						__eflags =  *_t55;
						_t81 = _t55;
						if( *_t55 != 0) {
							while(1) {
								_t62 = _t81[1];
								__eflags = _t62;
								if(_t62 == 0) {
									break;
								}
								_t92 =  *_t81 & 0x000000ff;
								_t63 = _t62 & 0x000000ff;
								while(1) {
									__eflags = _t92 - _t63;
									if(_t92 > _t63) {
										break;
									}
									__eflags = _t92 - 0x100;
									if(_t92 < 0x100) {
										_t31 = _t94 + 0xcea1d0; // 0x8040201
										 *(_t97 + _t92 + 0x19) =  *(_t97 + _t92 + 0x19) |  *_t31;
										_t92 = _t92 + 1;
										__eflags = _t92;
										_t63 = _t81[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t81 =  &(_t81[2]);
								__eflags =  *_t81;
								if( *_t81 != 0) {
									continue;
								}
								break;
							}
							_t55 = _v32;
						}
						_t94 = _t94 + 1;
						_t55 = _t55 + 8;
						_v32 = _t55;
						__eflags = _t94 - 4;
					} while (_t94 < 4);
					 *(_t97 + 4) = _t77;
					 *(_t97 + 8) = 1;
					 *(_t97 + 0x21c) = E00CB7EF6(_t77);
					_t82 = _t97 + 0xc;
					_t91 = _v36 + 0xcea1dc;
					_t95 = 6;
					do {
						_t58 =  *_t91;
						_t91 = _t91 + 2;
						 *_t82 = _t58;
						_t82 = _t82 + 2;
						_t95 = _t95 - 1;
						__eflags = _t95;
					} while (_t95 != 0);
					goto L36;
				} else {
					E00CB7FA7(_t97);
				}
				L39:
				return E00CADE36(_t77, _v8 ^ _t98, _t91, _t93, _t97);
			}

0x00cb8361
0x00cb8369
0x00cb8370
0x00cb8378
0x00cb8380
0x00cb8385
0x00cb8395
0x00cb8396
0x00cb8396
0x00cb8398
0x00cb839a
0x00cb839c
0x00cb839f
0x00cb839f
0x00cb83a5
0x00000000
0x00000000
0x00cb83ab
0x00cb83ac
0x00cb83af
0x00cb83b2
0x00cb83b7
0x00000000
0x00cb83b9
0x00cb83b9
0x00cb83bf
0x00cb848d
0x00cb83c5
0x00cb83c5
0x00cb83cb
0x00000000
0x00cb83d1
0x00cb83d5
0x00cb83db
0x00cb83dd
0x00000000
0x00cb83e3
0x00cb83e8
0x00cb83ee
0x00cb83f0
0x00cb847a
0x00cb8480
0x00000000
0x00cb8482
0x00cb8483
0x00000000
0x00cb8483
0x00cb83f6
0x00cb8400
0x00cb8405
0x00cb840d
0x00cb8413
0x00cb8414
0x00cb8417
0x00cb846a
0x00cb8419
0x00cb8419
0x00cb841d
0x00cb8420
0x00cb8422
0x00cb8422
0x00cb8425
0x00cb8427
0x00000000
0x00000000
0x00cb8429
0x00cb842c
0x00cb8437
0x00cb8437
0x00cb8439
0x00000000
0x00000000
0x00cb8431
0x00cb8436
0x00cb8436
0x00cb8436
0x00cb843b
0x00cb843e
0x00cb8441
0x00000000
0x00000000
0x00000000
0x00cb8441
0x00cb8422
0x00cb8443
0x00cb8443
0x00cb8446
0x00cb844b
0x00cb844b
0x00cb844e
0x00cb844f
0x00cb844f
0x00cb844f
0x00cb845f
0x00cb8465
0x00cb8465
0x00cb8472
0x00cb8473
0x00cb8474
0x00cb8538
0x00cb8539
0x00cb853e
0x00cb853f
0x00cb853f
0x00cb83f0
0x00cb83dd
0x00cb83cb
0x00cb83bf
0x00cb8541
0x00000000
0x00cb8541
0x00cb849f
0x00cb84a7
0x00cb84a7
0x00cb84ab
0x00cb84ae
0x00cb84b4
0x00cb84b7
0x00cb84b7
0x00cb84ba
0x00cb84bc
0x00cb84be
0x00cb84be
0x00cb84c1
0x00cb84c3
0x00000000
0x00000000
0x00cb84c5
0x00cb84c8
0x00cb84e4
0x00cb84e4
0x00cb84e6
0x00000000
0x00000000
0x00cb84cd
0x00cb84d3
0x00cb84d5
0x00cb84db
0x00cb84df
0x00cb84df
0x00cb84e0
0x00000000
0x00cb84e0
0x00000000
0x00cb84d3
0x00cb84e8
0x00cb84eb
0x00cb84ee
0x00000000
0x00000000
0x00000000
0x00cb84ee
0x00cb84f0
0x00cb84f0
0x00cb84f3
0x00cb84f4
0x00cb84f7
0x00cb84fa
0x00cb84fa
0x00cb8500
0x00cb8503
0x00cb8512
0x00cb851b
0x00cb8520
0x00cb8526
0x00cb8527
0x00cb8527
0x00cb852a
0x00cb852d
0x00cb8530
0x00cb8533
0x00cb8533
0x00cb8533
0x00000000
0x00cb8387
0x00cb8388
0x00cb838e
0x00cb8542
0x00cb8551

APIs

Part of subcall function 00CB7F34: GetOEMCP.KERNEL32(00000000), ref: 00CB7F5F

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00CB8202,?,00000000), ref: 00CB83D5
GetCPInfo.KERNEL32(00000000,00CB8202,?,?,?,00CB8202,?,00000000), ref: 00CB83E8

Strings

)L, xrefs: 00CB8369

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: )L
API String ID: 546120528-501487344
Opcode ID: 4b6cdaad152275619c25d5074b9ac758c0d0319660f2599d9423b26531c12ad4
Instruction ID: 780df7a13897b55835f7b207a68bab2a7697a888690866a4e4b4ae06f016726b
Opcode Fuzzy Hash: 4b6cdaad152275619c25d5074b9ac758c0d0319660f2599d9423b26531c12ad4
Instruction Fuzzy Hash: 1D5124709042469FDB24CF75C891AFBBBECAF41300F18846ED4A68B251DB349A4ADF91

Uniqueness

Uniqueness Score: -1.00%

Function 00CB800C, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 132
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CB800C(void* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				intOrPtr _v1824;
				signed int _v1828;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t63;
				void* _t67;
				signed int _t68;
				intOrPtr _t69;
				void* _t72;
				char _t73;
				char _t74;
				signed char _t75;
				signed int _t76;
				signed char _t86;
				char _t87;
				char _t89;
				signed int _t92;
				signed int _t93;
				signed int _t95;
				char* _t96;
				intOrPtr _t98;
				signed int _t99;

				_t63 =  *0xcea008; // 0x4c290ae8
				_v8 = _t63 ^ _t99;
				_t98 = _a4;
				if(GetCPInfo( *(_t98 + 4),  &_v1820) == 0) {
					_t95 = _t98 + 0x119;
					_t89 = 0;
					_t67 = 0xffffff9f;
					_t68 = _t67 - _t95;
					__eflags = _t68;
					_v1828 = _t68;
					do {
						_t96 = _t95 + _t89;
						_t69 = _t68 + _t96;
						_v1824 = _t69;
						__eflags = _t69 + 0x20 - 0x19;
						if(_t69 + 0x20 > 0x19) {
							__eflags = _v1824 - 0x19;
							if(_v1824 > 0x19) {
								 *_t96 = 0;
							} else {
								_t72 = _t98 + _t89;
								_t57 = _t72 + 0x19;
								 *_t57 =  *(_t72 + 0x19) | 0x00000020;
								__eflags =  *_t57;
								_t59 = _t89 - 0x20; // -32
								_t73 = _t59;
								goto L24;
							}
						} else {
							 *(_t98 + _t89 + 0x19) =  *(_t98 + _t89 + 0x19) | 0x00000010;
							_t54 = _t89 + 0x20; // 0x20
							_t73 = _t54;
							L24:
							 *_t96 = _t73;
						}
						_t68 = _v1828;
						_t95 = _t98 + 0x119;
						_t89 = _t89 + 1;
						__eflags = _t89 - 0x100;
					} while (_t89 < 0x100);
				} else {
					_t74 = 0;
					do {
						 *((char*)(_t99 + _t74 - 0x104)) = _t74;
						_t74 = _t74 + 1;
					} while (_t74 < 0x100);
					_t75 = _v1814;
					_t92 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t105 = _t75;
						if(_t75 == 0) {
							break;
						}
						_t95 =  *(_t92 + 1) & 0x000000ff;
						_t76 = _t75 & 0x000000ff;
						while(1) {
							__eflags = _t76 - _t95;
							if(_t76 > _t95) {
								break;
							}
							__eflags = _t76 - 0x100;
							if(_t76 < 0x100) {
								 *((char*)(_t99 + _t76 - 0x104)) = 0x20;
								_t76 = _t76 + 1;
								__eflags = _t76;
								continue;
							}
							break;
						}
						_t92 = _t92 + 2;
						__eflags = _t92;
						_t75 =  *_t92;
					}
					E00CB90AA(_t95, _t105, 0, 1,  &_v264, 0x100,  &_v1800,  *(_t98 + 4), 0);
					E00CBA276(0, _t105, 0,  *((intOrPtr*)(_t98 + 0x21c)), 0x100,  &_v264, 0x100,  &_v520, 0x100,  *(_t98 + 4), 0);
					E00CBA276(0, _t105, 0,  *((intOrPtr*)(_t98 + 0x21c)), 0x200,  &_v264, 0x100,  &_v776, 0x100,  *(_t98 + 4), 0);
					_t93 = 0;
					do {
						_t86 =  *(_t99 + _t93 * 2 - 0x704) & 0x0000ffff;
						if((_t86 & 0x00000001) == 0) {
							__eflags = _t86 & 0x00000002;
							if((_t86 & 0x00000002) == 0) {
								 *((char*)(_t98 + _t93 + 0x119)) = 0;
							} else {
								_t37 = _t98 + _t93 + 0x19;
								 *_t37 =  *(_t98 + _t93 + 0x19) | 0x00000020;
								__eflags =  *_t37;
								_t87 =  *((intOrPtr*)(_t99 + _t93 - 0x304));
								goto L15;
							}
						} else {
							 *(_t98 + _t93 + 0x19) =  *(_t98 + _t93 + 0x19) | 0x00000010;
							_t87 =  *((intOrPtr*)(_t99 + _t93 - 0x204));
							L15:
							 *((char*)(_t98 + _t93 + 0x119)) = _t87;
						}
						_t93 = _t93 + 1;
					} while (_t93 < 0x100);
				}
				return E00CADE36(0, _v8 ^ _t99, _t95, 0x100, _t98);
			}

0x00cb8017
0x00cb801e
0x00cb8023
0x00cb8040
0x00cb8138
0x00cb813e
0x00cb8140
0x00cb8141
0x00cb8141
0x00cb8143
0x00cb8149
0x00cb8149
0x00cb814b
0x00cb814d
0x00cb8156
0x00cb8159
0x00cb8165
0x00cb816c
0x00cb817c
0x00cb816e
0x00cb816e
0x00cb8171
0x00cb8171
0x00cb8171
0x00cb8175
0x00cb8175
0x00000000
0x00cb8175
0x00cb815b
0x00cb815b
0x00cb8160
0x00cb8160
0x00cb8178
0x00cb8178
0x00cb8178
0x00cb817e
0x00cb8184
0x00cb818a
0x00cb818b
0x00cb818b
0x00cb8046
0x00cb8046
0x00cb8048
0x00cb8048
0x00cb804f
0x00cb8050
0x00cb8054
0x00cb805a
0x00cb8060
0x00cb8088
0x00cb8088
0x00cb808a
0x00000000
0x00000000
0x00cb8069
0x00cb806d
0x00cb807f
0x00cb807f
0x00cb8081
0x00000000
0x00000000
0x00cb8072
0x00cb8074
0x00cb8076
0x00cb807e
0x00cb807e
0x00000000
0x00cb807e
0x00000000
0x00cb8074
0x00cb8083
0x00cb8083
0x00cb8086
0x00cb8086
0x00cb80a2
0x00cb80c3
0x00cb80eb
0x00cb80f3
0x00cb80f5
0x00cb80f5
0x00cb80ff
0x00cb810f
0x00cb8111
0x00cb8128
0x00cb8113
0x00cb8113
0x00cb8113
0x00cb8113
0x00cb8118
0x00000000
0x00cb8118
0x00cb8101
0x00cb8101
0x00cb8106
0x00cb811f
0x00cb811f
0x00cb811f
0x00cb812f
0x00cb8130
0x00cb8134
0x00cb819f

APIs

GetCPInfo.KERNEL32(?,?), ref: 00CB8031

Strings

, xrefs: 00CB8076
)L, xrefs: 00CB8017

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Info
String ID: $)L
API String ID: 1807457897-192944099
Opcode ID: 2f9376c09e6c13a31d9e8b40144cb2eb474570af656619e843c83b280b3a45f2
Instruction ID: 593195025d484b03873423fe5c43594e13528ab8bd250c0e661e9903cd7ff4b3
Opcode Fuzzy Hash: 2f9376c09e6c13a31d9e8b40144cb2eb474570af656619e843c83b280b3a45f2
Instruction Fuzzy Hash: B04149705042489FDF228F29CC84BFABBBDEB55304F1404ECE59A87142D635AE4ADF61

Uniqueness

Uniqueness Score: -1.00%

Function 00CB65D0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 88%

			E00CB65D0(int* _a4, char* _a8, int _a12, short _a16, intOrPtr _a20) {
				int _v8;
				char _v12;
				intOrPtr _v20;
				char _v24;
				void* __ebx;
				void* __edi;
				signed int* _t21;
				intOrPtr _t23;
				intOrPtr* _t26;
				intOrPtr* _t28;
				intOrPtr* _t31;
				char _t32;
				int* _t33;
				intOrPtr* _t35;
				signed int* _t37;
				char* _t39;
				int _t43;
				void* _t46;
				int _t47;

				_t39 = _a8;
				_t47 = _a12;
				if(_t39 == 0 && _t47 != 0) {
					_t37 = _a4;
					if(_t37 != 0) {
						 *_t37 =  *_t37 & 0x00000000;
					}
					return 0;
				}
				_t21 = _a4;
				if(_t21 != 0) {
					 *_t21 =  *_t21 | 0xffffffff;
				}
				if(_t47 <= 0x7fffffff) {
					E00CB19B7(_t39,  &_v24, _t46, _a20);
					_t23 = _v20;
					if( *((intOrPtr*)(_t23 + 0xa8)) != 0) {
						_v8 = 0;
						_t43 = WideCharToMultiByte( *(_t23 + 8), 0,  &_a16, 1, _t39, _t47, 0,  &_v8);
						if(_t43 == 0) {
							if(GetLastError() != 0x7a) {
								L14:
								_t26 = E00CB3E36();
								_push(0x2a);
								_pop(0);
								 *_t26 = 0;
								L15:
								if(_v12 != 0) {
									 *(_v24 + 0x350) =  *(_v24 + 0x350) & 0xfffffffd;
								}
								goto L17;
							}
							if(_t39 != 0 && _t47 != 0) {
								E00CAF670(_t47, _t39, 0, _t47);
							}
							L32:
							_t28 = E00CB3E36();
							_push(0x22);
							_pop(0);
							 *_t28 = 0;
							E00CB3D7A();
							goto L15;
						}
						if(_v8 != 0) {
							goto L14;
						}
						_t31 = _a4;
						if(_t31 != 0) {
							 *_t31 = _t43;
						}
						goto L15;
					}
					_t32 = _a16;
					if(_t32 <= 0xff) {
						if(_t39 == 0) {
							L22:
							_t33 = _a4;
							if(_t33 != 0) {
								 *_t33 = 1;
							}
							goto L15;
						}
						if(_t47 == 0) {
							goto L32;
						}
						 *_t39 = _t32;
						goto L22;
					}
					if(_t39 != 0 && _t47 != 0) {
						E00CAF670(_t47, _t39, 0, _t47);
					}
					goto L14;
				} else {
					_t35 = E00CB3E36();
					_push(0x16);
					_pop(0);
					 *_t35 = 0;
					E00CB3D7A();
					L17:
					return 0;
				}
			}

0x00cb65d9
0x00cb65dd
0x00cb65e2
0x00cb65e8
0x00cb65ed
0x00cb65ef
0x00cb65ef
0x00000000
0x00cb65f2
0x00cb65f6
0x00cb65fb
0x00cb65fd
0x00cb65fd
0x00cb6607
0x00cb6620
0x00cb6625
0x00cb6630
0x00cb6692
0x00cb66a9
0x00cb66ad
0x00cb66c8
0x00cb6653
0x00cb6653
0x00cb6658
0x00cb665a
0x00cb665b
0x00cb665d
0x00cb6661
0x00cb6666
0x00cb6666
0x00000000
0x00cb6661
0x00cb66cc
0x00cb66d5
0x00cb66da
0x00cb66dd
0x00cb66dd
0x00cb66e2
0x00cb66e4
0x00cb66e5
0x00cb66e7
0x00000000
0x00cb66e7
0x00cb66b2
0x00000000
0x00000000
0x00cb66b4
0x00cb66b9
0x00cb66bb
0x00cb66bb
0x00000000
0x00cb66b9
0x00cb6632
0x00cb663e
0x00cb6678
0x00cb6680
0x00cb6680
0x00cb6685
0x00cb6687
0x00cb6687
0x00000000
0x00cb6685
0x00cb667c
0x00000000
0x00000000
0x00cb667e
0x00000000
0x00cb667e
0x00cb6642
0x00cb664b
0x00cb6650
0x00000000
0x00cb6609
0x00cb6609
0x00cb660e
0x00cb6610
0x00cb6611
0x00cb6613
0x00cb666d
0x00000000
0x00cb666f

APIs

WideCharToMultiByte.KERNEL32(00CCB508,00000000,00000006,00000001,comres.dll,?,00000000,?,00000000,?,?,00000000,00000006,?,comres.dll,?), ref: 00CB66A3
GetLastError.KERNEL32 ref: 00CB66BF

Strings

comres.dll, xrefs: 00CB664A, 00CB6698, 00CB66D4

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID: comres.dll
API String ID: 203985260-246242247
Opcode ID: 83d365a49622f8b60374b330234c969ef4c0959fcca56813bb8df30c0b52c090
Instruction ID: 283c98b4fbbd4ee520eaa0a9db4e1ddf8e4ca2d65dca8b8ab5d8cd0af8fc7051
Opcode Fuzzy Hash: 83d365a49622f8b60374b330234c969ef4c0959fcca56813bb8df30c0b52c090
Instruction Fuzzy Hash: 5B31E431601259EBCB31AFA5C886FEB7B68AF52750F140129F8349B291DB38CF00D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9220, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103
registryCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E00CC9220(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				char _v24;
				void* _t55;
				void* _t58;

				_t55 = __edx;
				_t54 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_v8 = 0;
				_v24 = 0;
				_t58 = E00CC8CFB(__ecx, _a8,  &_v20);
				if(_t58 >= 0) {
					_t58 = E00CC0AD5(__ecx, _a4, _v20, 0x20006, 0, 0,  &_v12,  &_v24);
					if(_t58 >= 0) {
						_push(_a12);
						_t58 = E00C81F20( &_v16, L"%ls\\%ls",  *0xcea7e4);
						if(_t58 >= 0) {
							_t58 = E00CC0AD5(_t54, _v12, _v16, 0x20006, 0, 0,  &_v8,  &_v24);
							if(_t58 >= 0) {
								_t58 = E00CC1392(_t54, _t55, _v8,  *0xcea7d4, _a16);
								if(_t58 >= 0) {
									_t58 = E00CC1392(_t54, _t55, _v8,  *0xcea7d8, _a20);
									if(_t58 >= 0 && _a24 != 0) {
										_t58 = E00CC1344(_v8,  *0xcea7dc, _a24);
									}
								}
							}
						}
					}
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
					_v8 = 0;
				}
				if(_v16 != 0) {
					E00CC54EF(_v16);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
					_v12 = 0;
				}
				if(_v20 != 0) {
					E00CC54EF(_v20);
				}
				return _t58;
			}

0x00cc9220
0x00cc9220
0x00cc9232
0x00cc9235
0x00cc9238
0x00cc923b
0x00cc923e
0x00cc9246
0x00cc924a
0x00cc926b
0x00cc926f
0x00cc9275
0x00cc928c
0x00cc9293
0x00cc92ab
0x00cc92af
0x00cc92c2
0x00cc92c6
0x00cc92d9
0x00cc92dd
0x00cc92f5
0x00cc92f5
0x00cc92dd
0x00cc92c6
0x00cc92af
0x00cc9293
0x00cc926f
0x00cc9300
0x00cc9305
0x00cc9307
0x00cc9307
0x00cc930d
0x00cc9312
0x00cc9312
0x00cc931a
0x00cc931f
0x00cc9321
0x00cc9321
0x00cc9327
0x00cc932c
0x00cc932c
0x00cc9339

APIs

Part of subcall function 00CC8CFB: lstrlenW.KERNEL32(00000100,?,?,00CC9098,000002C0,00000100,00000100,00000100,?,?,?,00CA7B40,?,?,000001BC,00000000), ref: 00CC8D1B

RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000000,00000000), ref: 00CC9305
RegCloseKey.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000), ref: 00CC931F

Part of subcall function 00CC0AD5: RegCreateKeyExW.ADVAPI32(00000001,00000000,00000000,00000000,00000000,00000001,00000000,?,00000000,00000001,?,?,00C90491,?,00000000,00020006), ref: 00CC0AFA

Part of subcall function 00CC1392: RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,00C8F1C2,00000000,?,00020006), ref: 00CC13C5

Part of subcall function 00CC1392: RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,00C8F1C2,00000000,?,00020006,?,00020006,00020006,00000000,?,?,?), ref: 00CC13F5

Part of subcall function 00CC1344: RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,00C8F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00CC1359

Strings

%ls\%ls, xrefs: 00CC9281

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Value$Close$CreateDeletelstrlen
String ID: %ls\%ls
API String ID: 3924016894-2125769799
Opcode ID: dc78649e0fa7186b5fdc9a071c3bb81f281c9491c52d124f9d38db9afbe027e4
Instruction ID: 6de47c0a539812b276cafe140e311023ee2b1bb257600fd81dd12087c5d8c235
Opcode Fuzzy Hash: dc78649e0fa7186b5fdc9a071c3bb81f281c9491c52d124f9d38db9afbe027e4
Instruction Fuzzy Hash: DB313972C0026EBFCF129FD5CC84EAEBBB9EF04750B04416AE951B6121D7319E50AB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CB8695, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 90%

			E00CB8695(signed int _a4, CHAR* _a8, intOrPtr* _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t13;
				signed int* _t20;
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t33;
				intOrPtr* _t34;

				_t20 = 0xceb528 + _a4 * 4;
				_t27 =  *0xcea008; // 0x4c290ae8
				_t29 = _t28 | 0xffffffff;
				_t33 = _t27 ^  *_t20;
				asm("ror esi, cl");
				if(_t33 == _t29) {
					L14:
					return 0;
				}
				if(_t33 == 0) {
					_t34 = _a12;
					if(_t34 == _a16) {
						L7:
						_t13 = 0;
						L8:
						if(_t13 == 0) {
							L13:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t29 ^ _t27;
							goto L14;
						}
						_t33 = GetProcAddress(_t13, _a8);
						if(_t33 == 0) {
							_t27 =  *0xcea008; // 0x4c290ae8
							goto L13;
						}
						 *_t20 = E00CB15B3(_t33);
						goto L2;
					} else {
						goto L4;
					}
					while(1) {
						L4:
						_t13 = E00CB8731( *_t34);
						if(_t13 != 0) {
							break;
						}
						_t34 = _t34 + 4;
						if(_t34 != _a16) {
							continue;
						}
						_t27 =  *0xcea008; // 0x4c290ae8
						goto L7;
					}
					_t27 =  *0xcea008; // 0x4c290ae8
					goto L8;
				}
				L2:
				return _t33;
			}

0x00cb86a0
0x00cb86a9
0x00cb86af
0x00cb86b9
0x00cb86bb
0x00cb86bf
0x00cb872a
0x00000000
0x00cb872a
0x00cb86c3
0x00cb86c9
0x00cb86cf
0x00cb86eb
0x00cb86eb
0x00cb86ed
0x00cb86ef
0x00cb871a
0x00cb871c
0x00cb8724
0x00cb8728
0x00000000
0x00cb8728
0x00cb86fb
0x00cb86ff
0x00cb8714
0x00000000
0x00cb8714
0x00cb8708
0x00000000
0x00000000
0x00000000
0x00000000
0x00cb86d1
0x00cb86d1
0x00cb86d3
0x00cb86db
0x00000000
0x00000000
0x00cb86dd
0x00cb86e3
0x00000000
0x00000000
0x00cb86e5
0x00000000
0x00cb86e5
0x00cb870c
0x00000000
0x00cb870c
0x00cb86c5
0x00000000

APIs

GetProcAddress.KERNEL32(00000000,?), ref: 00CB86F5
__crt_fast_encode_pointer.LIBVCRUNTIME ref: 00CB8702

Strings

)L, xrefs: 00CB86A9, 00CB86E5, 00CB870C, 00CB8714

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AddressProc__crt_fast_encode_pointer
String ID: )L
API String ID: 2279764990-501487344
Opcode ID: 5622d38d7bc5e3aeae3e3ec9658e3a41563acb577fe27831d02515e7109b5684
Instruction ID: 05e2d080bcdac21fbab60e12dfd69618cddde835d1cc32ff7c796f592402c9b2
Opcode Fuzzy Hash: 5622d38d7bc5e3aeae3e3ec9658e3a41563acb577fe27831d02515e7109b5684
Instruction Fuzzy Hash: 7911A333A005219F9B21DE69ECC0ADB7399AB80364B264620FD25BF254DE30ED49C6D1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC1392, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61
registryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CC1392(void* __ecx, void* __edx, void* _a4, short* _a8, char* _a12) {
				signed int _v8;
				signed short _t12;
				void* _t14;
				signed short _t18;
				signed short _t22;

				_t22 = 0;
				_v8 = _v8 & 0;
				if(_a12 == 0) {
					_t12 = RegDeleteValueW(_a4, _a8);
					if(_t12 == 2 || _t12 == 3) {
						_t12 = 0;
					}
					if(_t12 != 0) {
						_t26 =  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
						_t14 = 0x80004005;
						_t22 =  >=  ? 0x80004005 :  <=  ? _t12 : _t12 & 0x0000ffff | 0x80070000;
						_push(_t22);
						_push(0x2fe);
						goto L9;
					}
				} else {
					_t22 = E00CC0A2B(_a12, 0xffffffff,  &_v8);
					if(_t22 >= 0) {
						_t18 = RegSetValueExW(_a4, _a8, 0, 1, _a12, _v8);
						if(_t18 != 0) {
							_t29 =  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
							_t14 = 0x80004005;
							_t22 =  >=  ? 0x80004005 :  <=  ? _t18 : _t18 & 0x0000ffff | 0x80070000;
							_push(_t22);
							_push(0x2f5);
							L9:
							_push("regutil.cpp");
							E00C837D3(_t14);
						}
					}
				}
				return _t22;
			}

0x00cc1397
0x00cc1399
0x00cc139f
0x00cc13f5
0x00cc13fe
0x00cc1405
0x00cc1405
0x00cc1409
0x00cc1416
0x00cc1419
0x00cc1420
0x00cc1423
0x00cc1424
0x00000000
0x00cc1424
0x00cc13a1
0x00cc13af
0x00cc13b3
0x00cc13c5
0x00cc13cd
0x00cc13da
0x00cc13dd
0x00cc13e4
0x00cc13e7
0x00cc13e8
0x00cc1429
0x00cc1429
0x00cc142e
0x00cc142e
0x00cc13cd
0x00cc13b3
0x00cc1439

APIs

RegSetValueExW.ADVAPI32(00020006,00020006,00000000,00000001,?,00000000,?,000000FF,00000000,00000000,?,?,00C8F1C2,00000000,?,00020006), ref: 00CC13C5
RegDeleteValueW.ADVAPI32(00020006,00020006,00000000,?,?,00C8F1C2,00000000,?,00020006,?,00020006,00020006,00000000,?,?,?), ref: 00CC13F5

Strings

regutil.cpp, xrefs: 00CC1429

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Value$Delete
String ID: regutil.cpp
API String ID: 1738766685-955085611
Opcode ID: b5c3268d24ca120e3db064ad44917130602d537f339ed6566974c03f25b270e6
Instruction ID: f6671fbad255d4068f584c0e8481feccec70f420340ebfcadb9991b2b384801e
Opcode Fuzzy Hash: b5c3268d24ca120e3db064ad44917130602d537f339ed6566974c03f25b270e6
Instruction Fuzzy Hash: E0110A32E00276BBEF219E66CC04FAB75A9EF05750F054125FD10EA0A0D761CD1196D0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC54F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53
sleepCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00CC54F8(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, long _a36) {
				char _v8;
				signed short _t16;
				char _t22;
				signed short _t25;

				_t22 = 0;
				_v8 = 0;
				_t16 = E00C821A5( &_v8, _a4, 0);
				_t25 = _t16;
				if(_t25 < 0) {
					L8:
					if(_v8 != 0) {
						E00CC54EF(_v8);
					}
					return _t25;
				}
				_t25 = 0x80004005;
				while(_t22 <= _a32) {
					if(_t22 != 0) {
						Sleep(_a36);
					}
					__imp__SetNamedSecurityInfoW(_v8, _a8, _a12, _a16, _a20, _a24, _a28);
					_t25 =  <=  ? _t16 : _t16 & 0x0000ffff | 0x80070000;
					_t22 = _t22 + 1;
					if(_t25 < 0) {
						continue;
					} else {
						break;
					}
				}
				if(_t25 < 0) {
					E00C837D3(_t16, "aclutil.cpp", 0x399, _t25);
				}
				goto L8;
			}

0x00cc54fe
0x00cc5507
0x00cc550b
0x00cc5510
0x00cc5514
0x00cc556f
0x00cc5573
0x00cc5578
0x00cc5578
0x00cc5584
0x00cc5584
0x00cc5516
0x00cc551b
0x00cc5522
0x00cc5527
0x00cc5527
0x00cc5542
0x00cc5553
0x00cc5556
0x00cc5559
0x00000000
0x00000000
0x00000000
0x00000000
0x00cc5559
0x00cc555d
0x00cc556a
0x00cc556a
0x00000000

APIs

Sleep.KERNEL32(20000004,00000000,00000000,00000000,00000000,00000000,?,?,00C98C90,?,00000001,20000004,00000000,00000000,?,00000000), ref: 00CC5527
SetNamedSecurityInfoW.ADVAPI32(00000000,?,000007D0,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00C98C90,?), ref: 00CC5542

Strings

aclutil.cpp, xrefs: 00CC5565

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: InfoNamedSecuritySleep
String ID: aclutil.cpp
API String ID: 2352087905-2159165307
Opcode ID: d0255a30a34290545188add0f056f9f4fa121cd8a0bebe5314d29f018069039a
Instruction ID: c6e4818d20979b4d90d450021cf441353740d944d4f368def2b1590a86bdf426
Opcode Fuzzy Hash: d0255a30a34290545188add0f056f9f4fa121cd8a0bebe5314d29f018069039a
Instruction Fuzzy Hash: 8C015E73910568BBDF229E95CD09FCE7E6AEF84760F050119FE15A6120D6329EA0E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00C955BD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000000), ref: 00C955D9
CoUninitialize.OLE32(?,00000000,?,?,?,?,?,?,?), ref: 00C95633

Strings

Failed to initialize COM on cache thread., xrefs: 00C955E5

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: InitializeUninitialize
String ID: Failed to initialize COM on cache thread.
API String ID: 3442037557-3629645316
Opcode ID: 401b1112fa51915e8ed1207d510bc64253913022b5ba48dd5b4dd1cbfd7ad0c9
Instruction ID: 7fce335ac1a65dd3de25c2525fc4d763abdd3efa5c504f59ebcddf5608096139
Opcode Fuzzy Hash: 401b1112fa51915e8ed1207d510bc64253913022b5ba48dd5b4dd1cbfd7ad0c9
Instruction Fuzzy Hash: 2D018072600619BFCB059FA5DC84EDAF7ACFF08354F508226FA09C7221DB31AE549B94

Uniqueness

Uniqueness Score: -1.00%

Function 00C8155F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C8155F(short** _a4, intOrPtr _a8, int _a12, int _a16) {
				short** _t15;
				int _t16;
				void* _t17;

				_t15 = _a4;
				_t16 = _a12;
				_t17 = E00C821A5(_t15, _a8, _t16);
				if(_t17 < 0) {
					L6:
					return _t17;
				}
				if(_t16 != 0) {
					L4:
					if(LCMapStringW(0x7f, _a16,  *_t15, _t16,  *_t15, _t16) == 0) {
						_t20 =  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						_t17 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t10 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "strutil.cpp", 0xa51, _t17);
					}
					goto L6;
				}
				_t17 = E00C81C57( *_t15, 0x7fffffff,  &_a12);
				if(_t17 < 0) {
					goto L6;
				}
				_t16 = _a12;
				goto L4;
			}

0x00c81563
0x00c81568
0x00c81575
0x00c81579
0x00c815dc
0x00c815e1
0x00c815e1
0x00c8157d
0x00c81598
0x00c815ab
0x00c815be
0x00c815c8
0x00c815d6
0x00c815d6
0x00000000
0x00c815ab
0x00c8158f
0x00c81593
0x00000000
0x00000000
0x00c81595
0x00000000

APIs

LCMapStringW.KERNEL32(0000007F,00000000,00000000,00C96EF3,00000000,00C96EF3,00000000,00000000,00C96EF3,00000000,00000000,00000000,?,00C82326,00000000,00000000), ref: 00C815A3
GetLastError.KERNEL32(?,00C82326,00000000,00000000,00C96EF3,00000200,?,00CC516B,00000000,00C96EF3,00000000,00C96EF3,00000000,00000000,00000000), ref: 00C815AD

Strings

strutil.cpp, xrefs: 00C815D1

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorLastString
String ID: strutil.cpp
API String ID: 3728238275-3612885251
Opcode ID: a5a21e2458fae007b065f61244b9717d6faacd3f8b3cc7dbf20bac4e997471b2
Instruction ID: 6bd9e6898d0f980fee1e85ac8121b2bc5da35b998ea956d94204cc16d876f85a
Opcode Fuzzy Hash: a5a21e2458fae007b065f61244b9717d6faacd3f8b3cc7dbf20bac4e997471b2
Instruction Fuzzy Hash: DE012433A006257BDB21AE968C44F5B7AEDEF8AB60F050225FE15EB150DB30DC1197E0

Uniqueness

Uniqueness Score: -1.00%

Function 00C86418, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 39%

			E00C86418(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				void* _t26;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t26 = 0;
				_v8 = _v8 & 0;
				_v12 = _v12 & 0;
				E00CC09BB(_t22, GetCurrentProcess(),  &_v12);
				if(_v12 != 0) {
					if(E00C85BF0(_t22, _a4,  &_v8) >= 0) {
						_t26 = E00CA02F4(_a8, _v8, 0);
						if(_t26 < 0) {
							_push("Failed to set variant value.");
							goto L5;
						}
					} else {
						_push("Failed to get 64-bit folder.");
						L5:
						_push(_t26);
						E00CC012F();
					}
				}
				if(_v8 != 0) {
					E00CC54EF(_v8);
				}
				return _t26;
			}

0x00c86418
0x00c8641b
0x00c8641c
0x00c86421
0x00c86423
0x00c86426
0x00c86431
0x00c86439
0x00c8644b
0x00c86461
0x00c86465
0x00c86467
0x00000000
0x00c86467
0x00c8644d
0x00c8644d
0x00c8646c
0x00c8646c
0x00c8646d
0x00c86473
0x00c8644b
0x00c86478
0x00c8647d
0x00c8647d
0x00c86488

APIs

GetCurrentProcess.KERNEL32(?), ref: 00C8642A

Part of subcall function 00CC09BB: GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,00C85D8F,00000000), ref: 00CC09CF
Part of subcall function 00CC09BB: GetProcAddress.KERNEL32(00000000), ref: 00CC09D6
Part of subcall function 00CC09BB: GetLastError.KERNEL32(?,?,?,00C85D8F,00000000), ref: 00CC09ED

Part of subcall function 00C85BF0: RegCloseKey.ADVAPI32(00000000,?,00000000,CommonFilesDir,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020119,00000000), ref: 00C85C77

Strings

Failed to set variant value., xrefs: 00C86467
Failed to get 64-bit folder., xrefs: 00C8644D

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: AddressCloseCurrentErrorHandleLastModuleProcProcess
String ID: Failed to get 64-bit folder.$Failed to set variant value.
API String ID: 3109562764-2681622189
Opcode ID: ec37fae043b4f7b0e5b843c4abb67b466e1d697dfcf9e1aeaedf5c08d6385f6d
Instruction ID: cba47c64b88dd718f8627c765a5aa288d5e89ee37a09bb8524eaec337b165149
Opcode Fuzzy Hash: ec37fae043b4f7b0e5b843c4abb67b466e1d697dfcf9e1aeaedf5c08d6385f6d
Instruction Fuzzy Hash: 8F014F32900228BBDF11F794CC0AFAEBA78EB00765F208269F80066152D6719E40A7D4

Uniqueness

Uniqueness Score: -1.00%

Function 00C833D7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00C833D7(WCHAR** _a4, struct HINSTANCE__* _a8) {
				long _t6;
				WCHAR** _t10;
				long _t11;
				void* _t12;

				_t10 = _a4;
				_t11 = 0x104;
				while(1) {
					_t12 = E00C81EDE(_t10, _t11);
					if(_t12 < 0) {
						break;
					}
					_t6 = GetModuleFileNameW(_a8,  *_t10, _t11);
					if(_t6 == 0) {
						_t15 =  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
						_t12 =  >=  ? 0x80004005 :  <=  ? GetLastError() : _t7 & 0x0000ffff | 0x80070000;
						E00C837D3(0x80004005, "pathutil.cpp", 0x1d4, _t12);
					} else {
						if(_t6 != _t11) {
							_t12 = 0;
						} else {
							_t3 = _t6 + 1; // 0x1
							_t11 = _t3;
							continue;
						}
					}
					break;
				}
				return _t12;
			}

0x00c833db
0x00c833e0
0x00c833e5
0x00c833ec
0x00c833f0
0x00000000
0x00000000
0x00c833f8
0x00c83400
0x00c83420
0x00c8342a
0x00c83438
0x00c83402
0x00c83404
0x00c8340b
0x00c83406
0x00c83406
0x00c83406
0x00000000
0x00c83406
0x00c83404
0x00000000
0x00c83400
0x00c83443

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,00000104,?,?,?,?,00C810DD,?,00000000), ref: 00C833F8
GetLastError.KERNEL32(?,?,?,00C810DD,?,00000000), ref: 00C8340F

Strings

pathutil.cpp, xrefs: 00C83433

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: pathutil.cpp
API String ID: 2776309574-741606033
Opcode ID: b2fb906247067ff91855f072a1d44da12395675c0edff664f08562b837cd5596
Instruction ID: 22242ac5030fa0788c3e97934791f64fbb1e3397356469d0f7b0673fff012b50
Opcode Fuzzy Hash: b2fb906247067ff91855f072a1d44da12395675c0edff664f08562b837cd5596
Instruction Fuzzy Hash: CDF0C273B002A06BA72276AA9C49F8BBE9DEB85B64B024121FD09EB150C661CD0193F4

Uniqueness

Uniqueness Score: -1.00%

Function 00C90598, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41
registryCOMMON

Download Yara Rule

C-Code - Quality: 49%

			E00C90598(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _t19;
				void* _t24;

				_t19 = __edx;
				_v8 = _v8 & 0x00000000;
				_t24 = E00CC0E3F( *((intOrPtr*)(_a4 + 0x4c)),  *((intOrPtr*)(_a4 + 0x50)), 0x20006,  &_v8);
				if(_t24 >= 0) {
					_t24 = E00C8F09D(_t19, __eflags, _t21, _v8, 1, 0);
					__eflags = _t24;
					if(_t24 < 0) {
						_push("Failed to update resume mode.");
						goto L4;
					}
				} else {
					_push("Failed to open registration key.");
					L4:
					_push(_t24);
					E00CC012F();
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				return _t24;
			}

0x00c90598
0x00c9059c
0x00c905b9
0x00c905bd
0x00c905d3
0x00c905d5
0x00c905d7
0x00c905d9
0x00000000
0x00c905d9
0x00c905bf
0x00c905bf
0x00c905de
0x00c905de
0x00c905df
0x00c905e5
0x00c905ea
0x00c905ef
0x00c905ef
0x00c905fc

APIs

Part of subcall function 00CC0E3F: RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,00000000,00000001,00000000,?,00CC5699,80000002,00000000,00020019,00000000,SOFTWARE\Policies\,00000000,00000000,00000000), ref: 00CC0E52

RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000001,00000000,?,?,00020006,00000000,00000001,00000000,?,?,00CABB7C,00000101,?), ref: 00C905EF

Strings

Failed to update resume mode., xrefs: 00C905D9
Failed to open registration key., xrefs: 00C905BF

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: CloseOpen
String ID: Failed to open registration key.$Failed to update resume mode.
API String ID: 47109696-3366686031
Opcode ID: 7917b76030d6443505cfe3880407f3467a3a102c0f896665152f9642a0e6da92
Instruction ID: 24b53d979d1047f2bcd89a27491ebb1fc554b32760feed3a8f5eb5c2df8b2e8b
Opcode Fuzzy Hash: 7917b76030d6443505cfe3880407f3467a3a102c0f896665152f9642a0e6da92
Instruction Fuzzy Hash: BBF0FC32A41238FBCB129A94DC0AFDEB769EF00B50F25006AFA00B6150DB71AF10A7D4

Uniqueness

Uniqueness Score: -1.00%

Function 00CC30BF, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CC30BF(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				if(_a12 == 0) {
					L6:
					return 0x80070057;
				}
				_t15 = _a4;
				if(_t15 == 0) {
					goto L6;
				}
				__imp__#2(_a8, _t12);
				if(__eax != 0) {
					_t16 =  *((intOrPtr*)( *_t15 + 0xbc))(_t15, __eax, _a12);
					__imp__#6(__eax);
				} else {
					_t16 = 0x8007000e;
					E00C837D3(__eax, "xmlutil.cpp", 0x66, 0x8007000e);
				}
				return _t16;
			}

0x00cc30c7
0x00cc310f
0x00000000
0x00cc310f
0x00cc30c9
0x00cc30ce
0x00000000
0x00000000
0x00cc30d4
0x00cc30de
0x00cc3101
0x00cc3104
0x00cc30e0
0x00cc30e0
0x00cc30ed
0x00cc30ed
0x00000000

APIs

SysAllocString.OLEAUT32(?), ref: 00CC30D4
SysFreeString.OLEAUT32(00000000), ref: 00CC3104

Strings

xmlutil.cpp, xrefs: 00CC30E8

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: String$AllocFree
String ID: xmlutil.cpp
API String ID: 344208780-1270936966
Opcode ID: 0263737a550a061dfbed0860dc4460737de71f3be6f5203e32a73cf2e5ea265c
Instruction ID: dc0c3d2f6206050c189a7cad57e5abaab4f64a6381c9c91413a976d8587dde92
Opcode Fuzzy Hash: 0263737a550a061dfbed0860dc4460737de71f3be6f5203e32a73cf2e5ea265c
Instruction Fuzzy Hash: C4F0B4312016D8EBCB215F45EC09F6F7BA5AB44B61F18802DFC1557210C7798E10ABA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC336E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35
memoryCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00CC336E(void* __eax, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t12;
				intOrPtr* _t15;
				void* _t16;

				_t15 = _a4;
				if(_t15 == 0 || _a12 == 0) {
					return 0x80070057;
				} else {
					__imp__#2(_a8, _t12);
					if(__eax != 0) {
						_t16 =  *((intOrPtr*)( *_t15 + 0x1c))(_t15, __eax, _a12);
						__imp__#6(__eax);
					} else {
						_t16 = 0x8007000e;
						E00C837D3(__eax, "xmlutil.cpp", 0x340, 0x8007000e);
					}
					return _t16;
				}
			}

0x00cc3372
0x00cc3377
0x00000000
0x00cc337f
0x00cc3383
0x00cc338d
0x00cc33b0
0x00cc33b3
0x00cc338f
0x00cc338f
0x00cc339f
0x00cc339f
0x00000000
0x00cc33bb

APIs

SysAllocString.OLEAUT32(?), ref: 00CC3383
SysFreeString.OLEAUT32(00000000), ref: 00CC33B3

Strings

xmlutil.cpp, xrefs: 00CC339A

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: String$AllocFree
String ID: xmlutil.cpp
API String ID: 344208780-1270936966
Opcode ID: 28ed5a97bc495511803db43786e84d0c4513d38be4201b83fa150a1bb3e06b87
Instruction ID: 65293fbb8afd4a8677d6d55402cd9c50d8ab79f7f94c2bf2a71cf27bd8da1f8e
Opcode Fuzzy Hash: 28ed5a97bc495511803db43786e84d0c4513d38be4201b83fa150a1bb3e06b87
Instruction Fuzzy Hash: 4CF0B4352401D8A7C7221E49EC08F6F37A8EB84760F18811DFC149B260CB74CE019BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC1344, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00CC1344(void* _a4, short* _a8, char _a12) {
				signed short _t5;
				int _t9;

				_t9 = 0;
				_t5 = RegSetValueExW(_a4, _a8, 0, 4,  &_a12, 4);
				if(_t5 != 0) {
					_t12 =  <=  ? _t5 : _t5 & 0x0000ffff | 0x80070000;
					_t9 =  >=  ? 0x80004005 :  <=  ? _t5 : _t5 & 0x0000ffff | 0x80070000;
					E00C837D3(0x80004005, "regutil.cpp", 0x372, _t9);
				}
				return _t9;
			}

0x00cc134d
0x00cc1359
0x00cc1361
0x00cc136e
0x00cc1378
0x00cc1386
0x00cc1386
0x00cc138f

APIs

RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004,SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,?,00C8F11A,00000005,Resume,?,?,?,00000002,00000000), ref: 00CC1359

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00CC1347
regutil.cpp, xrefs: 00CC1381

Memory Dump Source

Source File: 0000001B.00000002.598600849.0000000000C81000.00000020.00020000.sdmp, Offset: 00C80000, based on PE: true

Associated: 0000001B.00000002.598582639.0000000000C80000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598685433.0000000000CCB000.00000002.00020000.sdmp Download File
Associated: 0000001B.00000002.598723227.0000000000CEA000.00000004.00020000.sdmp Download File
Associated: 0000001B.00000002.598734305.0000000000CEE000.00000002.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_27_2_c80000_vcredist_x64.jbxd

Similarity

API ID: Value
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce$regutil.cpp
API String ID: 3702945584-2416625845
Opcode ID: 3cdbacb9a8127af7c11ab69b07f09a7d1ffa93226de0a86970db2f1aef19a5bd
Instruction ID: 41e48052b4e41fe9412a0f77f3dc016d9595432b9e9966a4d9b4d2f675b02433
Opcode Fuzzy Hash: 3cdbacb9a8127af7c11ab69b07f09a7d1ffa93226de0a86970db2f1aef19a5bd
Instruction Fuzzy Hash: 80E06D72B402797AFB21AAA68C05F977ACCDB04AE0F014021BE08EA0A0D261CD00C2E4

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to collect elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Application logs, Process monitoring, Windows Error Reporting
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://www.videosoftdev.com/services/download.aspx?ProductID=1

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Cryptography:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: cmd.exe PID: 6652 Parent PID: 4824

General

Analysis Process: conhost.exe PID: 6660 Parent PID: 6652

General

Analysis Process: wget.exe PID: 6692 Parent PID: 6652

General

Analysis Process: video_editor_x64.exe PID: 496 Parent PID: 5772

General

Analysis Process: video_editor_x64.tmp PID: 4276 Parent PID: 496

General

Analysis Process: vcredist_x64.exe PID: 6120 Parent PID: 4276

General

Analysis Process: vcredist_x64.exe PID: 5088 Parent PID: 6120

Function 004110C4, Relevance: 42.2, APIs: 7, Strings: 17, Instructions: 160
libraryloaderCOMMON

Function 00405DE8, Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 207
registrystringlibraryCOMMON

Function 00405F23, Relevance: 15.1, APIs: 10, Instructions: 108
stringlibrarythreadCOMMON

Function 00406458, Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Function 00411C96, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 103
COMMON

Function 00401C7C, Relevance: 12.2, APIs: 8, Instructions: 221
sleepCOMMON

Function 00411C7F, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103
COMMON

Function 0040EB50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Function 00411648, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 56
COMMON

Function 004018F8, Relevance: 9.0, APIs: 7, Instructions: 298
sleepCOMMON

Function 0040ED40, Relevance: 7.6, APIs: 5, Instructions: 80
memoryCOMMON

Function 0040E414, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82
COMMON

Function 004068EC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44
COMMON

Function 004119ED, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 119
windowCOMMON

Function 00411A14, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114
windowCOMMON

Function 0040AC82, Relevance: 3.0, APIs: 2, Instructions: 34
libraryCOMMON

Function 0040AC84, Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Function 0040C3D0, Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Function 0040C390, Relevance: 3.0, APIs: 2, Instructions: 30
fileCOMMON

Function 0040C328, Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Function 0040C42C, Relevance: 1.5, APIs: 1, Instructions: 29
fileCOMMON

Function 0040BF84, Relevance: 1.5, APIs: 1, Instructions: 28
windowCOMMON

Function 0040B698, Relevance: 1.5, APIs: 1, Instructions: 27
COMMON

Function 0040C2E0, Relevance: 1.5, APIs: 1, Instructions: 26
fileCOMMON

Function 00405B48, Relevance: 1.5, APIs: 1, Instructions: 26
COMMON

Function 0040C410, Relevance: 1.5, APIs: 1, Instructions: 11
fileCOMMON

Function 0040ACDF, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Function 0040ACFB, Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Function 0040CE24, Relevance: 1.3, APIs: 1, Instructions: 62
memoryCOMMON

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	API monitoring, File monitoring, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer.Shutting down or rebooting systems may disrupt access to computer resources for legitimate users.
Tactics:	Impact
Data Sources:	Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre